Mededeling

Collapse
No announcement yet.

Ik kan mijn achtergrond niet meer veranderen

Collapse
X
Collapse
  •  
  • Page of 1
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Ik kan mijn achtergrond niet meer veranderen

    Ik heb een tijdje geleden een heleboel virussen, spyware en malware op mijn pc binnengekregen. Die heb ik met behulp van Hitman-Pro weggekregen. Tijdens de infectie was ik niet meer in staat om mijn achtergrond te veranderen of te zien. ik kon echter wel de achtergrondkleur veranderen.

    Maar zoals ik al zei is de infectie verwijderd (of bijna dan) want ik ben nog steeds niet in staat om mijn achtergrond te veranderen via rechtermuisklik bureaublad => eigenschappen => Bureaublad => achtergrond. Ik kan mijn huidige bureaublad nu wel zien maar dat is alles.

    Ik ben toen het internet opgegaan om hulp te zoeken (www.helpmij.nl) alles wat gerelateerd was aab dit onderwerp heb ik gelezen en de oplossingen geprobeerd en niets werkte toen heb ik HijackThis gedownload zoals de site adviseerde.
    Dit is mijn laatste hoop anders ga ik windows opnieuw installeren.
    Ik plak ook het rapport van HijackThis in dit bericht.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:40:56, on 30-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Norman\Nvc\BIN\Zanda.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\DOCUME~1\Timothy\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\MICROS~3\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Timothy\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 66.98.136.25 auto.search.msn.es
    O1 - Hosts: 82.98.86.161 lotterybusiness.cn
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - (no file)
    O2 - BHO: (no name) - {436BB1BA-2670-E517-F753-036968A4205F} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {F537C9D9-1DBF-45A3-8CA7-B4D3BBC05559} - (no file)
    O2 - BHO: (no name) - {F9E06D65-87DC-4B0D-8728-1E6162296F01} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ejmzonmj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ejmzonmj.dll"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [ozcfkvuf] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ozcfkvuf.dll"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C9C9A.dat
    O20 - Winlogon Notify: rqwyakft - rqwyakft.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 9755 bytes
    Labels: Geen
      • Citaat
    • #2
      Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
      O2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - (no file)
      O2 - BHO: (no name) - {436BB1BA-2670-E517-F753-036968A4205F} - (no file)
      O2 - BHO: (no name) - {F537C9D9-1DBF-45A3-8CA7-B4D3BBC05559} - (no file)
      O2 - BHO: (no name) - {F9E06D65-87DC-4B0D-8728-1E6162296F01} - (no file)
      O4 - HKLM\..\Run: [ejmzonmj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ejmzonmj.dll"
      O4 - HKLM\..\Run: [ozcfkvuf] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ozcfkvuf.dll"
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C9C9A.dat
      O20 - Winlogon Notify: rqwyakft - rqwyakft.dll (file missing)
      Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.


      Download Combofix naar je Bureaublad.
      Dubbelklik op Combofix.exe
      Kies voor "Continue" door 1 te typen gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats deze log in je volgende post.

      NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
        • Citaat

        Comment

        • #3
          bij deze het bericht na het rebooten van mijn computer.

          ----------------RVAXO.exe first run-------------

          Files found:

          C:\Documents and Settings\Timothy\ResErrors.log
          C:\WINDOWS\system32\mcrh.tmp

          Uninstallers Rogue scanners:


          Folders Found:

          C:\Documents and Settings\All Users\Application Data\SalesMonitor

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------

          Files found:

          Folders Found:

          --------------RVAXO.exe finished----------------
            • Citaat

            Comment

            • #4
              bij deze de logfile van combofix.

              ComboFix 07-12-30.3 - Timothy 2007-12-30 21:13:19.1 - NTFSx86
              Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1544 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Timothy\Bureaublad\ComboFix.exe
              * Nieuw herstelpunt werd aangemaakt
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Documents and Settings\Gast\Application Data\BestsellerAntivirus
              C:\Documents and Settings\Gast\Application Data\BestsellerAntivirus\Logs\av.log
              C:\Documents and Settings\Gast\Application Data\BestsellerAntivirus\Logs\update.log
              C:\Documents and Settings\Gast\ResErrors.log
              C:\Documents and Settings\Timothy\Application Data\macromedia\Flash Player\#SharedObjects\ANG679MN\iforex.com
              C:\Documents and Settings\Timothy\Application Data\macromedia\Flash Player\#SharedObjects\ANG679MN\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
              C:\Documents and Settings\Timothy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
              C:\Documents and Settings\Timothy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
              C:\WINDOWS\2.exe
              C:\WINDOWS\cookies.ini
              C:\WINDOWS\system32\drivers\npf.sys
              C:\WINDOWS\system32\jwjpivus.ini
              C:\WINDOWS\system32\nuinopsd
              C:\WINDOWS\system32\nuinopsd\bg1.gif
              C:\WINDOWS\system32\nuinopsd\bgtop.gif
              C:\WINDOWS\system32\nuinopsd\bottom1.gif
              C:\WINDOWS\system32\nuinopsd\essentials.gif
              C:\WINDOWS\system32\nuinopsd\icon1.ico
              C:\WINDOWS\system32\nuinopsd\install1.gif
              C:\WINDOWS\system32\nuinopsd\left1.gif
              C:\WINDOWS\system32\nuinopsd\li.gif
              C:\WINDOWS\system32\nuinopsd\logo.gif
              C:\WINDOWS\system32\nuinopsd\main.htm
              C:\WINDOWS\system32\nuinopsd\mainframe.htm
              C:\WINDOWS\system32\nuinopsd\reinstall1.gif
              C:\WINDOWS\system32\nuinopsd\right1.gif
              C:\WINDOWS\system32\nuinopsd\s1.htm
              C:\WINDOWS\system32\nuinopsd\s2.htm
              C:\WINDOWS\system32\nuinopsd\s3.htm
              C:\WINDOWS\system32\nuinopsd\SMTop1.gif
              C:\WINDOWS\system32\nuinopsd\SMTop2.gif
              C:\WINDOWS\system32\nuinopsd\SMTop3.gif
              C:\WINDOWS\system32\nuinopsd\SMTop4.gif
              C:\WINDOWS\system32\nuinopsd\soft1_off.gif
              C:\WINDOWS\system32\nuinopsd\soft1_off_ext.gif
              C:\WINDOWS\system32\nuinopsd\soft1_on.gif
              C:\WINDOWS\system32\nuinopsd\soft1_on_ext.gif
              C:\WINDOWS\system32\nuinopsd\soft2_off.gif
              C:\WINDOWS\system32\nuinopsd\soft2_off_ext.gif
              C:\WINDOWS\system32\nuinopsd\soft2_on.gif
              C:\WINDOWS\system32\nuinopsd\soft2_on_ext.gif
              C:\WINDOWS\system32\nuinopsd\soft3_off.gif
              C:\WINDOWS\system32\nuinopsd\soft3_off_ext.gif
              C:\WINDOWS\system32\nuinopsd\soft3_on.gif
              C:\WINDOWS\system32\nuinopsd\soft3_on_ext.gif
              C:\WINDOWS\system32\nuinopsd\softbottom_off.gif
              C:\WINDOWS\system32\nuinopsd\softbottom_on.gif
              C:\WINDOWS\system32\nuinopsd\softleft_off.gif
              C:\WINDOWS\system32\nuinopsd\softleft_on.gif
              C:\WINDOWS\system32\nuinopsd\top1.gif
              C:\WINDOWS\system32\nuinopsd\top2.gif
              C:\WINDOWS\system32\nuinopsd\turnoff1.gif
              C:\WINDOWS\system32\nuinopsd\turnon1.gif
              C:\WINDOWS\system32\packet.dll
              C:\WINDOWS\system32\wpcap.dll
              C:\WINDOWS\system32\xyadd.ini

              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

              .
              -------\LEGACY_NPF
              -------\NPF


              (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))
              .

              2007-12-30 19:08 . 2007-12-30 19:08 <DIR> d-------- C:\RVAXO
              2007-12-30 19:00 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
              2007-12-30 19:00 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
              2007-12-30 01:30 . 2007-12-30 01:31 <DIR> d-------- C:\Program Files\Winamp
              2007-12-30 01:30 . 2007-12-30 01:31 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Winamp
              2007-12-30 00:59 . 2007-12-30 00:57 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
              2007-12-30 00:57 . 2007-12-30 01:05 <DIR> d-------- C:\Documents and Settings\Timothy\.housecall6.6
              2007-12-20 19:20 . 2007-12-20 19:20 <DIR> d-------- C:\Program Files\GameSpy
              2007-12-20 19:19 . 2007-12-20 19:19 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
              2007-12-14 23:41 . 2007-12-14 23:41 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\InstallShield
              2007-12-10 00:16 . 2007-12-29 15:00 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\AVG7
              2007-12-10 00:15 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
              2007-12-10 00:15 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
              2007-12-10 00:15 . 2007-12-10 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
              2007-12-09 16:04 . 2007-12-09 16:04 <DIR> d-------- C:\Program Files\Common Files\HP
              2007-12-09 16:02 . 2007-12-09 16:02 <DIR> d-------- C:\Program Files\Hewlett-Packard
              2007-12-09 15:40 . 2007-12-09 16:49 68,642 --a------ C:\WINDOWS\hpoins05.dat
              2007-12-09 15:40 . 2004-12-14 19:06 19,696 --------- C:\WINDOWS\hpomdl05.dat
              2007-12-09 15:12 . 2007-12-09 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
              2007-12-08 15:58 . 2007-12-08 15:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
              2007-12-08 15:58 . 2007-12-08 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
              2007-12-08 15:58 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
              2007-12-08 15:58 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
              2007-12-08 15:58 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
              2007-12-08 15:57 . 2007-12-08 15:57 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Webroot
              2007-12-07 19:28 . 2007-12-07 19:28 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Lavasoft
              2007-12-07 18:54 . 2007-12-23 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2007-12-07 18:53 . 2007-12-23 18:48 <DIR> d-------- C:\Program Files\SpywareBlaster
              2007-12-07 18:53 . 2007-12-07 18:53 <DIR> d-------- C:\Program Files\Lavasoft
              2007-12-07 18:52 . 2007-12-07 18:52 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
              2007-12-07 18:52 . 2007-12-07 18:52 298,104 --a------ C:\WINDOWS\system32\imon.dll
              2007-12-07 18:52 . 2007-12-07 18:52 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
              2007-12-07 18:50 . 2007-12-23 18:48 <DIR> d-------- C:\Temp
              2007-12-07 18:50 . 2007-12-07 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
              2007-12-07 18:33 . 2007-12-07 18:33 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
              2007-12-07 18:33 . 2007-12-30 21:19 <DIR> d-------- C:\Program Files\Hitman Pro
              2007-12-07 17:48 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
              2007-12-05 22:39 . 2007-12-05 22:39 <DIR> d-------- C:\Program Files\Webroot
              2007-12-05 22:39 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
              2007-12-05 21:02 . 2007-12-05 21:03 <DIR> dr-h----- C:\Documents and Settings\LocalService\Onlangs geopend
              2007-12-05 21:02 . 2007-12-05 21:03 <DIR> dr------- C:\Documents and Settings\LocalService\Mijn documenten
              2007-12-05 21:02 . 2007-12-05 21:02 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
              2007-12-05 21:02 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
              2007-12-05 18:10 . 2007-12-05 21:03 6,909 ---hs---- C:\WINDOWS\system32\mlnmp.ini
              2007-12-05 17:59 . 2007-12-10 01:26 <DIR> d-------- C:\WINDOWS\system32\gjisfclw
              2007-11-28 18:23 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
              2007-11-28 18:22 . 2007-11-28 18:23 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
              2007-11-28 18:20 . 2007-11-28 18:20 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
              2007-11-25 01:57 . 2007-11-27 18:00 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
              2007-11-23 19:50 . 2007-11-23 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
              2007-11-22 22:46 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
              2007-11-22 22:46 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
              2007-11-22 22:46 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
              2007-11-22 22:45 . 2007-12-20 19:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
              2007-11-22 22:45 . 2007-12-20 19:19 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
              2007-11-22 22:45 . 2007-12-20 19:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
              2007-11-22 22:45 . 2007-12-20 19:19 22,328 --a------ C:\Documents and Settings\Timothy\Application Data\PnkBstrK.sys
              2007-11-22 22:45 . 2007-11-22 22:45 319 --a------ C:\WINDOWS\game.ini
              2007-11-19 10:05 . 2007-11-20 20:02 257,024 --a------ C:\WINDOWS\system32\ndt2.sys
              2007-11-06 17:54 . 2007-11-06 17:54 <DIR> d-------- C:\WINDOWS\system32\Futuremark
              2007-11-06 17:54 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
              2007-11-06 17:54 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
              2007-11-06 17:54 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
              2007-11-06 17:54 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
              2007-11-02 06:46 . 2007-12-05 18:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2007-12-29 23:13 --------- d-----w C:\Program Files\ui
              2007-12-20 18:03 --------- d-----w C:\Program Files\Electronic Arts
              2007-12-14 23:07 --------- d-----w C:\Documents and Settings\Timothy\Application Data\uTorrent
              2007-12-14 23:01 --------- d-----w C:\Program Files\Common Files\Sonic Shared
              2007-12-14 23:01 --------- d-----w C:\Program Files\Common Files\Roxio Shared
              2007-12-14 22:58 --------- d-----w C:\Program Files\ResChanger 2005
              2007-12-14 22:58 --------- d-----w C:\Program Files\LimeWire
              2007-12-14 22:58 --------- d-----w C:\Program Files\DivX
              2007-12-14 22:58 --------- d-----w C:\Program Files\Counter-Strike Source
              2007-12-14 22:58 --------- d-----w C:\Program Files\AutoUnpack
              2007-12-14 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
              2007-12-14 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2007-12-14 22:40 --------- d-----w C:\Program Files\Ahead
              2007-12-07 17:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
              2007-11-28 16:02 --------- d-----w C:\Program Files\HP
              2007-11-22 14:45 --------- d-----w C:\Documents and Settings\Timothy\Application Data\Autodesk
              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
              2007-11-06 16:56 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
              2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
              2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
              2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
              2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
              2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
              2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
              2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
              2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
              2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
              2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
              2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
              2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
              2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
              2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
              2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
              2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
              2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
              2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
              2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
              2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
              2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
              2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
              2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
              2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
              2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
              2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
              2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
              2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
              2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
              2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
              2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
              2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
              2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
              2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
              2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
              2007-09-16 23:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
              2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
              2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
              2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
              2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
              2007-09-16 23:07 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
              2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
              2007-09-16 23:07 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
              2007-09-16 23:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
              2007-09-16 23:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
              2007-09-16 23:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
              2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
              2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
              2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
              2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
              2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
              2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
              2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
              2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
              2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
              2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
              2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
              2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
              2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
              2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
              2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
              2007-09-16 23:07 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
              2007-09-16 23:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
              2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
              2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
              2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
              2007-09-16 23:07 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
              2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
              2007-09-16 23:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
              2007-09-16 23:07 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
              2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
              2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
              2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
              2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
              2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
              2007-09-16 23:07 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
              2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
              2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
              2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
              2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
              2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
              2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
              2006-07-20 22:56 88 --sh--r C:\WINDOWS\system32\0BFA6C5EBE.sys
              2006-06-25 22:15 56 --sh--r C:\WINDOWS\system32\BE5E6CFA0B.sys
              2006-07-20 22:56 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
              "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 33792 C:\WINDOWS\system32\rundll32.exe]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
              "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
              "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
              "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
              "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
              "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
              "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
              "P17Helper"="SPIRun.dll" [2006-07-03 05:43 10752 C:\WINDOWS\system32\SPIRun.dll]
              "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 09:56 122880]
              "nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
              "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 33792 C:\WINDOWS\system32\rundll32.exe]
              "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-07 18:52 949376]
              "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]
              "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
              "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
              "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-10 00:15 219136]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
              "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy^Menu Start^Programma's^Opstarten^Registration Ghost Recon Advanced Warfighter.LNK]
              path=C:\Documents and Settings\Timothy\Menu Start\Programma's\Opstarten\Registration Ghost Recon Advanced Warfighter.LNK
              backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy^Menu Start^Programma's^Opstarten^Registration Tom Clancy's Rainbow Six]
              path=C:\Documents and Settings\Timothy\Menu Start\Programma's\Opstarten\Registration Tom Clancy's Rainbow Six
              backup=C:\WINDOWS\pss\Registration Tom Clancy's Rainbow SixStartup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
              Rundll32 CTMBHA.DLL,MBMon

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
              nwiz.exe /install

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
              C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
              2000-05-11 01:00 90112 --------- C:\WINDOWS\UpdReg.EXE

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
              "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
              "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
              "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
              "Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe"
              "Steam"="c:\program files\valve\steam\steam.exe" -silent
              "ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe"

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
              "CTRegRun"=C:\WINDOWS\CTRegRun.EXE
              "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE"
              "CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
              "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
              "Norman ZANDA"="C:\Norman\Nvc\BIN\ZLH.EXE" /LOAD /SPLASH
              "lwxopqds"="rundll32.exe" "C:\Program Files\lwxopqds\vwbyhqpk.dll",Init
              "bc018185"="rundll32.exe" "C:\WINDOWS\system32\suvipjwj.dll",b
              "SC2"="C:\Program Files\SecCenter\scprot4.exe"
              "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall

              R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
              R3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys [2006-09-25 10:58]
              R3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys [2006-10-12 01:54]
              S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 14:38]
              S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 14:38]
              S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 14:38]

              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
              UxTuneUp

              .
              Inhoud van de 'Gedeelde Taken' map
              "2007-12-21 21:49:49 C:\WINDOWS\Tasks\Easy Onderhoud.job"
              - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
              "2007-12-30 19:00:00 C:\WINDOWS\Tasks\HPpromotions psc 1600 series.job"
              - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
              .
              **************************************************************************

              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2007-12-30 21:20:42
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              --------------------- DLLs Loaded Under Running Processes ---------------------

              PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
              -> C:\Program Files\Eset\pr_imon.dll
              .
              Voltooingstijd: 2007-12-30 21:23:36 - machine was rebooted
              C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 20:23:27
              .
              2007-12-24 15:00:58 --- E O F ---
                • Citaat

                Comment

                • #5
                  Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

                  Download de bijlage: CFScript.txt

                  Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                  Dit zal ComboFix doen herstarten.
                  Start opnieuw op als daarom gevraagd wordt,
                  en post de inhoud van de Combofix.txt in je volgende antwoord.
                  Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt
                  Bijgevoegde Bestanden
                    • Citaat

                    Comment

                    • #6
                      bij deze de log van combofix:

                      ComboFix 07-12-30.3 - Timothy 2007-12-30 23:03:22.2 - NTFSx86
                      Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1485 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\Timothy\Bureaublad\ComboFix.exe
                      Command switches used :: C:\Documents and Settings\Timothy\Bureaublad\cfscript.txt
                      * Nieuw herstelpunt werd aangemaakt

                      FILE
                      C:\WINDOWS\system32\mlnmp.ini
                      .

                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      C:\WINDOWS\system32\gjisfclw
                      C:\WINDOWS\system32\gjisfclw\bg1.gif
                      C:\WINDOWS\system32\gjisfclw\bgtop.gif
                      C:\WINDOWS\system32\gjisfclw\bottom1.gif
                      C:\WINDOWS\system32\gjisfclw\essentials.gif
                      C:\WINDOWS\system32\gjisfclw\icon1.ico
                      C:\WINDOWS\system32\gjisfclw\install1.gif
                      C:\WINDOWS\system32\gjisfclw\left1.gif
                      C:\WINDOWS\system32\gjisfclw\li.gif
                      C:\WINDOWS\system32\gjisfclw\logo.gif
                      C:\WINDOWS\system32\gjisfclw\main.htm
                      C:\WINDOWS\system32\gjisfclw\mainframe.htm
                      C:\WINDOWS\system32\gjisfclw\reinstall1.gif
                      C:\WINDOWS\system32\gjisfclw\right1.gif
                      C:\WINDOWS\system32\gjisfclw\s1.htm
                      C:\WINDOWS\system32\gjisfclw\s2.htm
                      C:\WINDOWS\system32\gjisfclw\s3.htm
                      C:\WINDOWS\system32\gjisfclw\SMTop1.gif
                      C:\WINDOWS\system32\gjisfclw\SMTop2.gif
                      C:\WINDOWS\system32\gjisfclw\SMTop3.gif
                      C:\WINDOWS\system32\gjisfclw\SMTop4.gif
                      C:\WINDOWS\system32\gjisfclw\soft1_off.gif
                      C:\WINDOWS\system32\gjisfclw\soft1_off_ext.gif
                      C:\WINDOWS\system32\gjisfclw\soft1_on.gif
                      C:\WINDOWS\system32\gjisfclw\soft1_on_ext.gif
                      C:\WINDOWS\system32\gjisfclw\soft2_off.gif
                      C:\WINDOWS\system32\gjisfclw\soft2_off_ext.gif
                      C:\WINDOWS\system32\gjisfclw\soft2_on.gif
                      C:\WINDOWS\system32\gjisfclw\soft2_on_ext.gif
                      C:\WINDOWS\system32\gjisfclw\soft3_off.gif
                      C:\WINDOWS\system32\gjisfclw\soft3_off_ext.gif
                      C:\WINDOWS\system32\gjisfclw\soft3_on.gif
                      C:\WINDOWS\system32\gjisfclw\soft3_on_ext.gif
                      C:\WINDOWS\system32\gjisfclw\softbottom_off.gif
                      C:\WINDOWS\system32\gjisfclw\softbottom_on.gif
                      C:\WINDOWS\system32\gjisfclw\softleft_off.gif
                      C:\WINDOWS\system32\gjisfclw\softleft_on.gif
                      C:\WINDOWS\system32\gjisfclw\top1.gif
                      C:\WINDOWS\system32\gjisfclw\top2.gif
                      C:\WINDOWS\system32\gjisfclw\turnoff1.gif
                      C:\WINDOWS\system32\gjisfclw\turnon1.gif
                      C:\WINDOWS\system32\mlnmp.ini

                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))
                      .

                      2007-12-30 01:30 . 2007-12-30 01:31 <DIR> d-------- C:\Program Files\Winamp
                      2007-12-30 01:30 . 2007-12-30 01:31 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Winamp
                      2007-12-30 00:59 . 2007-12-30 00:57 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
                      2007-12-30 00:57 . 2007-12-30 01:05 <DIR> d-------- C:\Documents and Settings\Timothy\.housecall6.6
                      2007-12-20 19:20 . 2007-12-20 19:20 <DIR> d-------- C:\Program Files\GameSpy
                      2007-12-20 19:19 . 2007-12-20 19:19 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
                      2007-12-14 23:41 . 2007-12-14 23:41 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\InstallShield
                      2007-12-10 00:16 . 2007-12-29 15:00 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\AVG7
                      2007-12-10 00:15 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
                      2007-12-10 00:15 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
                      2007-12-10 00:15 . 2007-12-10 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
                      2007-12-09 16:04 . 2007-12-09 16:04 <DIR> d-------- C:\Program Files\Common Files\HP
                      2007-12-09 16:02 . 2007-12-09 16:02 <DIR> d-------- C:\Program Files\Hewlett-Packard
                      2007-12-09 15:40 . 2007-12-09 16:49 68,642 --a------ C:\WINDOWS\hpoins05.dat
                      2007-12-09 15:40 . 2004-12-14 19:06 19,696 --------- C:\WINDOWS\hpomdl05.dat
                      2007-12-09 15:12 . 2007-12-09 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
                      2007-12-08 15:58 . 2007-12-08 15:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
                      2007-12-08 15:58 . 2007-12-08 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
                      2007-12-08 15:58 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
                      2007-12-08 15:58 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
                      2007-12-08 15:58 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
                      2007-12-08 15:57 . 2007-12-08 15:57 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Webroot
                      2007-12-07 19:28 . 2007-12-07 19:28 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Lavasoft
                      2007-12-07 18:54 . 2007-12-23 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
                      2007-12-07 18:53 . 2007-12-23 18:48 <DIR> d-------- C:\Program Files\SpywareBlaster
                      2007-12-07 18:53 . 2007-12-07 18:53 <DIR> d-------- C:\Program Files\Lavasoft
                      2007-12-07 18:52 . 2007-12-07 18:52 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
                      2007-12-07 18:52 . 2007-12-07 18:52 298,104 --a------ C:\WINDOWS\system32\imon.dll
                      2007-12-07 18:52 . 2007-12-07 18:52 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
                      2007-12-07 18:50 . 2007-12-23 18:48 <DIR> d-------- C:\Temp
                      2007-12-07 18:50 . 2007-12-07 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
                      2007-12-07 18:33 . 2007-12-07 18:33 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
                      2007-12-07 18:33 . 2007-12-30 21:19 <DIR> d-------- C:\Program Files\Hitman Pro
                      2007-12-07 17:48 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
                      2007-12-05 22:39 . 2007-12-05 22:39 <DIR> d-------- C:\Program Files\Webroot
                      2007-12-05 22:39 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
                      2007-12-05 21:02 . 2007-12-05 21:03 <DIR> dr-h----- C:\Documents and Settings\LocalService\Onlangs geopend
                      2007-12-05 21:02 . 2007-12-05 21:03 <DIR> dr------- C:\Documents and Settings\LocalService\Mijn documenten
                      2007-12-05 21:02 . 2007-12-05 21:02 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
                      2007-12-05 21:02 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
                      2007-11-28 18:23 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
                      2007-11-28 18:22 . 2007-11-28 18:23 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
                      2007-11-28 18:20 . 2007-11-28 18:20 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
                      2007-11-25 01:57 . 2007-11-27 18:00 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
                      2007-11-23 19:50 . 2007-11-23 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
                      2007-11-22 22:46 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
                      2007-11-22 22:46 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
                      2007-11-22 22:46 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
                      2007-11-22 22:45 . 2007-12-20 19:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
                      2007-11-22 22:45 . 2007-12-20 19:19 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
                      2007-11-22 22:45 . 2007-12-20 19:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
                      2007-11-22 22:45 . 2007-12-20 19:19 22,328 --a------ C:\Documents and Settings\Timothy\Application Data\PnkBstrK.sys
                      2007-11-22 22:45 . 2007-11-22 22:45 319 --a------ C:\WINDOWS\game.ini
                      2007-11-19 10:05 . 2007-11-20 20:02 257,024 --a------ C:\WINDOWS\system32\ndt2.sys
                      2007-11-06 17:54 . 2007-11-06 17:54 <DIR> d-------- C:\WINDOWS\system32\Futuremark
                      2007-11-06 17:54 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
                      2007-11-06 17:54 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
                      2007-11-06 17:54 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
                      2007-11-06 17:54 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
                      2007-11-02 06:46 . 2007-12-05 18:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2007-12-29 23:13 --------- d-----w C:\Program Files\ui
                      2007-12-20 18:03 --------- d-----w C:\Program Files\Electronic Arts
                      2007-12-14 23:07 --------- d-----w C:\Documents and Settings\Timothy\Application Data\uTorrent
                      2007-12-14 23:01 --------- d-----w C:\Program Files\Common Files\Sonic Shared
                      2007-12-14 23:01 --------- d-----w C:\Program Files\Common Files\Roxio Shared
                      2007-12-14 22:58 --------- d-----w C:\Program Files\ResChanger 2005
                      2007-12-14 22:58 --------- d-----w C:\Program Files\LimeWire
                      2007-12-14 22:58 --------- d-----w C:\Program Files\DivX
                      2007-12-14 22:58 --------- d-----w C:\Program Files\Counter-Strike Source
                      2007-12-14 22:58 --------- d-----w C:\Program Files\AutoUnpack
                      2007-12-14 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
                      2007-12-14 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
                      2007-12-14 22:40 --------- d-----w C:\Program Files\Ahead
                      2007-12-07 17:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                      2007-11-28 16:02 --------- d-----w C:\Program Files\HP
                      2007-11-22 14:45 --------- d-----w C:\Documents and Settings\Timothy\Application Data\Autodesk
                      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
                      2007-11-06 16:56 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
                      2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
                      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
                      2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
                      2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
                      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
                      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
                      2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
                      2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
                      2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
                      2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
                      2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
                      2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
                      2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
                      2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
                      2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
                      2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
                      2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
                      2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
                      2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
                      2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
                      2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
                      2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
                      2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
                      2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
                      2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
                      2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
                      2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
                      2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
                      2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
                      2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
                      2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                      2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
                      2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
                      2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
                      2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
                      2007-09-16 23:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
                      2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
                      2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
                      2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
                      2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
                      2007-09-16 23:07 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
                      2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
                      2007-09-16 23:07 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
                      2007-09-16 23:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
                      2007-09-16 23:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
                      2007-09-16 23:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
                      2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
                      2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
                      2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
                      2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
                      2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
                      2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
                      2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
                      2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
                      2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
                      2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
                      2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
                      2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
                      2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
                      2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
                      2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
                      2007-09-16 23:07 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
                      2007-09-16 23:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
                      2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
                      2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
                      2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
                      2007-09-16 23:07 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
                      2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
                      2007-09-16 23:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
                      2007-09-16 23:07 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
                      2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
                      2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
                      2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
                      2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
                      2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
                      2007-09-16 23:07 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
                      2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
                      2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
                      2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
                      2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
                      2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
                      2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
                      2006-07-20 22:56 88 --sh--r C:\WINDOWS\system32\0BFA6C5EBE.sys
                      2006-06-25 22:15 56 --sh--r C:\WINDOWS\system32\BE5E6CFA0B.sys
                      2006-07-20 22:56 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
                      .

                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      REGEDIT4
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
                      "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 33792 C:\WINDOWS\system32\rundll32.exe]
                      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
                      "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
                      "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
                      "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
                      "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
                      "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
                      "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
                      "P17Helper"="SPIRun.dll" [2006-07-03 05:43 10752 C:\WINDOWS\system32\SPIRun.dll]
                      "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 09:56 122880]
                      "nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
                      "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 33792 C:\WINDOWS\system32\rundll32.exe]
                      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-07 18:52 949376]
                      "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]
                      "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
                      "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
                      "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-10 00:15 219136]

                      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                      HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
                      "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy^Menu Start^Programma's^Opstarten^Registration Ghost Recon Advanced Warfighter.LNK]
                      path=C:\Documents and Settings\Timothy\Menu Start\Programma's\Opstarten\Registration Ghost Recon Advanced Warfighter.LNK
                      backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy^Menu Start^Programma's^Opstarten^Registration Tom Clancy's Rainbow Six]
                      path=C:\Documents and Settings\Timothy\Menu Start\Programma's\Opstarten\Registration Tom Clancy's Rainbow Six
                      backup=C:\WINDOWS\pss\Registration Tom Clancy's Rainbow SixStartup

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
                      Rundll32 CTMBHA.DLL,MBMon

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
                      nwiz.exe /install

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
                      C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
                      2000-05-11 01:00 90112 --------- C:\WINDOWS\UpdReg.EXE

                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
                      "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
                      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
                      "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
                      "Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe"
                      "Steam"="c:\program files\valve\steam\steam.exe" -silent
                      "ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe"

                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
                      "CTRegRun"=C:\WINDOWS\CTRegRun.EXE
                      "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE"
                      "CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
                      "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
                      "Norman ZANDA"="C:\Norman\Nvc\BIN\ZLH.EXE" /LOAD /SPLASH
                      "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall

                      R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
                      R3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys [2006-09-25 10:58]
                      R3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys [2006-10-12 01:54]
                      S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 14:38]
                      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 14:38]
                      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 14:38]

                      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
                      UxTuneUp

                      .
                      Inhoud van de 'Gedeelde Taken' map
                      "2007-12-21 21:49:49 C:\WINDOWS\Tasks\Easy Onderhoud.job"
                      - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
                      "2007-12-30 19:00:00 C:\WINDOWS\Tasks\HPpromotions psc 1600 series.job"
                      - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
                      .
                      **************************************************************************

                      catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2007-12-30 23:05:21
                      Windows 5.1.2600 Service Pack 2 NTFS

                      scannen van verborgen processen ...

                      scannen van verborgen autostart items ...

                      scannen van verborgen bestanden ...

                      Scan succesvol afgerond
                      verborgen bestanden: 0

                      **************************************************************************
                      .
                      --------------------- DLLs Loaded Under Running Processes ---------------------

                      PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
                      -> C:\Program Files\Eset\pr_imon.dll
                      .
                      Voltooingstijd: 2007-12-30 23:05:51
                      C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 22:05:45
                      C:\qoobox\ComboFix2.txt 2007-12-30 20:23:36
                      .
                      2007-12-24 15:00:58 --- E O F ---
                        • Citaat

                        Comment

                        • #7
                          en hier heb je het logje van hijackthis.

                          Logfile of Trend Micro HijackThis v2.0.2
                          Scan saved at 23:08:32, on 30-12-2007
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                          Boot mode: Normal

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                          C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                          C:\WINDOWS\system32\CTsvcCDA.exe
                          C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
                          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                          C:\Program Files\Eset\nod32krn.exe
                          C:\Norman\Nvc\BIN\Zanda.exe
                          C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
                          C:\WINDOWS\system32\nvsvc32.exe
                          C:\WINDOWS\system32\PnkBstrA.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
                          C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
                          C:\WINDOWS\stsystra.exe
                          C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
                          C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
                          C:\Program Files\Logitech\G-series Software\LGDCore.exe
                          C:\Program Files\Logitech\G-series Software\LCDMon.exe
                          C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
                          C:\Program Files\Eset\nod32kui.exe
                          C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
                          C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
                          C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
                          C:\Program Files\Winamp\winampa.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                          C:\DOCUME~1\Timothy\LOCALS~1\Temp\clclean.0001
                          C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
                          C:\Program Files\internet explorer\iexplore.exe
                          C:\WINDOWS\explorer.exe
                          C:\WINDOWS\system32\notepad.exe
                          C:\Documents and Settings\Timothy\Bureaublad\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                          O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
                          O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                          O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
                          O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
                          O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                          O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
                          O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
                          O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
                          O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
                          O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
                          O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
                          O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                          O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                          O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
                          O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
                          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                          O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
                          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                          O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
                          O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O15 - Trusted Zone: http://toolbar.imageshack.us
                          O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
                          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
                          O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
                          O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                          O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
                          O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
                          O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
                          O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
                          O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
                          O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
                          O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
                          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                          O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                          O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
                          O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe
                          O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
                          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
                          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                          O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

                          --
                          End of file - 8619 bytes
                            • Citaat

                            Comment

                            • #8
                              Verwijder de volgende map:
                              C:\Qoobox

                              Maak dan je prullenbak leeg.

                              Download ATF cleaner (mirror)(gemaakt door Atribune)

                              Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                              Dubbelklik op ATF cleaner om het programma te starten.
                              Op het tabblad "Main", plaats je een vinkje bij Select All.
                              Klik op de knop Empty Selected.

                              Het volgende doen als je ook FireFox als browser hebt:
                              Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                              Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                              (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                              Klik op de knop Empty Selected.

                              Het volgende doen als je ook Opera als browser hebt:
                              Klik op tabblad "Opera", plaats een vinkje bij Select All.
                              Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                              Klik op de knop Empty Selected.
                              Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                              Ga naar Start - Uitvoeren en geef hier het volgende in:
                              Combofix /U
                              Druk daarna op OK.
                              Let op: Er moet een spatie tussen Combofix en /U zitten.

                              Dit zal Combofix deïnstalleren.

                              Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                              Kijk hier hoe je je systeemherstel moet uitschakelen.
                              Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                              Zijn de problemen nu voorbij?
                                • Citaat

                                Comment

                                • #9
                                  Hartstikke bedankt

                                  Hartstikke bedankt ik kan nu weer mijn favoriete achtergrond gebruiken

                                  er zouden meer mensen moeten zijn zoals u. Dan zou het allemaal een stuk vlotter gaan met heel dat spyware gedoe.

                                  ik zal zeker tegen mijn vrienden vertellen wat voor fantastische replies je hier krijgt over hoe je het allemaal weer "fixt"
                                    • Citaat

                                    Comment

                                    • #10
                                      Graag gedaan hoor, fijn dat het allemaal gelukt is
                                        • Citaat

                                        Comment

                                        Vorige template Volgende
                                        Sorry, you are not authorized to view this page
                                        Working...
                                        X
                                        😀
                                        🥰
                                        🤢
                                        😎
                                        😡
                                        👍
                                        👎