Mededeling

**smeenk** · 21-02-08, 12:27

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Combofix (mirror) naar je Bureaublad.
Dubbelklik op Combofix.exe
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen(je kan hem ook hier vinden: C:\Combofix.txt)
Plaats deze log in je volgende post.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

**Alicia** · 21-02-08, 14:34

Beste

Bedankt voor je snelle reactie, ik heb alles uitgevoerd en hieronder staan de logs.

RVAXO:---RVAXO.exe Updated: 2008-02-20---first run---
Files found:
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\Installer\$PatchCache$\Managed\00002159250031400000000000F01FEC\12.0.4518\OGL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002159250031400000000000F01FEC\12.0.4518\VVIEWDWG.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\00002159250031400000000000F01FEC\12.0.4518\VVIEWER.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\ALRTINTL.DLL_10 33
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\BLNMGR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\DWDCW20.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FM20.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPDB.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPEDITAX.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPEDSAT.DLL_103 3
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPEXPSAT.DLL_10 33
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPUTLSAT.DLL_10 33
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPWEL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\HTMLCHKR.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\HTMLCSAT.DLL_10 33
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\INTLDATE.DLL_00 01
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\LCCWIZ.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MCPS.DLL_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MICROSOFT_OFFIC E_FP_WFCHOST.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MODHELP.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSMDCB80.DLL_00 01
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSMDGD80.DLL_00 01
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSO.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSOINTL.DLL_103 3
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSOLUI80.DLL_00 01
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OISINTL.DLL_103 3
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OWCI10.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OWCI11.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OWSCLT.DLL_0001
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\RICHED20.DLL_00 01
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\SLINTL.DLL_1033
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\STSUPLD.DLL_000 1
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\USP10.DLL_0002
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.7969\MSO.DLL
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.7969\RICHED20.DLL_00 01
C:\WINDOWS\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.7969\VBE6.DLL
C:\WINDOWS\Installer\{B1A9CD45-A702-4E3B-91ED-8CD562869901}\CustomRes.dll
C:\WINDOWS\Installer\{B1A9CD45-A702-4E3B-91ED-8CD562869901}\InstBasicUI.dll
C:\WINDOWS\Installer\{B1A9CD45-A702-4E3B-91ED-8CD562869901}\InstRes.dll
C:\WINDOWS\system32\ghhkj.ini2
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ijllm.bak1
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\ghhkj.bak2
C:\WINDOWS\system32\ijllm.bak2
C:\WINDOWS\system32\orqss.bak2
C:\Documents and Settings\D'Hoker Peter\ResErrors.log
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\netlogun.exe
C:\Install
C:\WINDOWS\system32\actskn45.ocx

Uninstallers:

Folders Found:

C:\UGA6PM
C:\Program Files\Common Files\AntiVirusScherm
C:\Documents and Settings\D'Hoker Peter\Application Data\BedreigingsMonitoor

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

C:\Documents and Settings\D'Hoker Peter\Mijn documenten\Mijn ontvangen bestanden\Oprit.zip
Folders Found:

--------------RVAXO.exe finished----------------

Dit is de Combolog:
ComboFix 08-02-21 - D'Hoker Peter 2008-02-21 13:24:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.552 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\D'Hoker Peter\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\D'Hoker Peter\Application Data\HbTools
C:\Documents and Settings\D'Hoker Peter\Application Data\HbTools\HbTools.log
C:\Documents and Settings\Kim\Application Data\Hotbar
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans.idx
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\btntrans1.dat
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\cursors.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz1.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz10.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz11.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz12.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz13.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz14.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz15.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz16.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz17.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz18.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz19.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz2.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz20.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz3.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz4.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz5.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz6.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz7.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz8.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_bidz9.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemster.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_reun.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesmenu.cdf
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\gamesMenu.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\hb_ie_menu.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_games_icon.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\ie_video.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\more.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\new_games.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\sales_buttons.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\2\weathericon.res
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\cursors.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\gamesmenu.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hb_ie_menu.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ie_video.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\more.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Kim\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip
C:\Documents and Settings\Kim\Bureaublad\Free PC Wallpapers.lnk
C:\Documents and Settings\Kim\ResErrors.log
C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR

(((((((((((((((((((( Bestanden Gemaakt van 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))
.

2008-02-21 12:48 . 2008-02-21 13:13 <DIR> d----c--- C:\RVAXO
2008-02-21 12:43 . 2008-02-21 11:37 707,330 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-02-21 12:43 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-02-16 12:19 . 2008-02-16 12:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-16 12:19 . 2008-02-16 12:24 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 12:17 . 2008-02-16 12:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 12:13 . 2008-02-16 13:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-16 12:13 . 2008-02-16 12:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 12:00 . 2008-02-16 12:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-16 10:57 . 2008-02-16 10:57 <DIR> d-------- C:\Program Files\RegistrySmart
2008-02-16 10:57 . 2008-02-16 11:53 <DIR> d-------- C:\Documents and Settings\D'Hoker Peter\Application Data\RegistrySmart
2008-02-11 10:03 . 2008-02-11 10:03 <DIR> d-------- C:\Documents and Settings\D'Hoker Peter\Application Data\CyberLink

