Mededeling

**smeenk** · 09-03-08, 01:50

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Malwarebytes' Anti-Malware op je bureaublad.
Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
Druk daarna op "Finish".
Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
Druk dan op de knop "Start Scan".
Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
Als het programma je computer wil laten herstarten, sta je dit toe.
Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
Post deze log in je volgende bericht

**aemj** · 09-03-08, 13:20

VBG.TXT (resultaat/logbestand van VirtumundoBegone)

[03/09/2008, 11:51:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\KRKIN\Bureaublad\VirtumundoBeGone.exe" )
[03/09/2008, 11:51:07] - Detected System Information:
[03/09/2008, 11:51:07] - Windows Version: 5.1.2600, Service Pack 2
[03/09/2008, 11:51:07] - Current Username: KRKIN (Admin)
[03/09/2008, 11:51:07] - Windows is in NORMAL mode.
[03/09/2008, 11:51:07] - Searching for Browser Helper Objects:
[03/09/2008, 11:51:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/09/2008, 11:51:08] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[03/09/2008, 11:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:51:08] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[03/09/2008, 11:51:08] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[03/09/2008, 11:51:08] - BHO 3: {2A948EE5-4860-4167-8CB3-74784AD8FA2A} ()
[03/09/2008, 11:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:51:08] - No filename found. Continuing.
[03/09/2008, 11:51:08] - BHO 4: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[03/09/2008, 11:51:08] - BHO 5: {5118DC72-BFD4-44AC-A0A9-421C191DBE39} ()
[03/09/2008, 11:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:51:08] - Checking for HKLM\...\Winlogon\Notify\pmnnnmk
[03/09/2008, 11:51:08] - Found: HKLM\...\Winlogon\Notify\pmnnnmk - This is probably Virtumundo.
[03/09/2008, 11:51:08] - Assigning {5118DC72-BFD4-44AC-A0A9-421C191DBE39} MSEvents Object
[03/09/2008, 11:51:08] - BHO list has been changed! Starting over...
[03/09/2008, 11:51:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/09/2008, 11:51:08] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[03/09/2008, 11:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:51:08] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[03/09/2008, 11:51:08] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[03/09/2008, 11:51:08] - BHO 3: {2A948EE5-4860-4167-8CB3-74784AD8FA2A} ()
[03/09/2008, 11:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:51:08] - No filename found. Continuing.
[03/09/2008, 11:51:08] - BHO 4: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[03/09/2008, 11:51:08] - BHO 5: {5118DC72-BFD4-44AC-A0A9-421C191DBE39} (MSEvents Object)
[03/09/2008, 11:51:08] - ALERT: Found MSEvents Object!
[03/09/2008, 11:51:08] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/09/2008, 11:51:08] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/09/2008, 11:51:08] - BHO 8: {78B4C5CA-8939-4A74-B170-073A74CD0BDD} ()
[03/09/2008, 11:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:51:08] - Checking for HKLM\...\Winlogon\Notify\geedd
[03/09/2008, 11:51:08] - Key not found: HKLM\...\Winlogon\Notify\geedd, continuing.
[03/09/2008, 11:51:08] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/09/2008, 11:51:08] - BHO 10: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[03/09/2008, 11:51:08] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/09/2008, 11:51:08] - BHO 12: {ce48724b-724b-4da9-b275-6254fe0dd536} ()
[03/09/2008, 11:51:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:51:08] - Checking for HKLM\...\Winlogon\Notify\artyttng
[03/09/2008, 11:51:08] - Key not found: HKLM\...\Winlogon\Notify\artyttng, continuing.
[03/09/2008, 11:51:08] - Finished Searching Browser Helper Objects
[03/09/2008, 11:51:09] - *** Detected MSEvents Object
[03/09/2008, 11:51:09] - Trying to remove MSEvents Object...
[03/09/2008, 11:51:10] - Terminating Process: IEXPLORE.EXE
[03/09/2008, 11:51:10] - Terminating Process: RUNDLL32.EXE
[03/09/2008, 11:51:11] - Disabling Automatic Shell Restart
[03/09/2008, 11:51:11] - Terminating Process: EXPLORER.EXE
[03/09/2008, 11:51:12] - Suspending the NT Session Manager System Service
[03/09/2008, 11:51:12] - Terminating Windows NT Logon/Logoff Manager
[03/09/2008, 11:56:15] - Re-enabling Automatic Shell Restart
[03/09/2008, 11:56:15] - File to disable: C:\WINDOWS\system32\pmnnnmk.dll
[03/09/2008, 11:56:15] - Removing HKLM\...\Browser Helper Objects\{5118DC72-BFD4-44AC-A0A9-421C191DBE39}
[03/09/2008, 11:56:15] - Removing HKCR\CLSID\{5118DC72-BFD4-44AC-A0A9-421C191DBE39}
[03/09/2008, 11:56:16] - Adding Kill Bit for ActiveX for GUID: {5118DC72-BFD4-44AC-A0A9-421C191DBE39}
[03/09/2008, 11:56:17] - Deleting ATLEvents/MSEvents Registry entries
[03/09/2008, 11:56:17] - Removing HKLM\...\Winlogon\Notify\pmnnnmk
[03/09/2008, 11:56:17] - Searching for Browser Helper Objects:
[03/09/2008, 11:56:17] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
[03/09/2008, 11:56:17] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[03/09/2008, 11:56:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:56:17] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[03/09/2008, 11:56:17] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[03/09/2008, 11:56:17] - BHO 3: {2A948EE5-4860-4167-8CB3-74784AD8FA2A} ()
[03/09/2008, 11:56:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:56:17] - No filename found. Continuing.
[03/09/2008, 11:56:17] - BHO 4: {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuardDLBLOCK.CBrowserHelper)
[03/09/2008, 11:56:17] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/09/2008, 11:56:17] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/09/2008, 11:56:17] - BHO 7: {78B4C5CA-8939-4A74-B170-073A74CD0BDD} ()
[03/09/2008, 11:56:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:56:17] - Checking for HKLM\...\Winlogon\Notify\geedd
[03/09/2008, 11:56:17] - Key not found: HKLM\...\Winlogon\Notify\geedd, continuing.
[03/09/2008, 11:56:17] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/09/2008, 11:56:17] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[03/09/2008, 11:56:17] - BHO 10: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/09/2008, 11:56:17] - BHO 11: {ce48724b-724b-4da9-b275-6254fe0dd536} ()
[03/09/2008, 11:56:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/09/2008, 11:56:17] - Checking for HKLM\...\Winlogon\Notify\artyttng
[03/09/2008, 11:56:17] - Key not found: HKLM\...\Winlogon\Notify\artyttng, continuing.
[03/09/2008, 11:56:17] - Finished Searching Browser Helper Objects
[03/09/2008, 11:56:18] - Finishing up...
[03/09/2008, 11:56:18] - A restart is needed.
[03/09/2008, 11:56:38] - Attempting to Restart via STOP error (Blue Screen!)

**aemj** · 09-03-08, 14:00

RVAXO-resultaat...

---RVAXO.exe Updated: 2008-03-09---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp

Folders Found:
C:\WINDOWS\system32\UpMedia

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

**aemj** · 09-03-08, 16:07

mbam-log-XXXX (resultaat Malwarebytes)

Malwarebytes' Anti-Malware 1.07
Database versie: 470

Scan type: Volledige Scan (A:\|C:\|E:\|)
Objecten gescand: 172339
Verstreken tijd: 46 minute(s), 56 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 2
Registersleutels geïnfecteerd: 13
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 2
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 8

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\geedd.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\falouwww.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b55ec182-05dd-4a94-ab7b-b267525bc4a8} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b55ec182-05dd-4a94-ab7b-b267525bc4a8} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\geedd -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\geedd -> Delete on reboot.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\rfdulism.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msiludfr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geedd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ddeeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddeeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\falouwww.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wwwuolaf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E054994B-1AD2-4205-BD26-32D0EAF252EC}\RP427\A0067393.vxd (Adware.Winad) -> Quarantined and deleted successfully.

**aemj** · 09-03-08, 16:23

nader verslag

Eerst dank voor je snelle reactie, Smeenk!

Ik krijg na de laatste herstart de volgende melding:
"De toepassing of DLL-bestand C:\WINDOWS\system32\falouwww.dll is geen geldige Windows-kopie. Controleer dit op uw installatiediskette."
Ik hoop dat dit niet direct schadelijk is, en zal dit later proberen te checken.

Verder heb ik gedurende de procedures veel herhaalde meldingen gehad van Spyboth en SpywareGuard. Ik begrijp de berichtgeving van Spyboth mbt gewijzigde entries niet, en heb maar aangenomen dat "weigeren" in plaats van "toestaan" de veilige weg vormde.

Ben benieuwd hoever we nu zijn. Computer is in elk geval al een stuk rustiger en sneller!

**smeenk** · 09-03-08, 19:47

Post even een nieuw logje van Hijackthis

Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht

**aemj** · 10-03-08, 12:08

HijackThis (2e logbestand)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:09, on 10-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
C:\Program Files\SurfRight\Caretaker\AntispamService.exe
C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\QtDTAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SurfRight\Caretaker\Notifier.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sitecom\Sitecom WL-150 Wireless LAN Card\Installer\WLANUTL.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {2A948EE5-4860-4167-8CB3-74784AD8FA2A} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5118DC72-BFD4-44AC-A0A9-421C191DBE39} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {635dd0ef-4526-572b-9ad4-b427b42784ec} - {ce48724b-724b-4da9-b275-6254fe0dd536} - C:\WINDOWS\system32\artyttng.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtDTAcer.EXE"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [VDvIx] C:\WINDOWS\tvpxgvsq.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\netherlands.exe -N
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [abub] C:\WINDOWS\abub.exe
O4 - HKLM\..\Run: [<°‡@¡±§Tlçÿ[Ì…*9ÀÌC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tvpxgvsq.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [13581672] rundll32.exe "C:\WINDOWS\system32\falouwww.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-150 Wireless LAN Card\Installer\WLANUTL.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142890292875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142890280843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 12328 bytes

**aemj** · 10-03-08, 12:10

zoek.exe (logbestand)

----a-w 0 2008-03-10 09:19:51 C:\WINDOWS\0.log
----a-w 1,080 2008-03-06 09:33:51 C:\WINDOWS\AUTOLNCH.REG
--s-a-w 2,048 2008-03-10 09:19:26 C:\WINDOWS\bootstat.dat
----a-w 0 2008-03-03 08:00:27 C:\WINDOWS\IsUn0413.exe
----a-w 51 2008-03-10 09:19:46 C:\WINDOWS\iTouch.ini
----a-w 836 2008-03-07 13:42:01 C:\WINDOWS\PVWIN.INI
----a-w 1,409 2008-03-07 08:17:42 C:\WINDOWS\QTFont.for
---ha-w 54,156 2008-03-07 08:17:42 C:\WINDOWS\QTFont.qfn
----a-w 71 2008-03-03 07:59:36 C:\WINDOWS\SBWIN.INI
----a-w 21,432 2008-03-07 16:53:46 C:\WINDOWS\SchedLgU.Txt
----a-w 775,942 2008-03-04 10:35:12 C:\WINDOWS\setupapi.log
----a-w 159 2008-03-10 09:19:51 C:\WINDOWS\wiadebug.log
----a-w 49 2008-03-10 09:19:50 C:\WINDOWS\wiaservc.log
----a-w 632 2008-03-04 10:38:24 C:\WINDOWS\win.ini
----a-w 1,317,372 2008-03-10 09:41:36 C:\WINDOWS\WindowsUpdate.log
----a-w 0 2008-03-10 09:19:26 C:\WINDOWS\Debug\PASSWD.LOG
----a-w 193,870 2008-03-10 09:19:37 C:\WINDOWS\Debug\UserMode\userenv.log
----a-w 3,286,528 2008-03-04 08:40:09 C:\WINDOWS\Installer\484807.msi
----a-r 1,038,336 2008-03-04 08:40:09 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
----a-r 178,688 2008-03-04 08:40:09 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
----a-r 171,008 2008-03-04 08:40:09 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
----a-r 8,704 2008-03-04 08:40:09 C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
----a-w 320 2008-03-03 08:14:59 C:\WINDOWS\PCHealth\HelpCtr\Config\NewsSet.xml
----a-w 204,384 2008-03-03 08:22:14 C:\WINDOWS\PCHealth\HelpCtr\Config\Cache\Professional_32_1043.dat.bak
----a-w 264 2008-03-03 08:15:01 C:\WINDOWS\PCHealth\HelpCtr\Config\News\NewsHeadlines_1043_Professional.xml
----a-w 70,714 2008-03-03 08:14:59 C:\WINDOWS\PCHealth\HelpCtr\Config\News\newsver.xml
----a-w 3,746 2008-03-04 08:01:52 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_267.xml
----a-w 6,738 2008-03-04 08:01:53 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_277.xml
----a-w 7,126 2008-03-04 08:01:53 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_283.xml
----a-w 7,550 2008-03-04 08:01:53 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_285.xml
----a-w 37,232 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_286.xml
----a-w 1,438 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_288.xml
----a-w 25,084 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_290.xml
----a-w 2,500 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_292.xml
----a-w 17,714 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_294.xml
----a-w 3,466 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_296.xml
----a-w 3,746 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_297.xml
----a-w 1,574 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_298.xml
----a-w 24,270 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_300.xml
----a-w 2,036 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_302.xml
----a-w 336,796 2008-03-05 12:03:46 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_304.xml
----a-w 159,026 2008-03-05 12:03:47 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_306.xml
----a-w 7,044 2008-03-05 12:03:47 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_307.xml
----a-w 47,226 2008-03-05 12:03:47 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_308.xml
----a-w 6,256 2008-03-05 12:03:47 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_310.xml
----a-w 88,354 2008-03-05 12:03:47 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_312.xml
----a-w 2,092 2008-03-05 12:03:47 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_313.xml
----a-w 67,916 2008-03-05 12:03:47 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_314.xml
----a-w 3,006 2008-03-05 12:03:47 C:\WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_315.xml
----a-w 12,648 2008-03-05 12:03:47 C:\WINDOWS\PCHealth\HelpCtr\DataColl\history_db.xml
----a-w 14,262 2008-03-04 08:38:31 C:\WINDOWS\Prefetch\AAW2007[1].EXE-24828ADC.pf
----a-w 30,468 2008-03-04 08:40:19 C:\WINDOWS\Prefetch\AAWLIC.EXE-38331DC6.pf
----a-w 31,562 2008-03-04 08:40:13 C:\WINDOWS\Prefetch\AAWSERVICE.EXE-0C93BFFC.pf
----a-w 76,020 2008-03-07 12:46:59 C:\WINDOWS\Prefetch\ACRORD32.EXE-356875A2.pf
----a-w 78,756 2008-03-07 16:44:47 C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-24548733.pf
----a-w 40,566 2008-03-04 08:47:48 C:\WINDOWS\Prefetch\AD-AWARE2007.EXE-0CF9A7E5.pf
----a-w 56,402 2008-03-07 08:11:06 C:\WINDOWS\Prefetch\ADOBEUPDATER.EXE-1AB51BCE.pf
----a-w 98,656 2008-03-07 08:21:07 C:\WINDOWS\Prefetch\ARCHICAD.EXE-1DB232CD.pf
----a-w 91,886 2008-03-07 14:21:17 C:\WINDOWS\Prefetch\ARCHICAD.EXE-281CFD47.pf
----a-w 24,312 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\ASHDISP.EXE-0B874892.pf
----a-w 83,680 2008-03-10 09:24:18 C:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf
----a-w 14,976 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\DAEMON.EXE-066F8DBF.pf
----a-w 16,974 2008-03-07 14:06:59 C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
----a-w 62,726 2008-03-07 14:07:00 C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
----a-w 51,954 2008-03-07 08:36:20 C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf
----a-w 25,534 2008-03-07 08:36:26 C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf
----a-w 80,626 2008-03-07 14:59:48 C:\WINDOWS\Prefetch\EXCEL.EXE-13B3F319.pf
----a-w 16,754 2008-03-03 08:37:32 C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
----a-w 48,166 2008-03-06 08:58:27 C:\WINDOWS\Prefetch\GSREPORT.EXE-2E8615A5.pf
----a-w 68,906 2008-03-04 10:39:02 C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf
----a-w 49,336 2008-03-05 12:03:52 C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
----a-w 43,394 2008-03-04 09:17:01 C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf
----a-w 71,142 2008-03-06 09:33:59 C:\WINDOWS\Prefetch\HPPSAPP.EXE-0FC17819.pf
----a-w 14,178 2008-03-07 16:26:06 C:\WINDOWS\Prefetch\HPZENG06.EXE-0298DF7F.pf
----a-w 17,662 2008-03-07 16:26:15 C:\WINDOWS\Prefetch\HPZSTC06.EXE-25352EBF.pf
----a-w 9,162 2008-03-07 16:26:15 C:\WINDOWS\Prefetch\HPZSTW06.EXE-0B092BEC.pf
----a-w 96,826 2008-03-10 09:30:39 C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
----a-w 20,214 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\ITOUCH.EXE-0DDF2B56.pf
----a-w 348,846 2008-03-10 09:47:57 C:\WINDOWS\Prefetch\Layout.ini
----a-w 19,056 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf
----a-w 10,272 2008-03-10 09:51:47 C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf
----a-w 18,322 2008-03-06 13:25:27 C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
----a-w 56,722 2008-03-04 08:47:09 C:\WINDOWS\Prefetch\LSUPDATEMANAGER.EXE-216EB0B6.pf
----a-w 11,926 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\MM_TRAY.EXE-01CCB25B.pf
----a-w 40,480 2008-03-07 08:02:14 C:\WINDOWS\Prefetch\MPAS-D.EXE-2F969366.pf
----a-w 72,000 2008-03-03 08:26:47 C:\WINDOWS\Prefetch\MPAS-FE.EXE-03A19C8B.pf
----a-w 47,442 2008-03-10 09:40:05 C:\WINDOWS\Prefetch\MPCMDRUN.EXE-1F9D1CA1.pf
----a-w 16,924 2008-03-05 10:23:41 C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-1414179C.pf
----a-w 15,546 2008-03-07 08:02:16 C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-14C64F7A.pf
----a-w 32,888 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\MSASCUI.EXE-08BEC8D8.pf
----a-w 104,822 2008-03-04 08:40:19 C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
----a-w 42,794 2008-03-07 15:10:37 C:\WINDOWS\Prefetch\MSOHELP.EXE-046E6A04.pf
----a-w 19,664 2008-03-10 10:07:12 C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
----a-w 1,109,940 2008-03-10 09:21:01 C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
----a-w 33,590 2008-03-07 08:36:53 C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf
----a-w 12,636 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf
----a-w 104,442 2008-03-10 09:28:19 C:\WINDOWS\Prefetch\OUTLOOK.EXE-21C6162B.pf
----a-w 67,980 2008-03-06 08:57:07 C:\WINDOWS\Prefetch\PHOTOSHOP.EXE-2081433A.pf
----a-w 79,646 2008-03-06 07:42:42 C:\WINDOWS\Prefetch\POWERPNT.EXE-2F940E7E.pf
----a-w 13,458 2008-03-03 07:58:24 C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
----a-w 20,728 2008-03-03 07:58:23 C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
----a-w 24,832 2008-03-07 08:01:39 C:\WINDOWS\Prefetch\RUNDLL32.EXE-16BBAF5D.pf
----a-w 18,092 2008-03-03 13:43:39 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BE5EAB2.pf
----a-w 18,432 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\RUNDLL32.EXE-247FE6B9.pf
----a-w 19,708 2008-03-04 10:44:30 C:\WINDOWS\Prefetch\RUNDLL32.EXE-24DBE541.pf
----a-w 18,912 2008-03-04 07:45:05 C:\WINDOWS\Prefetch\RUNDLL32.EXE-256C2D0B.pf
----a-w 13,512 2008-03-03 08:39:38 C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf
----a-w 16,754 2008-03-06 09:33:51 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2FCEC944.pf
----a-w 19,100 2008-03-10 10:00:07 C:\WINDOWS\Prefetch\RUNDLL32.EXE-39FC7ED7.pf
----a-w 17,716 2008-03-04 13:29:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3A6C2DE6.pf
----a-w 16,462 2008-03-04 12:48:44 C:\WINDOWS\Prefetch\RUNDLL32.EXE-424C68ED.pf
----a-w 13,386 2008-03-10 10:06:37 C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
----a-w 16,100 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\RUNDLL32.EXE-455ED366.pf
----a-w 16,754 2008-03-06 08:57:03 C:\WINDOWS\Prefetch\RUNDLL32.EXE-484173CC.pf
----a-w 20,976 2008-03-04 10:32:56 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4AA0B9CC.pf
----a-w 60,480 2008-03-04 09:39:59 C:\WINDOWS\Prefetch\SDUPDATE.EXE-00420EF0.pf
----a-w 2,748 2008-03-06 12:00:12 C:\WINDOWS\Prefetch\SETUP.OVR-154CE291.pf
----a-w 18,380 2008-03-07 15:04:14 C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf
----a-w 77,740 2008-03-04 09:41:30 C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf
----a-w 14,868 2008-03-04 09:23:56 C:\WINDOWS\Prefetch\SPYBOTSD152[1].EXE-2A7202BD.pf
----a-w 17,200 2008-03-04 09:23:56 C:\WINDOWS\Prefetch\SPYBOTSD152[1].TMP-1E6A2E1F.pf
----a-w 19,676 2008-03-04 09:37:50 C:\WINDOWS\Prefetch\SPYBOTSD_INCLUDES.EXE-25CE02FF.pf
----a-w 10,932 2008-03-04 12:34:51 C:\WINDOWS\Prefetch\SYSTRAY.EXE-345DCC1C.pf
----a-w 25,700 2008-03-04 09:38:05 C:\WINDOWS\Prefetch\TEATIMER.EXE-1F57E47A.pf
----a-w 18,194 2008-03-10 09:21:01 C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
----a-w 13,308 2008-03-04 13:00:25 C:\WINDOWS\Prefetch\VERSIONCUETRAY.EXE-33371440.pf
----a-w 64,716 2008-03-10 09:28:28 C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf
----a-w 29,434 2008-03-10 09:40:07 C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
----a-w 42,040 2008-03-10 10:00:20 C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
----a-w 25,308 2008-03-10 10:08:59 C:\WINDOWS\Prefetch\ZOEK[1].EXE-30456896.pf
----a-w 343,946 2008-03-10 09:41:41 C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
----a-w 54,534,144 2008-03-10 10:05:10 C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
----a-w 8,192 2008-03-10 10:05:10 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
----a-w 131,072 2008-03-10 10:05:10 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
----a-w 131,072 2008-03-10 09:41:29 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00249.log
----a-w 25,384 2008-03-10 09:20:50 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab
----a-w 17,836 2008-03-10 09:20:50 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.cab
----a-w 10,040 2008-03-03 07:58:42 C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab
----a-w 13,646 2008-03-10 09:19:27 C:\WINDOWS\system32\wpa.dbl
----a-w 8,192 2008-03-10 09:25:30 C:\WINDOWS\system32\CatRoot2\edb.chk
----a-w 131,072 2008-03-10 09:23:00 C:\WINDOWS\system32\CatRoot2\edb.log
----a-w 1,056,768 2008-03-10 09:23:00 C:\WINDOWS\system32\CatRoot2\tmp.edb
----a-w 65,536 2008-03-07 16:53:46 C:\WINDOWS\system32\config\Antivirus.Evt
----a-w 131,072 2008-03-07 16:53:46 C:\WINDOWS\system32\config\AppEvent.Evt
---ha-w 1,024 2008-03-10 09:48:35 C:\WINDOWS\system32\config\default.LOG
---ha-w 1,024 2008-03-10 09:19:27 C:\WINDOWS\system32\config\SAM.LOG
---ha-w 1,024 2008-03-10 09:29:51 C:\WINDOWS\system32\config\SECURITY.LOG
---ha-w 32,768 2008-03-10 10:08:58 C:\WINDOWS\system32\config\software.LOG
----a-w 524,288 2008-03-07 16:53:46 C:\WINDOWS\system32\config\SysEvent.Evt
---ha-w 1,024 2008-03-10 09:22:21 C:\WINDOWS\system32\config\system.LOG
----a-r 227,718 2008-03-04 09:41:56 C:\WINDOWS\system32\drivers\etc\hosts.20080304-104217.backup
----a-r 227,718 2008-03-04 09:42:17 C:\WINDOWS\system32\drivers\etc\hosts.20080304-111710.backup
----a-w 8,957 2008-03-10 09:39:57 C:\WINDOWS\system32\wbem\Logs\FrameWork.log
----a-w 24,372 2008-03-10 09:19:53 C:\WINDOWS\system32\wbem\Logs\wbemess.log
----a-w 65,551 2008-03-06 13:25:33 C:\WINDOWS\system32\wbem\Logs\wbemess.lo_
----a-w 16,394 2008-03-10 09:23:50 C:\WINDOWS\system32\wbem\Logs\wmiprov.log
----a-w 20 2008-03-10 09:19:50 C:\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG
----a-w 1,613,824 2008-03-10 09:25:54 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
----a-w 836 2008-03-10 09:49:27 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
----a-w 4 2008-03-10 09:49:27 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
----a-w 4,704 2008-03-10 09:49:27 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
----a-w 4,704 2008-03-10 09:48:27 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
----a-w 7,823,360 2008-03-10 09:25:53 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
----a-w 3,868 2008-03-10 09:49:27 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
---ha-w 330 2008-03-10 09:41:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job
---ha-w 6 2008-03-10 09:19:34 C:\WINDOWS\Tasks\SA.DAT
----a-w 22,366 2008-03-10 09:41:37 C:\WINDOWS\Temp\MpCmdRun.log
----a-w 30,064 2008-03-07 08:02:16 C:\WINDOWS\Temp\MpSigStub.log
----atw 16,384 2008-03-10 09:19:39 C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat
----a-w 0 2008-03-10 09:19:52 C:\WINDOWS\Temp\_avast4_\Webshlock.txt

Entries: 170 (161)
Directories: 0 Files: 170
Bytes: 79,789,625 Blocks: 155,909
=============
----a-w 13,646 2008-03-10 09:19:27 C:\WINDOWS\system32\wpa.dbl
----a-w 8,192 2008-03-10 09:25:30 C:\WINDOWS\system32\CatRoot2\edb.chk
----a-w 131,072 2008-03-10 09:23:00 C:\WINDOWS\system32\CatRoot2\edb.log
----a-w 1,056,768 2008-03-10 09:23:00 C:\WINDOWS\system32\CatRoot2\tmp.edb
----a-w 65,536 2008-03-07 16:53:46 C:\WINDOWS\system32\config\Antivirus.Evt
----a-w 131,072 2008-03-07 16:53:46 C:\WINDOWS\system32\config\AppEvent.Evt
---ha-w 1,024 2008-03-10 09:48:35 C:\WINDOWS\system32\config\default.LOG
---ha-w 1,024 2008-03-10 09:19:27 C:\WINDOWS\system32\config\SAM.LOG
---ha-w 1,024 2008-03-10 09:29:51 C:\WINDOWS\system32\config\SECURITY.LOG
---ha-w 1,024 2008-03-10 10:09:05 C:\WINDOWS\system32\config\software.LOG
----a-w 524,288 2008-03-07 16:53:46 C:\WINDOWS\system32\config\SysEvent.Evt
---ha-w 1,024 2008-03-10 09:22:21 C:\WINDOWS\system32\config\system.LOG
----a-r 227,718 2008-03-04 09:41:56 C:\WINDOWS\system32\drivers\etc\hosts.20080304-104217.backup
----a-r 227,718 2008-03-04 09:42:17 C:\WINDOWS\system32\drivers\etc\hosts.20080304-111710.backup
----a-w 8,957 2008-03-10 09:39:57 C:\WINDOWS\system32\wbem\Logs\FrameWork.log
----a-w 24,372 2008-03-10 09:19:53 C:\WINDOWS\system32\wbem\Logs\wbemess.log
----a-w 65,551 2008-03-06 13:25:33 C:\WINDOWS\system32\wbem\Logs\wbemess.lo_
----a-w 16,394 2008-03-10 09:23:50 C:\WINDOWS\system32\wbem\Logs\wmiprov.log
----a-w 20 2008-03-10 09:19:50 C:\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG
----a-w 1,613,824 2008-03-10 09:25:54 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
----a-w 836 2008-03-10 09:49:27 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
----a-w 4 2008-03-10 09:49:27 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
----a-w 4,704 2008-03-10 09:49:27 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
----a-w 4,704 2008-03-10 09:48:27 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
----a-w 7,823,360 2008-03-10 09:25:53 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
----a-w 3,868 2008-03-10 09:49:27 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Entries: 26 (21)
Directories: 0 Files: 26
Bytes: 11,957,724 Blocks: 23,363
=============

**smeenk** · 10-03-08, 12:14

Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O2 - BHO: (no name) - {2A948EE5-4860-4167-8CB3-74784AD8FA2A} - (no file)
O2 - BHO: (no name) - {5118DC72-BFD4-44AC-A0A9-421C191DBE39} - (no file)
O2 - BHO: {635dd0ef-4526-572b-9ad4-b427b42784ec} - {ce48724b-724b-4da9-b275-6254fe0dd536} - C:\WINDOWS\system32\artyttng.dll
O4 - HKLM\..\Run: [VDvIx] C:\WINDOWS\tvpxgvsq.exe
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\netherlands.exe -N
O4 - HKLM\..\Run: [abub] C:\WINDOWS\abub.exe
O4 - HKLM\..\Run: [<°‡@¡±§Tlçÿ[Ì…*9ÀÌC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\tvpxgvsq.exe
O4 - HKLM\..\Run: [13581672] rundll32.exe "C:\WINDOWS\system32\falouwww.dll",b
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Herstart je Computer.

Post na de herstart een nieuw logje van hijackthis

**aemj** · 10-03-08, 13:32

HijackThis (log nr3: na verwijdering regels)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:32, on 10-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
C:\Program Files\SurfRight\Caretaker\AntispamService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\QtDTAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SurfRight\Caretaker\Notifier.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sitecom\Sitecom WL-150 Wireless LAN Card\Installer\WLANUTL.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtDTAcer.EXE"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-150 Wireless LAN Card\Installer\WLANUTL.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142890292875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142890280843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11627 bytes

**smeenk** · 10-03-08, 13:54

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
Sluit alle programma's die eventueel open zijn - Zeker je web browser!
Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
Herhaal dit tot alle oudere versies verdwenen zijn.
Na het verwijderen van alle oudere versies, herstart je pc.
Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle en vertel of er nog problemen zijn

**aemj** · 10-03-08, 16:04

HijackThis (4e logbestand)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:13, on 10-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SurfRight\Caretaker\AntispamService.exe
C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Launch Manager\QtDTAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SurfRight\Caretaker\Notifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sitecom\Sitecom WL-150 Wireless LAN Card\Installer\WLANUTL.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\QtDTAcer.EXE"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [CaretakerNotifier] C:\Program Files\SurfRight\Caretaker\Notifier.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom WL-150 Wireless LAN Card\Installer\WLANUTL.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142890292875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142890280843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Caretaker Antispam Service (CaretakerAntispam) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\AntispamService.exe
O23 - Service: Caretaker Proxy (CaretakerProxy) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe
O23 - Service: Caretaker Service (CaretakerSvc) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerService.exe
O23 - Service: Caretaker Updater (CaretakerUpdate) - SurfRight B.V. - C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11871 bytes

**smeenk** · 10-03-08, 16:23

Ziet er weer goed uit

**aemj** · 10-03-08, 16:54

of er nog problemen zijn..

Geachte Smeenk,
1) Van Java had ik dus ook verwijderd Java(TM)6 Update 2 en 3: Ik wist niet zeker of dat de bedoeling was.
2) Hoewel alles weer behoorlijk normaal schijnt te werken, vind ik de opstart van de computer en vervolgens van Archicad, dat ik vaak gebruik, nog opvallend traag. (Harddisk 80Gb is voor 1/3 in gebruik.)
3) Ik concludeer dat ik niets meer met falouwww.dll (zie mijn bericht van gisteren 15:23u.) hoef te doen. Ik moest deze immers uit het register verwijderen, en de melding van ongeldigheid verschijnt ook niet meer.
4) Ik heb nog even scans uitgevoerd met ad-aware en met avast, die beide géén onregelmatigheden meer melden!
5) Af en toe verschijnt rechtsonder het bericht dat er geen firewall actief is, terwijl die toch wèl staat aangevinkt in het beveiligingsscherm.
6) Tot slot is wèl de virus-kluis van Avast nog steeds gevuld (ca. 500 'lijnen'). Ik begrijp niet goed wat dat betekent: zijn dit beschadigde bestanden die niet meer mogen functioneren en waardoor gewenste programma's niet meer goed functioneren en beter opnieuw geïnstalleerd kunnen worden OF zijn het malware-achtige bijproducten die nog verwijderd kunnen worden OF is het gewoon malware die nog steeds aanwezig maar wèl onschadelijk is OF zijn het allleen maar vermeldingen die nu al niet meer geldig zijn maar waar eventueel nog iets mee moet gebeuren?
7) Ik ben vast van plan om mijn computer beter te blijven beveiligen. Ik probeer de aanwijzingen vanuit Nucia goed op te volgen, maar het ontbreekt me dus nog aan wat elementair inzicht. Kun je zeggen welke leerweg ik moet volgen om wegwijs te worden in de wereld van malware-begrippen en beveiliging?

Wellicht wil je reageren op de punten hierboven, voorzover je die van belang vindt.

En dan wil ik je nog bedanken voor je snelle en deskundige hulp. Ik ga zeker wat overmaken. Kun je aangeven wat ongeveer gebruikelijk is?

Mededeling

tratbho

tratbho

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment