Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hijackthislog ivm computerproblemen

Othuroyo
16 antwoorden
  • aan de hand van dit topic even een hijackthis logfile:
    http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=198686

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:02:22, on 16-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\Pixart\Pac7311\Monitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
    C:\Users\Rutger\AppData\Local\Temp\Adobelm_Cleanup.0001
    C:\Users\Rutger\AppData\Local\Temp\Adobelm_Cleanup.0001
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mar-px-01:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing)
    O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos
    edirect-home?tag=Toshibaukbholink-21&site=home (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GSV - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\GSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: JGPPLMRDFTO - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe


    End of file - 9440 bytes

    ik weet niet hoe ik hier naar moet kijken. Iig, ik had IE niet aanstaan en ook IE user uitgeschakeld, maar toch blijkt die nog te draaien?
    de gratistoolbar die ertussen staat heb ik via configuratiescherm -> programma's en onderdelen, verwijderd, maar blijft actief, ik kan hem ook niet wissen. (voor installatie van die toolbar bestond het probleem al)

    ad-aware vind wel steeds iets, maar zodra ik het wil verwijderen loopt het programma vast, hoewel hij zegt dat hij het heeft verwijderd, dus dat vind ik nogal vreemd.
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:faeea680c9]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file)
    O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing)
    O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos
    edirect-home?tag=Toshibaukbholink-21&site=home (file missing) [/b:faeea680c9]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.






    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:faeea680c9]@echo off
    ECHO.
    ECHO Deleting folders>>log.txt
    FOR %%I in (
    "C:\Program Files\IEToolbar\") DO (
    IF EXIST %%I (
    RD /S /Q %%I
    IF EXIST %%I (
    ECHO %%I not deleted>>log.txt
    ) ELSE (
    ECHO %%I deleted>>log.txt)
    ) ELSE (
    ECHO %%I not found>>log.txt))
    START NOTEPAD.EXE log.txt
    [/b:faeea680c9]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.




    Je Java software is verouderd.
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

    [list:faeea680c9][*:faeea680c9] Download Java Runtime Environment (JRE) 6u12 en bewaar het naar je Bureaublad.
    [*:faeea680c9] Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:faeea680c9] Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:faeea680c9] Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:faeea680c9]Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
    [*:faeea680c9] Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:faeea680c9] Na het verwijderen van alle oudere versies, herstart je pc.
    [*:faeea680c9] Dubbelklik vervolgens op jre-6u12-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:faeea680c9]




    Download [b:faeea680c9]MalwareBytes' Anti-Malware[/color:faeea680c9][/b:faeea680c9] en sla het op je bureaublad op.
    Dubbelklik op [b:faeea680c9]mbam-setup.exe[/b:faeea680c9] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:faeea680c9]
    [*:faeea680c9]Update MalwareBytes' Anti-Malware
    [*:faeea680c9]Start MalwareBytes' Anti-Malware
    [/list:u:faeea680c9]Klik daarna op "[b:faeea680c9]Voltooien[/b:faeea680c9]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:faeea680c9]
    [*:faeea680c9]Zodra het programma gestart is, ga dan naar het tabblad "[b:faeea680c9]Instellingen[/b:faeea680c9]".
    [*:faeea680c9]Vink hier aan: "[b:faeea680c9]Sluit Internet Explorer tijdens verwijdering van malware[/b:faeea680c9]".
    [*:faeea680c9]Ga daarna naar het tabblad "[b:faeea680c9]Scanner[/b:faeea680c9]", kies hier voor "[b:faeea680c9]Snelle Scan[/b:faeea680c9]".
    [*:faeea680c9]Druk vervolgens op "[b:faeea680c9]Scannen[/b:faeea680c9]" om de scan te starten.
    [*:faeea680c9]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:faeea680c9]Wanneer de scan voltooid is, klik op [b:faeea680c9]OK[/b:faeea680c9], daarna "[b:faeea680c9]Bekijk Resultaten[/b:faeea680c9]" om de resultaten te zien.
    [*:faeea680c9]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:faeea680c9]Verwijder geselecteerde[/b:faeea680c9]".
    [*:faeea680c9]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:faeea680c9]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:faeea680c9]Logs[/b:faeea680c9]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • [quote:24a31e6907="Othuroyo"]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    [b:24a31e6907]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [/b:24a31e6907]
    [b:24a31e6907]R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file)[/b:24a31e6907]
    [b:24a31e6907]O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll[/b:24a31e6907]
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    [b:24a31e6907]O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll [/b:24a31e6907]
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing)
    [b:24a31e6907]O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll[/b:24a31e6907]
    O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos
    edirect-home?tag=Toshibaukbholink-21&site=home (file missing)[/quote:24a31e6907]

    Er gaat wat fout. Ik krijg bij het aanvinken van deze 3 meldingen.
    De zaken met gratistoolbar zijn er ineens uit, waarschijnlijk door de reboot dat deze de-installatie wel is gelukt volledig.

    alles wat ik vet heb gemaakt, is weg, de rest krijg ik niet weg, met de volgende meldingen:

    [img:24a31e6907]http://pobresh.com/foutmelding1.jpg[/img:24a31e6907]

    [img:24a31e6907]http://pobresh.com/foutmelding2.jpg[/img:24a31e6907]

    of ik nu ja of nee klik, bij beiden of om en om, krijg ik alsnog dit scherm:

    [img:24a31e6907]http://pobresh.com/melding3.jpg[/img:24a31e6907]
    Internet explorer start als ik ja klik bij de eerste 2, maar die sluit ik via taakbeheer af, inc, ieuser.exe Dus IE draait niet.

    Na de laatste melding gaat hijackthis terug naar het begin en kan ik hem weer opnieuw laten scannen, maar wat ik ook probeer, die paar die blijven staan.



    [quote:24a31e6907]
    Je Java software is verouderd.
    Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

    [list:24a31e6907][*:24a31e6907] Download Java Runtime Environment (JRE) 6u12 en bewaar het naar je Bureaublad.
    [*:24a31e6907] Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:24a31e6907] Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:24a31e6907] Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:24a31e6907]Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
    [*:24a31e6907] Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:24a31e6907] Na het verwijderen van alle oudere versies, herstart je pc.
    [*:24a31e6907] Dubbelklik vervolgens op jre-6u12-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:24a31e6907]
    [/quote:24a31e6907]
    Bij software stond enkel de runtime, die heb ik weggehaald. Installatie heb ik dus al gedaan.

    anti-malware log:

    [b:24a31e6907]Malwarebytes' Anti-Malware 1.34
    Database versie: 1857
    Windows 6.0.6001 Service Pack 1

    17-3-2009 9:34:59
    mbam-log-2009-03-17 (09-34-59).txt

    Scan type: Snelle Scan
    Objecten gescand: 59416
    Verstreken tijd: 3 minute(s), 0 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 2
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)
    [/b:24a31e6907]

    hijackthislog2:
    [b:24a31e6907]Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:02:22, on 16-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\Pixart\Pac7311\Monitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
    C:\Users\Rutger\AppData\Local\Temp\Adobelm_Cleanup.0001
    C:\Users\Rutger\AppData\Local\Temp\Adobelm_Cleanup.0001
    C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mar-px-01:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin
    pjpi160.dll
    O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?NL (file missing)
    O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos
    edirect-home?tag=Toshibaukbholink-21&site=home (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GSV - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\GSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: JGPPLMRDFTO - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe


    End of file - 9440 bytes
    [/b:24a31e6907] (ja IE stond nog aan)

    ik zie ook dat ineens de gratis toolbar ineens weer werkt… beetje vreemd
  • Start hijackthis doormiddel van rechtermuisknop en "Uitvoeren als Administrator" en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:1632d77d45]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {C993EEB5-1B02-4082-B133-96E8D81C5B6D} - (no file)
    O2 - BHO: TBSB04856 - {1C843FC6-99BE-4A11-B272-F693CB82865C} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra button: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll
    O9 - Extra 'Tools' menuitem: Gratis Producten Toolbar - {7F344356-6DF6-49DA-9A83-101ACBF6589B} - C:\Program Files\IEToolbar\Gratis Producten Toolbar\Gratiscondoom.dll[/b:1632d77d45]


    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    En voer daarna de 2e stap uit mijn vorige bericht uit, die had je namelijk overgeslagen.
  • Logje van del.dat:
    Deleting folders
    "C:\Program Files\IEToolbar\" not deleted


    logje Hijackthis na die stap:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:54:58, on 17-3-2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\Pixart\Pac7311\Monitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mar-px-01:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GSV - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\GSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: JGPPLMRDFTO - Sysinternals - www.sysinternals.com - C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe


    End of file - 7637 bytes

    weer geen gratistoolbar, die komt en die gaat?
    overigens, daarstrax weer een uitval van internet gehad, in elk geval krijg ik dan de laptop ook niet meer uitgeschakeld, heeel lang uitknop inhouden (20 seconden of langer) en accu eruit enigste methode
  • Misschien helpt het om wat geduldiger te zijn.


    Download GV Killer.exe.
    Zet het in een eigen map bijvoorbeeld in de map C:\Program Files\GV Killer en maak vervolgens een snelkoppeling van C:\Program Files\GV Killer\GV Killer.exe naar je bureaublad.
    Start GV Killer en gebruik Kopiëren en Plakken om de namen van onderstaande bestanden en mappen in het bestand C:\Program Files\GV Killer\input.txt te zetten.

    [b:4cef64e329]C:\Program Files\IEToolbar\ [/b:4cef64e329]

    Sluit het bestand C:\Program Files\GV Killer\input.txt en druk op de toets Start Killing om het programma te starten.
    Plaats de inhoud van het bestand C:\GV Killer.txt in je volgende bericht.



    Download [b:4cef64e329]Combofix[/color:4cef64e329][/b:4cef64e329] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:4cef64e329]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:4cef64e329]download Combofix opnieuw[/b:4cef64e329].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:4cef64e329][/i:4cef64e329][list:4cef64e329][*:4cef64e329]Dubbelklik op [b:4cef64e329]Combofix.exe[/b:4cef64e329] om het te starten.
    [*:4cef64e329][i:4cef64e329]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:4cef64e329]
    [*:4cef64e329]Klik op [b:4cef64e329]OK[/b:4cef64e329] in het "NirCmd" venstertje.
    [*:4cef64e329]Klik na afloop terug op [b:4cef64e329]Ja[/b:4cef64e329] om het scannen op malware te starten.
    [*:4cef64e329]Tijdens het runnen van de fix, [b:4cef64e329]NIET[/b:4cef64e329] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:4cef64e329]Wanneer de fix voltooid is en na herstart, zal de log [b:4cef64e329]Combofix.txt[/b:4cef64e329] openen.[/list:u:4cef64e329]Post dit logje in je volgende antwoord
  • inhoud gvkiller.txt:

    [b:f7e4911f09]
    Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen
    Rapport datum: 2009-03-18 08:19:12 log van Rutger , Beheerder van deze computer
    Platform: Windows Vista SP1 NLD Normale modus

    BEGIN Geplande taken—————————————————————–
    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\SCHEDLGU.TXT
    EINDE Geplande taken—————————————————————–


    Lijst Notify keys——————————————————————–
    HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify
    igfxcui igfxdev.dll
    Einde Notify keys——————————————————————–

    Verklaring Errorcodes—————————————————————-
    code 00 : Bestand is verwijderd.
    code 53 : Bestand of map werd niet gevonden op uw PC.
    code 70 : Bestand was in gebruik.
    code 75 : Services zijn nog geladen of bestand in gebruik.
    code M0 : Map is verwijderd.
    code ML : Map is volledig leeg gemaakt.
    code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
    code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
    code K0 : Register key is verwijderd.
    Einde Errorcodes——————————————————————–

    BEGIN Inhoud van Input.txt———————————————————–
    EINDE Inhoud van Input.txt———————————————————–

    EINDE Inhoud van Input.txt———————————————————–


    ;1289578-OEM-7332157-00237=1A2B3C4D19

    Logfile gv_killer_01.txt v7.0.9 - Copyright © GV_Soft Guido Vaesen
    Rapport datum: 2009-03-18 08:19:55 log van Rutger , Beheerder van deze computer
    Platform: Windows Vista SP1 NLD Normale modus

    BEGIN Geplande taken—————————————————————–
    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\SCHEDLGU.TXT
    EINDE Geplande taken—————————————————————–


    Lijst Notify keys——————————————————————–
    HKLM\software\microsoft\windows nt\currentversion\winlogon
    otify
    igfxcui igfxdev.dll
    Einde Notify keys——————————————————————–

    Verklaring Errorcodes—————————————————————-
    code 00 : Bestand is verwijderd.
    code 53 : Bestand of map werd niet gevonden op uw PC.
    code 70 : Bestand was in gebruik.
    code 75 : Services zijn nog geladen of bestand in gebruik.
    code M0 : Map is verwijderd.
    code ML : Map is volledig leeg gemaakt.
    code MN : Map werd niet gevonden op uw PC, is niet leeg gemaakt.
    code MV : Map werd niet gevonden op uw PC, is niet verwijderd.
    code K0 : Register key is verwijderd.
    Einde Errorcodes——————————————————————–

    BEGIN Inhoud van Input.txt———————————————————–
    C:\Program Files\IEToolbar\
    EINDE Inhoud van Input.txt———————————————————–

    53 C:\Program Files\IEToolbar\
    EINDE Inhoud van Input.txt———————————————————–


    ;5589578-OEM-7332157-00237=77PQF8E7S19

    ;EINDE GV_Killer ———————————————————————[/b:f7e4911f09]


    inhoud combofix.txt:
    [i:f7e4911f09]ComboFix 09-03-15.01 - Rutger 2009-03-17 17:01:47.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2039.1231 [GMT 1:00]
    Gestart vanuit: C:\Users\Rutger\Documents\ComboFix.exe
    FW: ZoneAlarm Firewall *enabled*
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\IEToolbar
    C:\Windows\system32\x64

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-17 to 2009-03-17 ))))))))))))))))))))))))))))))
    .

    2009-03-17 16:36 . 2009-03-17 16:39 <DIR> d——– C:\Program Files\GV_Killer
    2009-03-17 16:36 . 2004-03-08 23:00 152,848 –a—— C:\Windows\System32\COMDLG32.OCX
    2009-03-17 16:36 . 2001-09-07 11:00 59,904 –a—— C:\Windows\System32\wbemdisp.tlb
    2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d——– C:\Users\Rutger\AppData\Roaming\Malwarebytes
    2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d——– C:\Users\All Users\Malwarebytes
    2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d——– C:\ProgramData\Malwarebytes
    2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d——– C:\Program Files\Malwarebytes' Anti-Malware
    2009-03-17 09:30 . 2009-02-11 10:19 38,496 –a—— C:\Windows\System32\drivers\mbamswissarmy.sys
    2009-03-17 09:30 . 2009-02-11 10:19 15,504 –a—— C:\Windows\System32\drivers\mbam.sys
    2009-03-17 09:02 . 2009-03-17 09:02 410,984 –a—— C:\Windows\System32\deploytk.dll
    2009-03-16 16:01 . 2009-03-16 16:01 <DIR> d——– C:\Program Files\Trend Micro
    2009-03-16 09:38 . 2008-04-17 12:12 107,368 –a—— C:\Windows\System32\GEARAspi.dll
    2009-03-16 09:38 . 2009-01-15 12:19 23,848 –a—— C:\Windows\System32\drivers\GEARAspiWDM.sys
    2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d——– C:\Users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d——– C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d——– C:\Program Files\iTunes
    2009-03-16 09:37 . 2009-03-16 09:37 <DIR> d——– C:\Program Files\iPod
    2009-03-16 09:35 . 2009-03-16 09:36 <DIR> d——– C:\Program Files\QuickTime
    2009-03-16 09:31 . 2009-03-16 09:31 <DIR> d——– C:\Program Files\Bonjour
    2009-03-11 11:20 . 2009-02-09 04:10 2,033,152 –a—— C:\Windows\System32\win32k.sys
    2009-03-11 11:20 . 2008-11-27 05:43 268,288 –a—— C:\Windows\System32\schannel.dll
    2009-03-10 15:35 . 2009-03-03 16:51 15,688 –a—— C:\Windows\System32\lsdelete.exe
    2009-03-09 18:17 . 2009-03-09 18:17 <DIR> d——– C:\Program Files\Microsoft Silverlight
    2009-03-09 18:16 . 2008-12-16 04:29 8,147,456 –a—— C:\Windows\System32\wmploc.DLL
    2009-03-09 18:16 . 2008-12-16 06:31 7,680 –a—— C:\Windows\System32\spwmp.dll
    2009-03-09 18:16 . 2008-12-16 06:31 4,096 –a—— C:\Windows\System32\msdxm.ocx
    2009-03-09 18:16 . 2008-12-16 06:31 4,096 –a—— C:\Windows\System32\dxmasf.dll
    2009-03-03 16:51 . 2009-03-03 16:51 64,160 –a—— C:\Windows\System32\drivers\Lbd.sys
    2009-03-03 16:43 . 2009-03-03 16:51 <DIR> d——– C:\Users\All Users\Lavasoft
    2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d–h-c— C:\Users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-03-03 16:43 . 2009-03-03 16:51 <DIR> d——– C:\ProgramData\Lavasoft
    2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d–h-c— C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d——– C:\Program Files\Lavasoft
    2009-03-03 16:33 . 2009-03-03 16:34 <DIR> d——– C:\websymbols
    2009-02-25 11:42 . 2009-03-03 16:37 <DIR> d——– C:\Program Files\Debugging Tools for Windows (x86)
    2009-02-25 09:40 . 2009-03-05 14:51 250 –a—— C:\Windows\gmer.ini
    2009-02-25 09:36 . 2009-02-25 09:36 <DIR> d——– C:\Users\Rutger\Pavark
    2009-02-17 11:39 . 2009-02-17 11:39 <DIR> d——– C:\Program Files\Microsoft

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-17 15:49 348,371 —ha-w C:\Windows\system32\drivers\vsconfig.xml
    2009-03-17 08:02 ——— d—–w C:\Program Files\Java
    2009-03-16 08:37 ——— d—–w C:\Program Files\Common Files\Apple
    2009-03-11 16:01 ——— d—–w C:\Program Files\Windows Mail
    2009-03-10 14:31 ——— d—–w C:\Program Files\TOSHIBA
    2009-03-10 14:30 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2009-03-05 13:32 ——— d—–w C:\ProgramData\Symantec
    2009-03-05 13:32 ——— d—–w C:\Program Files\Common Files\Symantec Shared
    2009-03-05 13:28 ——— d—–w C:\Program Files\Symantec
    2009-03-04 13:01 390,576 —-a-w C:\Users\Rutger\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2009-03-02 08:05 ——— d—–w C:\Program Files\TeamViewer3
    2009-02-19 13:33 4,963,310 —-a-w C:\Windows\Internet Logs\tvDebug.Zip
    2009-02-14 18:42 ——— d—–w C:\Program Files\URS Mondial Top Scan (Fa.Köhrmann)
    2009-01-18 00:42 ——— d—–w C:\Program Files\Google
    2009-01-15 06:11 827,392 —-a-w C:\Windows\System32\wininet.dll
    2008-11-20 20:59 10,433 —-a-w C:\Program Files\uninstal.log
    2008-10-13 10:34 174 –sha-w C:\Program Files\desktop.ini
    2002-12-11 13:17 13,366,265 –s-a-w C:\Program Files\Encore Manual.pdf
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 22:33 1233920]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 09:32 435768]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-11-02 23:02 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 21:39 39408]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 22:33 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 15:19 861744]
    "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 11:48 577536]
    "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 12:05 571024]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 19:13 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 19:13 166424]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 19:13 133656]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
    "Monitor"="C:\Windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 10:01 319488]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 15:18 981904]
    "Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-03 16:51 515416]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 16:18 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-03-12 20:56 342312]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-17 09:02 148888]
    "NDSTray.exe"="NDSTray.exe" [BU]

    C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{AFDC7AA0-A841-4A91-8DD4-1D3D0F164959}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{2FBAEAC6-8EFB-4419-B936-76F7AB8D6E2E}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{6C7EE3C8-AC09-463B-BA1D-BC365C92EE76}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{71E976D4-F7C6-47A6-8ACD-0FA9FC689507}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "{D423C966-8221-40B1-AF31-098F0289DE89}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "TCP Query User{7762D7F2-0351-4F3E-A335-E79BE537B6C5}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
    "UDP Query User{0EB6F53B-7C87-4777-AC24-A71F436E70A5}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
    "TCP Query User{5D9699D5-A8B9-47B2-BD00-E35F0AA2F71F}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
    "UDP Query User{9044B3D2-60FA-4ED8-AA02-B51BBAF4C500}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar
    "{40FC9F88-2855-4EBA-A440-2874C918867D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
    "{5FE87909-AE92-4A80-B204-47D3A320F19E}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
    "{BFD1F2F8-AE16-4206-9D13-299E93842459}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
    "{A2C821FE-B88F-448B-BF3D-D4B3D140A27D}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
    "{4D2EC621-34AC-4A1E-B6F0-25DCEAED658B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{FE454C3B-FF99-4EF3-AC32-589BD9AA3A77}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{931C85DF-8B63-4387-9FA5-51A673A199C8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{B3E58F21-AB21-43EF-BC8C-A436A3B8C44E}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{BE89A468-A44C-4B3D-B0A3-F50B381EA6E1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{C283F33D-0A5D-4392-8666-50F242D08EFB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2009-03-03 16:51:21 64160]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 22:34:37 951632]
    R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 09:50:00 181544]
    S3 GSV;GSV;C:\Users\Rutger\AppData\Local\Temp\GSV.exe –> C:\Users\Rutger\AppData\Local\Temp\GSV.exe [?]
    S3 JGPPLMRDFTO;JGPPLMRDFTO;C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe –> C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe [?]
    S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers
    etr28u.sys [2007-12-14 17:16:34 570880]
    S3 PAC7311;VGA USB Camera;C:\Windows\System32\drivers\PA707UCM.SYS [2008-10-20 20:50:46 530304]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e3eb8bd-9f40-11dd-8f0a-001a92fbe007}]
    \shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-03-17 C:\Windows\Tasks\Ad-Aware Update (Weekly).job
    - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-03 16:51]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{7F344356-6DF6-49DA-9A83-101ACBF6589B} - (no file)


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uInternet Settings,ProxyServer = mar-px-01:8080
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    .[/i:f7e4911f09]
  • Zijn er nog problemen?
  • [quote:905b1d603b="Othuroyo"]Zijn er nog problemen?[/quote:905b1d603b]

    dat wacht ik even af, het kwam voorheen op willekeurige tijden voor, dus ik weet niet wat het nu gaat doen.

    edit: inmiddels weer een internet crash gehad, dus vervormde foto's vooraf en daarna geen sites meer, msn blijft draaien.

    in elk geval gaat het inloggen op windows niet zo makkelijk, soms nerges last van en soms duurt het nogal even voordattie hem ziet, kan op enter blijven drukken, maar het duurt dan altijd even voor hij hem accepteert.

    Ik wil eigenlijk mijn virusscanner er opnieuw opzetten, maar is het wel verstandig deze erop te zetten omdat die voorheen ook voor BSOD gaf toen ie nog werkte?

    Gaat om symantec antivirus 10.2.0.224 en de melding die in de logboeken van windows staat vlak voor de BSOD welke dus van de scanner afkwam:
    Auto-Protect Error: Auto-Protect is unable to block security risks.
  • Een andere virusscanner zou een optie kunnen zijn.


    Die internet crashen hoeven niet perse de gevolgen van malware te zijn.



    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:ef7c522747]ComboFix /U[/b:ef7c522747] typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt
  • bovenstaande gedaan, daarna even AVG free erop gezet, deze laten scannen, ad-aware laten scannen (vond 1 ding, gelijk verwijderd)

    Klein probleempje met avg free, op een of andere manier schakeld hij zijn eigen resident shield uit. Handmatig kan ik hem disable en vervolgens weer aanzetten, maar na een korte tijd of bijvoorbeeld bij het openen van IE schakelt ie zichzelf uit. Hij staat als active, maar geeft in het overzichtsscherm aan dat ie niet actief is.

    wat kan ik hier tegen doen? Ik heb verder nog geen problemen gehad nu op het moment
  • Hmm, ik denk dat dit echt specifiek een avg probleem is.
    Misschien kan je iets vinden op hun site?
  • [quote:3f0d89d207="Othuroyo"]Hmm, ik denk dat dit echt specifiek een avg probleem is.
    Misschien kan je iets vinden op hun site?[/quote:3f0d89d207]

    na reboot was de fout weg. Maar wat me wel opviel was dat bij symantec de autoprotect zorgde voor de BSOD, en AVG resident shield, is hetzelfde als de autoprotect, dus het lijkt me wel overeenkomstig?

    Tevens heb ik nu het probleem dat ik bijvoorbeeld op het C!T forum om de haverklap meldingen krijg van tracking cookies door avg, en als ik ze wil healen zegt ie dat het bestand niet meer bestaat

    cookies als doubleclick tracker e.d.
  • Plaats is een nieuw HijackThis logje samen met een ComboFix logje.
  • [i:20f5524bd1][b:20f5524bd1]hijackthislog:[/b:20f5524bd1][/i:20f5524bd1]
    Scan saved at 09:41:09, on 2009-03-19
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\Pixart\Pac7311\Monitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = mar-px-01:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GSV - Unknown owner - C:\Users\Rutger\AppData\Local\Temp\GSV.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: JGPPLMRDFTO - Unknown owner - C:\Users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe (file missing)
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe


    End of file - 7537 bytes

    [b:20f5524bd1]daarna combofix gedraait met deze log:[/b:20f5524bd1]
    ComboFix 09-03-15.01 - Rutger 2009-03-19 9:48:27.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1043.18.2039.1243 [GMT 1:00]
    Gestart vanuit: c:\users\Rutger\Documents\ComboFix.exe
    FW: ZoneAlarm Firewall *enabled*
    * Resident AV is active

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    .
    —- Voorgaande Run ——-
    .
    c:\program files\IEToolbar
    c:\windows\system32\x64

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-02-19 to 2009-03-19 ))))))))))))))))))))))))))))))
    .

    2009-03-18 20:52 . 2009-03-18 20:54 <DIR> d——– c:\windows\System32\SmitfraudFix
    2009-03-18 17:25 . 2009-03-19 08:07 <DIR> d——– c:\windows\System32\drivers\Avg
    2009-03-18 17:25 . 2009-03-18 17:25 325,640 –a—— c:\windows\System32\drivers\avgldx86.sys
    2009-03-18 17:25 . 2009-03-18 17:25 107,912 –a—— c:\windows\System32\drivers\avgtdix.sys
    2009-03-18 17:25 . 2009-03-18 17:25 10,520 –a—— c:\windows\System32\avgrsstx.dll
    2009-03-17 16:36 . 2009-03-18 16:46 <DIR> d——– c:\program files\GV_Killer
    2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d——– c:\users\Rutger\AppData\Roaming\Malwarebytes
    2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d——– c:\users\All Users\Malwarebytes
    2009-03-17 09:30 . 2009-03-17 09:30 <DIR> d——– c:\programdata\Malwarebytes
    2009-03-17 09:02 . 2009-03-17 09:02 410,984 –a—— c:\windows\System32\deploytk.dll
    2009-03-16 16:01 . 2009-03-16 16:01 <DIR> d——– c:\program files\Trend Micro
    2009-03-16 09:38 . 2008-04-17 12:12 107,368 –a—— c:\windows\System32\GEARAspi.dll
    2009-03-16 09:38 . 2009-01-15 12:19 23,848 –a—— c:\windows\System32\drivers\GEARAspiWDM.sys
    2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d——– c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d——– c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    2009-03-16 09:37 . 2009-03-16 09:38 <DIR> d——– c:\program files\iTunes
    2009-03-16 09:37 . 2009-03-16 09:37 <DIR> d——– c:\program files\iPod
    2009-03-16 09:35 . 2009-03-16 09:36 <DIR> d——– c:\program files\QuickTime
    2009-03-16 09:31 . 2009-03-16 09:31 <DIR> d——– c:\program files\Bonjour
    2009-03-11 11:20 . 2009-02-09 04:10 2,033,152 –a—— c:\windows\System32\win32k.sys
    2009-03-11 11:20 . 2008-11-27 05:43 268,288 –a—— c:\windows\System32\schannel.dll
    2009-03-10 15:35 . 2009-03-03 16:51 15,688 –a—— c:\windows\System32\lsdelete.exe
    2009-03-09 18:17 . 2009-03-09 18:17 <DIR> d——– c:\program files\Microsoft Silverlight
    2009-03-09 18:16 . 2008-12-16 04:29 8,147,456 –a—— c:\windows\System32\wmploc.DLL
    2009-03-09 18:16 . 2008-12-16 06:31 7,680 –a—— c:\windows\System32\spwmp.dll
    2009-03-09 18:16 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\msdxm.ocx
    2009-03-09 18:16 . 2008-12-16 06:31 4,096 –a—— c:\windows\System32\dxmasf.dll
    2009-03-03 16:51 . 2009-03-03 16:51 64,160 –a—— c:\windows\System32\drivers\Lbd.sys
    2009-03-03 16:43 . 2009-03-03 16:51 <DIR> d——– c:\users\All Users\Lavasoft
    2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d–h-c— c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-03-03 16:43 . 2009-03-03 16:51 <DIR> d——– c:\programdata\Lavasoft
    2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d–h-c— c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-03-03 16:43 . 2009-03-03 16:43 <DIR> d——– c:\program files\Lavasoft
    2009-03-03 16:33 . 2009-03-03 16:34 <DIR> d——– C:\websymbols
    2009-02-25 11:42 . 2009-03-03 16:37 <DIR> d——– c:\program files\Debugging Tools for Windows (x86)
    2009-02-25 09:40 . 2009-03-05 14:51 250 –a—— c:\windows\gmer.ini
    2009-02-25 09:36 . 2009-02-25 09:36 <DIR> d——– c:\users\Rutger\Pavark

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-19 08:32 348,371 —ha-w c:\windows\system32\drivers\vsconfig.xml
    2009-03-18 16:25 ——— d—–w c:\programdata\Avg8
    2009-03-18 10:14 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-03-18 10:12 ——— d—–w c:\program files\TOSHIBA
    2009-03-18 10:12 ——— d—–w c:\program files\eWs
    2009-03-18 10:11 ——— d—–w c:\programdata\Ulead Systems
    2009-03-18 10:11 ——— d—–w c:\program files\Common Files\Ulead Systems
    2009-03-17 08:02 ——— d—–w c:\program files\Java
    2009-03-16 08:37 ——— d—–w c:\program files\Common Files\Apple
    2009-03-11 16:01 ——— d—–w c:\program files\Windows Mail
    2009-03-05 13:32 ——— d—–w c:\programdata\Symantec
    2009-03-05 13:32 ——— d—–w c:\program files\Common Files\Symantec Shared
    2009-03-05 13:28 ——— d—–w c:\program files\Symantec
    2009-03-04 13:01 390,576 —-a-w c:\users\Rutger\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2009-03-02 08:05 ——— d—–w c:\program files\TeamViewer3
    2009-02-19 13:33 4,963,310 —-a-w c:\windows\Internet Logs\tvDebug.Zip
    2009-02-17 10:39 ——— d—–w c:\program files\Microsoft
    2009-01-15 06:11 827,392 —-a-w c:\windows\System32\wininet.dll
    2008-11-20 20:59 10,433 —-a-w c:\program files\uninstal.log
    2008-10-13 10:34 174 –sha-w c:\program files\desktop.ini
    2002-12-11 13:17 13,366,265 –s-a-w c:\program files\Encore Manual.pdf
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-17_17.14.57,10 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-03-17 15:49:22 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-03-19 08:32:39 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-03-17 15:49:22 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2009-03-19 08:32:39 2,048 –sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-03-17 16:14:22 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-03-19 08:33:46 262,144 –sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-03-19 08:33:46 262,144 —ha-w c:\windows\ServiceProfiles\LocalService
    tuser.dat.LOG1
    - 2009-03-17 16:14:17 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-03-19 08:34:24 262,144 –sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-03-19 08:34:24 262,144 —ha-w c:\windows\ServiceProfiles\NetworkService
    tuser.dat.LOG1
    - 2009-03-17 15:51:01 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-03-19 08:33:06 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-03-17 15:51:01 49,152 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-03-19 08:33:06 49,152 –sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-03-17 15:51:01 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-19 08:33:06 16,384 –sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-03-18 16:25:19 27,656 —-a-w c:\windows\System32\drivers\avgmfx86.sys
    + 2008-08-18 10:19:03 82,432 —-a-w c:\windows\System32\SmitfraudFix\404Fix.exe
    + 2008-12-11 23:57:43 78,336 —-a-w c:\windows\System32\SmitfraudFix\Agent.OMZ.Fix.exe
    + 2008-08-07 14:27:22 4,080 —-a-w c:\windows\System32\SmitfraudFix\beep_2K_original.sys
    + 2001-08-28 12:00:00 4,224 —-a-w c:\windows\System32\SmitfraudFix\beep_XP_original.sys
    + 2004-07-31 16:50:36 51,200 —-a-w c:\windows\System32\SmitfraudFix\dumphive.exe
    + 2007-08-21 06:00:06 1,536 —-a-w c:\windows\System32\SmitfraudFix\exit.exe
    + 2008-07-22 10:27:17 82,432 —-a-w c:\windows\System32\SmitfraudFix\GenericRenosFix.exe
    + 2008-12-15 21:44:04 77,824 —-a-w c:\windows\System32\SmitfraudFix\HostsChk.exe
    + 2008-11-29 16:58:21 82,944 —-a-w c:\windows\System32\SmitfraudFix\IEDFix.C.exe
    + 2008-05-18 19:40:35 82,944 —-a-w c:\windows\System32\SmitfraudFix\IEDFix.exe
    + 2008-09-20 10:45:23 80,384 —-a-w c:\windows\System32\SmitfraudFix\o4Patch.exe
    + 2008-05-27 21:17:49 3,584 —-a-w c:\windows\System32\SmitfraudFix\Policies.exe
    + 2003-06-05 19:13:00 53,248 —-a-w c:\windows\System32\SmitfraudFix\Process.exe
    + 2008-09-03 09:39:15 24,576 —-a-w c:\windows\System32\SmitfraudFix\Reboot.exe
    + 2006-03-07 20:45:34 16,384 —-a-w c:\windows\System32\SmitfraudFix\restart.exe
    + 2009-03-18 13:40:00 2,130,007 —-a-w c:\windows\System32\SmitfraudFix\SmitfraudFix.cmd
    + 2006-09-19 20:13:00 20,480 —-a-w c:\windows\System32\SmitfraudFix\SmiUpdate.exe
    + 2006-04-27 15:49:30 288,417 —-a-w c:\windows\System32\SmitfraudFix\SrchSTS.exe
    + 2006-08-29 17:43:54 135,168 —-a-w c:\windows\System32\SmitfraudFix\swreg.exe
    + 2006-01-09 08:36:06 40,960 —-a-w c:\windows\System32\SmitfraudFix\swsc.exe
    + 2006-12-01 04:20:32 79,360 —-a-w c:\windows\System32\SmitfraudFix\swxcacls.exe
    + 2008-03-02 21:38:24 77,312 —-a-w c:\windows\System32\SmitfraudFix\UIFix.exe
    + 2006-09-14 22:34:48 167,936 —-a-w c:\windows\System32\SmitfraudFix\unzip.exe
    + 2008-10-01 13:51:40 87,552 —-a-w c:\windows\System32\SmitfraudFix\VACFix.exe
    + 2007-09-05 22:22:23 289,144 —-a-w c:\windows\System32\SmitfraudFix\VCCLSID.exe
    + 2007-10-03 22:36:46 25,600 —-a-w c:\windows\System32\SmitfraudFix\WS2Fix.exe
    - 2009-03-17 15:55:32 12,262 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3765967472-2820930978-3669778308-1000_UserData.bin
    + 2009-03-19 08:34:42 12,734 —-a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3765967472-2820930978-3669778308-1000_UserData.bin
    - 2009-03-17 15:55:31 68,068 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-19 08:34:42 68,694 —-a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-03-17 16:16:54 2,598 —-a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
    - 2009-03-17 15:55:30 43,456 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-03-18 15:56:21 43,528 —-a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-16 435768]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-11-02 5724184]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 39408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-13 861744]
    "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
    "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-03 515416]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 148888]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-18 1932568]
    "NDSTray.exe"="NDSTray.exe" [BU]

    c:\users\Rutger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{AFDC7AA0-A841-4A91-8DD4-1D3D0F164959}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{2FBAEAC6-8EFB-4419-B936-76F7AB8D6E2E}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{6C7EE3C8-AC09-463B-BA1D-BC365C92EE76}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
    "{71E976D4-F7C6-47A6-8ACD-0FA9FC689507}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "{D423C966-8221-40B1-AF31-098F0289DE89}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
    "TCP Query User{7762D7F2-0351-4F3E-A335-E79BE537B6C5}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
    "UDP Query User{0EB6F53B-7C87-4777-AC24-A71F436E70A5}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
    "TCP Query User{5D9699D5-A8B9-47B2-BD00-E35F0AA2F71F}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
    "UDP Query User{9044B3D2-60FA-4ED8-AA02-B51BBAF4C500}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
    "{40FC9F88-2855-4EBA-A440-2874C918867D}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
    "{5FE87909-AE92-4A80-B204-47D3A320F19E}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
    "{BFD1F2F8-AE16-4206-9D13-299E93842459}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
    "{A2C821FE-B88F-448B-BF3D-D4B3D140A27D}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
    "{4D2EC621-34AC-4A1E-B6F0-25DCEAED658B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{FE454C3B-FF99-4EF3-AC32-589BD9AA3A77}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{931C85DF-8B63-4387-9FA5-51A673A199C8}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{B3E58F21-AB21-43EF-BC8C-A436A3B8C44E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{BE89A468-A44C-4B3D-B0A3-F50B381EA6E1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{C283F33D-0A5D-4392-8666-50F242D08EFB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{C29FDEB1-2DB0-4133-80AF-EE7814A22A35}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
    "{5058EC18-D5EA-4411-96DB-38FEB983507F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{B144F174-E9BA-4046-9BC2-4F59A5BE789B}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-03-03 64160]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-03-18 325640]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-03-18 107912]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-18 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-18 298264]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
    R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]
    S3 GSV;GSV;c:\users\Rutger\AppData\Local\Temp\GSV.exe –> c:\users\Rutger\AppData\Local\Temp\GSV.exe [?]
    S3 JGPPLMRDFTO;JGPPLMRDFTO;c:\users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe –> c:\users\Rutger\AppData\Local\Temp\JGPPLMRDFTO.exe [?]
    S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers
    etr28u.sys [2007-12-14 570880]
    S3 PAC7311;VGA USB Camera;c:\windows\System32\drivers\PA707UCM.SYS [2008-10-20 530304]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e3eb8bd-9f40-11dd-8f0a-001a92fbe007}]
    \shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-03 16:51]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    WebBrowser-{7F344356-6DF6-49DA-9A83-101ACBF6589B} - (no file)


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uInternet Settings,ProxyServer = mar-px-01:8080
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-19 11:25:22
    Windows 6.0.6001 Service Pack 1 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????m_>????X?E???E???E???E?

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-03-19 11:27:39
    ComboFix-quarantined-files.txt 2009-03-19 10:27:36

    Pre-Run: 43,007,840,256 bytes beschikbaar
    Post-Run: 43,593,822,208 bytes beschikbaar

    Current=1 Default=1 Failed=0 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
    269 — E O F — 2009-03-11 16:01:11
  • geen reactie meer? betekend dit dat alles in orde zou moeten zijn?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.