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 11:42 --------- d-----w C:\Program Files\Bouwsoft
2008-02-21 11:39 --------- d-----w C:\Documents and Settings\D'Hoker Peter\Application Data\postgresql
2008-02-21 07:00 --------- d-----w C:\Documents and Settings\D'Hoker Peter\Application Data\AVG7
2008-02-16 12:55 --------- d-----w C:\Program Files\BearShare Applications
2008-02-14 18:19 --------- d-----w C:\Program Files\Google
2008-02-14 14:00 --------- d-----w C:\Program Files\MSN Messenger
2008-02-11 05:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 06:34 --------- d-----w C:\Program Files\Magentic
2008-01-21 09:30 --------- d-----w C:\Program Files\iTunes
2008-01-21 07:00 --------- d-----w C:\Documents and Settings\Kim\Application Data\AVG7
2008-01-17 18:55 745,547 ----a-w C:\WINDOWS\system32\Magentic Screensaver.scr
2008-01-17 09:58 --------- d-----w C:\Program Files\QuickTime
2008-01-13 09:39 --------- d-----w C:\Documents and Settings\Kim\Application Data\BedreigingsMonitoor
2008-01-08 05:47 --------- d-----w C:\Documents and Settings\D'Hoker Peter\Application Data\AdobeUM
2007-12-31 12:57 19,479 ----a-w C:\Documents and Settings\D'Hoker Peter\Application Data\mdbu.bin
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:18 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-06 14:56 103,432 ----a-w C:\Documents and Settings\D'Hoker Peter\Application Data\GDIPFONTCACHEV1.DAT
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-05-19 07:19 7,237,824 ------w C:\Program Files\Kruidvat-Fotoservice.exe
2007-02-13 08:56 36,808,256 ------w C:\Program Files\iTunesSetup.exe
2006-10-21 09:14 20,675 ----a-w C:\Documents and Settings\Kim\program.bin
2005-08-19 02:45 64 ----a-w C:\Documents and Settings\Kim\prefer.dat
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29a78838-d3b3-42d8-af8f-e50df92754af}]
C:\WINDOWS\system32\wudhvgjs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E027518-8AC4-4319-88D0-803B521F8E08}]
C:\WINDOWS\system32\jkhhg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"=""

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-13 19:53 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-03-20 18:36 208946]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 19:55 475180]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 21:10 335872]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01 155648]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 16:29 294998]
"Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 08:11 579072]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 09:18 49152]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 01:00 45056]
"CTHelper"="CTHELPER.EXE" [2003-02-20 23:45 28672 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-09-13 20:03 12288 C:\WINDOWS\system32\regsvr32.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [ ]
"0056d174"="C:\WINDOWS\system32\pjgtqojw.dll" [ ]
"NI.UGESM_0001_N122M2811"="c:\documents and settings\d'hoker peter\application data\setup_nl[1].exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" [2008-02-13 09:08 4351216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 07:11 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-10-12 13:12:12 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggefed]
hggefed.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhg]
C:\WINDOWS\system32\jkhhg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllji]
C:\WINDOWS\system32\mllji.dll

R2 pgsql-8.2;pgsql82;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2"

R2 UseSocketService;UseSocketService;C:\Program Files\Bouwsoft\UseSocketService.exe [2007-12-06 12:12]

.
Inhoud van de 'Gedeelde Taken' map
"2008-02-18 13:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-04 16:23:00 C:\WINDOWS\Tasks\Backup maandelijks.job"
- C:\WINDOWS\system32\ntbackup.exeUbackup
"2008-01-04 20:21:00 C:\WINDOWS\Tasks\Backup.job"
- C:\WINDOWS\system32\ntbackup.exeSbackup
"2008-02-21 12:24:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-21 12:17:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-18 16:19:00 C:\WINDOWS\Tasks\Planning Backup.job"
- C:\WINDOWS\system32\ntbackup.exeŠbackup
"2008-02-21 12:17:01 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 13:31:32
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-02-21 13:34:10
ComboFix-quarantined-files.txt 2008-02-21 12:34:06
.
2008-02-20 02:46:04 --- E O F ---

Het *.dll bestand dat hij niet kan vinden is het volgende: C:/windows/system32/pjgtqojw.dll, misschien helpt deze info?
Ook probeert RegistrySmart me te laten registreren, is dit aan te bevelen?
Is er verder nog iets wat ik kan doen om mijn pc veilig te houden?

Bedankt!

**smeenk** · 21-02-08, 15:25

Zover ik het weet is RegisterySmart een onbetrouwbaar programma.
Ga naar Configuratiescherm - Software en probeer deze daat te deïnstalleren.

Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
Dit zal alles van RVAXO doen verwijderen.

Post even een nieuw logje van Hijackthis

**Alicia** · 21-02-08, 17:11

Nieuwe log: (heb de indruk dat mijn pc al sneller werkt!

aan wat zou het gelegen hebben?)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:51, on 21-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Bouwsoft\UseSocketService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Bouwsoft\usesocketservice.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Bouwsoft\Tools\Werkstation\beheer.exe
C:\Program Files\RegistrySmart\RegistrySmart.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.priorweb.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Hotbar /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: {fa45729f-d05e-f8fa-8d24-3b3d83887a92} - {29a78838-d3b3-42d8-af8f-e50df92754af} - C:\WINDOWS\system32\wudhvgjs.dll (file missing)
O2 - BHO: (no name) - {2E027518-8AC4-4319-88D0-803B521F8E08} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [0056d174] rundll32.exe "C:\WINDOWS\system32\pjgtqojw.dll",sitypnow
O4 - HKLM\..\Run: [NI.UGESM_0001_N122M2811] "c:\documents and settings\d'hoker peter\application data\setup_nl[1].exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Bouwsoft Beheer.lnk = C:\Program Files\Bouwsoft\Tools\Werkstation\beheer.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotobook.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {DD170420-92CF-11D4-9304-005004043EB5} (FortisIsaLiteDll) - https://finance.fortisbusiness.com/ISWB0101/ISWB/downloads/FortisIsaLite.cab
O20 - Winlogon Notify: hggefed - hggefed.dll (file missing)
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: pgsql82 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UseSocketService - Unknown owner - C:\Program Files\Bouwsoft\UseSocketService.exe

--
End of file - 12439 bytes

**smeenk** · 21-02-08, 21:55

Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O2 - BHO: Hotbar /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: {fa45729f-d05e-f8fa-8d24-3b3d83887a92} - {29a78838-d3b3-42d8-af8f-e50df92754af} - C:\WINDOWS\system32\wudhvgjs.dll (file missing)
O2 - BHO: (no name) - {2E027518-8AC4-4319-88D0-803B521F8E08} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [0056d174] rundll32.exe "C:\WINDOWS\system32\pjgtqojw.dll",sitypnow
O4 - HKLM\..\Run: [NI.UGESM_0001_N122M2811] "c:\documents and settings\d'hoker peter\application data\setup_nl[1].exe"
O20 - Winlogon Notify: hggefed - hggefed.dll (file missing)
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u4 en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u4-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Post een nieuw logje van Hijackthis ter controle

**Alicia** · 22-02-08, 07:59

Heb alles gedaan wat je zei, nu komt er geen melding meer van de *.dll!

Ik heb 1 versie kunnen verwijderen van Java.
Hieronder het logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:46, on 22-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Bouwsoft\UseSocketService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Bouwsoft\usesocketservice.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Bouwsoft\Tools\Werkstation\beheer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.priorweb.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Bouwsoft Beheer.lnk = C:\Program Files\Bouwsoft\Tools\Werkstation\beheer.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fotobook.foto.com/NewUploader/ImageUploader4.cab
O16 - DPF: {DD170420-92CF-11D4-9304-005004043EB5} (FortisIsaLiteDll) - https://finance.fortisbusiness.com/ISWB0101/ISWB/downloads/FortisIsaLite.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: pgsql82 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: UseSocketService - Unknown owner - C:\Program Files\Bouwsoft\UseSocketService.exe

--
End of file - 11321 bytes

Is er nog iets waar ik op moet letten?

**smeenk** · 22-02-08, 08:33

Doe dit nog maar even:

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Ga naar Start - Uitvoeren en geef hier het volgende in:
Combofix /U
Druk daarna op OK.
Let op: Er moet een spatie tussen Combofix en /U zitten.

Dit zal Combofix deïnstalleren.

Dan denk ik dat alles weer OK is

**Alicia** · 22-02-08, 09:53

Ok, alles is gebeurd, echt mercikes!!
Aan wat lag het dan eigelijk en hoe kan ik dat voorkomen voor in de toekomst?

Malware: wat is dat precies?

**smeenk** · 22-02-08, 10:03

Graag gedaan hoor

Je had een zogenaamde Vundo infectie.
Malware is een verzamelnaam voor allerlei onbetrouwbare programma's: virussen, spyware, adware e.d

Kijk ook naar deze link:

Nucia Security Forums

http://www.nucia.eu/forum/showthread.php?t=55

**Alicia** · 22-02-08, 13:12

Echt je hebt me uit de nood geholpen, mijn pc is héél belangrijk voor mij en ons bedrijf! Hopelijk heb ik nu geen problemen meer, maar als dat wel zo is mag ik je dan weer contacteren? Je kent er blijkbaar heel wat van!

Er hebben al zovelen me proberen helpen, en jou lukt het meteen! Echt schapoo!

Bye the way, ik heb die link bekeken en nu had ik nog een vraagje: het verwondert mij van Internet Explorer

, wat is dan het beste: Opera of
Mozilla Firefox? En gaat dit geen problemen opleveren met andere programma's of links? Is het dezelfde werkwijze?

Groetjes en nog es mercikes!!!

**smeenk** · 22-02-08, 14:40

Opera schijnt de betere van de 2 te zijn, al heb ik die zelf nog niet gebruikt.
Voor zover ik het weet levert het gebruik van die browser geen problemen op met andere programma's

Mededeling

Help! Mijn pc is aan 't flippen! CPU 100%

Help! Mijn pc is aan 't flippen! CPU 100%

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment