Mededeling

Collapse
No announcement yet.

Ik kan mijn achtergrond niet meer veranderen

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    Ik kan mijn achtergrond niet meer veranderen

    Ik heb een tijdje geleden een heleboel virussen, spyware en malware op mijn pc binnengekregen. Die heb ik met behulp van Hitman-Pro weggekregen. Tijdens de infectie was ik niet meer in staat om mijn achtergrond te veranderen of te zien. ik kon echter wel de achtergrondkleur veranderen.

    Maar zoals ik al zei is de infectie verwijderd (of bijna dan) want ik ben nog steeds niet in staat om mijn achtergrond te veranderen via rechtermuisklik bureaublad => eigenschappen => Bureaublad => achtergrond. Ik kan mijn huidige bureaublad nu wel zien maar dat is alles.

    Ik ben toen het internet opgegaan om hulp te zoeken (www.helpmij.nl) alles wat gerelateerd was aab dit onderwerp heb ik gelezen en de oplossingen geprobeerd en niets werkte toen heb ik HijackThis gedownload zoals de site adviseerde.
    Dit is mijn laatste hoop anders ga ik windows opnieuw installeren.
    Ik plak ook het rapport van HijackThis in dit bericht.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:40:56, on 30-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Norman\Nvc\BIN\Zanda.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Logitech\G-series Software\LGDCore.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\DOCUME~1\Timothy\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\MICROS~3\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Timothy\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 66.98.136.25 auto.search.msn.es
    O1 - Hosts: 82.98.86.161 lotterybusiness.cn
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - (no file)
    O2 - BHO: (no name) - {436BB1BA-2670-E517-F753-036968A4205F} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {F537C9D9-1DBF-45A3-8CA7-B4D3BBC05559} - (no file)
    O2 - BHO: (no name) - {F9E06D65-87DC-4B0D-8728-1E6162296F01} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ejmzonmj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ejmzonmj.dll"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [ozcfkvuf] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ozcfkvuf.dll"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C9C9A.dat
    O20 - Winlogon Notify: rqwyakft - rqwyakft.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 9755 bytes
    Labels: Geen
    • Citaat
  • #2
    Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
    O2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - (no file)
    O2 - BHO: (no name) - {436BB1BA-2670-E517-F753-036968A4205F} - (no file)
    O2 - BHO: (no name) - {F537C9D9-1DBF-45A3-8CA7-B4D3BBC05559} - (no file)
    O2 - BHO: (no name) - {F9E06D65-87DC-4B0D-8728-1E6162296F01} - (no file)
    O4 - HKLM\..\Run: [ejmzonmj] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ejmzonmj.dll"
    O4 - HKLM\..\Run: [ozcfkvuf] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ozcfkvuf.dll"
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C9C9A.dat
    O20 - Winlogon Notify: rqwyakft - rqwyakft.dll (file missing)
    Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
    • Citaat

    Comment

    • #3
      bij deze het bericht na het rebooten van mijn computer.

      ----------------RVAXO.exe first run-------------

      Files found:

      C:\Documents and Settings\Timothy\ResErrors.log
      C:\WINDOWS\system32\mcrh.tmp

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Documents and Settings\All Users\Application Data\SalesMonitor

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------
      • Citaat

      Comment

      • #4
        bij deze de logfile van combofix.

        ComboFix 07-12-30.3 - Timothy 2007-12-30 21:13:19.1 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1544 [GMT 1:00]
        Gestart vanuit: C:\Documents and Settings\Timothy\Bureaublad\ComboFix.exe
        * Nieuw herstelpunt werd aangemaakt
        .

        (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Documents and Settings\Gast\Application Data\BestsellerAntivirus
        C:\Documents and Settings\Gast\Application Data\BestsellerAntivirus\Logs\av.log
        C:\Documents and Settings\Gast\Application Data\BestsellerAntivirus\Logs\update.log
        C:\Documents and Settings\Gast\ResErrors.log
        C:\Documents and Settings\Timothy\Application Data\macromedia\Flash Player\#SharedObjects\ANG679MN\iforex.com
        C:\Documents and Settings\Timothy\Application Data\macromedia\Flash Player\#SharedObjects\ANG679MN\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
        C:\Documents and Settings\Timothy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
        C:\Documents and Settings\Timothy\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
        C:\WINDOWS\2.exe
        C:\WINDOWS\cookies.ini
        C:\WINDOWS\system32\drivers\npf.sys
        C:\WINDOWS\system32\jwjpivus.ini
        C:\WINDOWS\system32\nuinopsd
        C:\WINDOWS\system32\nuinopsd\bg1.gif
        C:\WINDOWS\system32\nuinopsd\bgtop.gif
        C:\WINDOWS\system32\nuinopsd\bottom1.gif
        C:\WINDOWS\system32\nuinopsd\essentials.gif
        C:\WINDOWS\system32\nuinopsd\icon1.ico
        C:\WINDOWS\system32\nuinopsd\install1.gif
        C:\WINDOWS\system32\nuinopsd\left1.gif
        C:\WINDOWS\system32\nuinopsd\li.gif
        C:\WINDOWS\system32\nuinopsd\logo.gif
        C:\WINDOWS\system32\nuinopsd\main.htm
        C:\WINDOWS\system32\nuinopsd\mainframe.htm
        C:\WINDOWS\system32\nuinopsd\reinstall1.gif
        C:\WINDOWS\system32\nuinopsd\right1.gif
        C:\WINDOWS\system32\nuinopsd\s1.htm
        C:\WINDOWS\system32\nuinopsd\s2.htm
        C:\WINDOWS\system32\nuinopsd\s3.htm
        C:\WINDOWS\system32\nuinopsd\SMTop1.gif
        C:\WINDOWS\system32\nuinopsd\SMTop2.gif
        C:\WINDOWS\system32\nuinopsd\SMTop3.gif
        C:\WINDOWS\system32\nuinopsd\SMTop4.gif
        C:\WINDOWS\system32\nuinopsd\soft1_off.gif
        C:\WINDOWS\system32\nuinopsd\soft1_off_ext.gif
        C:\WINDOWS\system32\nuinopsd\soft1_on.gif
        C:\WINDOWS\system32\nuinopsd\soft1_on_ext.gif
        C:\WINDOWS\system32\nuinopsd\soft2_off.gif
        C:\WINDOWS\system32\nuinopsd\soft2_off_ext.gif
        C:\WINDOWS\system32\nuinopsd\soft2_on.gif
        C:\WINDOWS\system32\nuinopsd\soft2_on_ext.gif
        C:\WINDOWS\system32\nuinopsd\soft3_off.gif
        C:\WINDOWS\system32\nuinopsd\soft3_off_ext.gif
        C:\WINDOWS\system32\nuinopsd\soft3_on.gif
        C:\WINDOWS\system32\nuinopsd\soft3_on_ext.gif
        C:\WINDOWS\system32\nuinopsd\softbottom_off.gif
        C:\WINDOWS\system32\nuinopsd\softbottom_on.gif
        C:\WINDOWS\system32\nuinopsd\softleft_off.gif
        C:\WINDOWS\system32\nuinopsd\softleft_on.gif
        C:\WINDOWS\system32\nuinopsd\top1.gif
        C:\WINDOWS\system32\nuinopsd\top2.gif
        C:\WINDOWS\system32\nuinopsd\turnoff1.gif
        C:\WINDOWS\system32\nuinopsd\turnon1.gif
        C:\WINDOWS\system32\packet.dll
        C:\WINDOWS\system32\wpcap.dll
        C:\WINDOWS\system32\xyadd.ini

        .
        ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

        .
        -------\LEGACY_NPF
        -------\NPF


        (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))
        .

        2007-12-30 19:08 . 2007-12-30 19:08 <DIR> d-------- C:\RVAXO
        2007-12-30 19:00 . 2007-12-29 00:34 579,934 --a------ C:\WINDOWS\system32\RVAXO.bat
        2007-12-30 19:00 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
        2007-12-30 01:30 . 2007-12-30 01:31 <DIR> d-------- C:\Program Files\Winamp
        2007-12-30 01:30 . 2007-12-30 01:31 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Winamp
        2007-12-30 00:59 . 2007-12-30 00:57 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
        2007-12-30 00:57 . 2007-12-30 01:05 <DIR> d-------- C:\Documents and Settings\Timothy\.housecall6.6
        2007-12-20 19:20 . 2007-12-20 19:20 <DIR> d-------- C:\Program Files\GameSpy
        2007-12-20 19:19 . 2007-12-20 19:19 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
        2007-12-14 23:41 . 2007-12-14 23:41 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\InstallShield
        2007-12-10 00:16 . 2007-12-29 15:00 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\AVG7
        2007-12-10 00:15 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
        2007-12-10 00:15 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
        2007-12-10 00:15 . 2007-12-10 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
        2007-12-09 16:04 . 2007-12-09 16:04 <DIR> d-------- C:\Program Files\Common Files\HP
        2007-12-09 16:02 . 2007-12-09 16:02 <DIR> d-------- C:\Program Files\Hewlett-Packard
        2007-12-09 15:40 . 2007-12-09 16:49 68,642 --a------ C:\WINDOWS\hpoins05.dat
        2007-12-09 15:40 . 2004-12-14 19:06 19,696 --------- C:\WINDOWS\hpomdl05.dat
        2007-12-09 15:12 . 2007-12-09 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
        2007-12-08 15:58 . 2007-12-08 15:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
        2007-12-08 15:58 . 2007-12-08 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
        2007-12-08 15:58 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
        2007-12-08 15:58 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
        2007-12-08 15:58 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
        2007-12-08 15:57 . 2007-12-08 15:57 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Webroot
        2007-12-07 19:28 . 2007-12-07 19:28 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Lavasoft
        2007-12-07 18:54 . 2007-12-23 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
        2007-12-07 18:53 . 2007-12-23 18:48 <DIR> d-------- C:\Program Files\SpywareBlaster
        2007-12-07 18:53 . 2007-12-07 18:53 <DIR> d-------- C:\Program Files\Lavasoft
        2007-12-07 18:52 . 2007-12-07 18:52 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
        2007-12-07 18:52 . 2007-12-07 18:52 298,104 --a------ C:\WINDOWS\system32\imon.dll
        2007-12-07 18:52 . 2007-12-07 18:52 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
        2007-12-07 18:50 . 2007-12-23 18:48 <DIR> d-------- C:\Temp
        2007-12-07 18:50 . 2007-12-07 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
        2007-12-07 18:33 . 2007-12-07 18:33 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
        2007-12-07 18:33 . 2007-12-30 21:19 <DIR> d-------- C:\Program Files\Hitman Pro
        2007-12-07 17:48 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
        2007-12-05 22:39 . 2007-12-05 22:39 <DIR> d-------- C:\Program Files\Webroot
        2007-12-05 22:39 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
        2007-12-05 21:02 . 2007-12-05 21:03 <DIR> dr-h----- C:\Documents and Settings\LocalService\Onlangs geopend
        2007-12-05 21:02 . 2007-12-05 21:03 <DIR> dr------- C:\Documents and Settings\LocalService\Mijn documenten
        2007-12-05 21:02 . 2007-12-05 21:02 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
        2007-12-05 21:02 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
        2007-12-05 18:10 . 2007-12-05 21:03 6,909 ---hs---- C:\WINDOWS\system32\mlnmp.ini
        2007-12-05 17:59 . 2007-12-10 01:26 <DIR> d-------- C:\WINDOWS\system32\gjisfclw
        2007-11-28 18:23 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
        2007-11-28 18:22 . 2007-11-28 18:23 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
        2007-11-28 18:20 . 2007-11-28 18:20 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
        2007-11-25 01:57 . 2007-11-27 18:00 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
        2007-11-23 19:50 . 2007-11-23 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
        2007-11-22 22:46 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
        2007-11-22 22:46 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
        2007-11-22 22:46 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
        2007-11-22 22:45 . 2007-12-20 19:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
        2007-11-22 22:45 . 2007-12-20 19:19 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
        2007-11-22 22:45 . 2007-12-20 19:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
        2007-11-22 22:45 . 2007-12-20 19:19 22,328 --a------ C:\Documents and Settings\Timothy\Application Data\PnkBstrK.sys
        2007-11-22 22:45 . 2007-11-22 22:45 319 --a------ C:\WINDOWS\game.ini
        2007-11-19 10:05 . 2007-11-20 20:02 257,024 --a------ C:\WINDOWS\system32\ndt2.sys
        2007-11-06 17:54 . 2007-11-06 17:54 <DIR> d-------- C:\WINDOWS\system32\Futuremark
        2007-11-06 17:54 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
        2007-11-06 17:54 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
        2007-11-06 17:54 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
        2007-11-06 17:54 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
        2007-11-02 06:46 . 2007-12-05 18:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2007-12-29 23:13 --------- d-----w C:\Program Files\ui
        2007-12-20 18:03 --------- d-----w C:\Program Files\Electronic Arts
        2007-12-14 23:07 --------- d-----w C:\Documents and Settings\Timothy\Application Data\uTorrent
        2007-12-14 23:01 --------- d-----w C:\Program Files\Common Files\Sonic Shared
        2007-12-14 23:01 --------- d-----w C:\Program Files\Common Files\Roxio Shared
        2007-12-14 22:58 --------- d-----w C:\Program Files\ResChanger 2005
        2007-12-14 22:58 --------- d-----w C:\Program Files\LimeWire
        2007-12-14 22:58 --------- d-----w C:\Program Files\DivX
        2007-12-14 22:58 --------- d-----w C:\Program Files\Counter-Strike Source
        2007-12-14 22:58 --------- d-----w C:\Program Files\AutoUnpack
        2007-12-14 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
        2007-12-14 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2007-12-14 22:40 --------- d-----w C:\Program Files\Ahead
        2007-12-07 17:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
        2007-11-28 16:02 --------- d-----w C:\Program Files\HP
        2007-11-22 14:45 --------- d-----w C:\Documents and Settings\Timothy\Application Data\Autodesk
        2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
        2007-11-06 16:56 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
        2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
        2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
        2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
        2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
        2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
        2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
        2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
        2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
        2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
        2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
        2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
        2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
        2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
        2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
        2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
        2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
        2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
        2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
        2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
        2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
        2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
        2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
        2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
        2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
        2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
        2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
        2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
        2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
        2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
        2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
        2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
        2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
        2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
        2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
        2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
        2007-09-16 23:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
        2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
        2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
        2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
        2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
        2007-09-16 23:07 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
        2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
        2007-09-16 23:07 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
        2007-09-16 23:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
        2007-09-16 23:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
        2007-09-16 23:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
        2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
        2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
        2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
        2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
        2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
        2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
        2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
        2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
        2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
        2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
        2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
        2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
        2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
        2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
        2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
        2007-09-16 23:07 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
        2007-09-16 23:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
        2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
        2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
        2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
        2007-09-16 23:07 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
        2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
        2007-09-16 23:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
        2007-09-16 23:07 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
        2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
        2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
        2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
        2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
        2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
        2007-09-16 23:07 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
        2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
        2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
        2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
        2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
        2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
        2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
        2006-07-20 22:56 88 --sh--r C:\WINDOWS\system32\0BFA6C5EBE.sys
        2006-06-25 22:15 56 --sh--r C:\WINDOWS\system32\BE5E6CFA0B.sys
        2006-07-20 22:56 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
        .

        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
        "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 33792 C:\WINDOWS\system32\rundll32.exe]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
        "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
        "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
        "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
        "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
        "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
        "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
        "P17Helper"="SPIRun.dll" [2006-07-03 05:43 10752 C:\WINDOWS\system32\SPIRun.dll]
        "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 09:56 122880]
        "nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
        "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 33792 C:\WINDOWS\system32\rundll32.exe]
        "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-07 18:52 949376]
        "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]
        "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
        "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
        "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-10 00:15 219136]

        C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
        HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
        "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy^Menu Start^Programma's^Opstarten^Registration Ghost Recon Advanced Warfighter.LNK]
        path=C:\Documents and Settings\Timothy\Menu Start\Programma's\Opstarten\Registration Ghost Recon Advanced Warfighter.LNK
        backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy^Menu Start^Programma's^Opstarten^Registration Tom Clancy's Rainbow Six]
        path=C:\Documents and Settings\Timothy\Menu Start\Programma's\Opstarten\Registration Tom Clancy's Rainbow Six
        backup=C:\WINDOWS\pss\Registration Tom Clancy's Rainbow SixStartup

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
        Rundll32 CTMBHA.DLL,MBMon

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
        nwiz.exe /install

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
        C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
        2000-05-11 01:00 90112 --------- C:\WINDOWS\UpdReg.EXE

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
        "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
        "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
        "Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe"
        "Steam"="c:\program files\valve\steam\steam.exe" -silent
        "ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe"

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
        "CTRegRun"=C:\WINDOWS\CTRegRun.EXE
        "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE"
        "CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
        "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
        "Norman ZANDA"="C:\Norman\Nvc\BIN\ZLH.EXE" /LOAD /SPLASH
        "lwxopqds"="rundll32.exe" "C:\Program Files\lwxopqds\vwbyhqpk.dll",Init
        "bc018185"="rundll32.exe" "C:\WINDOWS\system32\suvipjwj.dll",b
        "SC2"="C:\Program Files\SecCenter\scprot4.exe"
        "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall

        R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
        R3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys [2006-09-25 10:58]
        R3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys [2006-10-12 01:54]
        S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 14:38]
        S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 14:38]
        S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 14:38]

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
        UxTuneUp

        .
        Inhoud van de 'Gedeelde Taken' map
        "2007-12-21 21:49:49 C:\WINDOWS\Tasks\Easy Onderhoud.job"
        - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
        "2007-12-30 19:00:00 C:\WINDOWS\Tasks\HPpromotions psc 1600 series.job"
        - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
        .
        **************************************************************************

        catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2007-12-30 21:20:42
        Windows 5.1.2600 Service Pack 2 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        scannen van verborgen bestanden ...

        Scan succesvol afgerond
        verborgen bestanden: 0

        **************************************************************************
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
        -> C:\Program Files\Eset\pr_imon.dll
        .
        Voltooingstijd: 2007-12-30 21:23:36 - machine was rebooted
        C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 20:23:27
        .
        2007-12-24 15:00:58 --- E O F ---
        • Citaat

        Comment

        • #5
          Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

          Download de bijlage: CFScript.txt

          Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



          Dit zal ComboFix doen herstarten.
          Start opnieuw op als daarom gevraagd wordt,
          en post de inhoud van de Combofix.txt in je volgende antwoord.
          Post ook een nieuw logje van Hijackthis en vertel of je nog problemen ondervindt
          Bijgevoegde Bestanden
          • Citaat

          Comment

          • #6
            bij deze de log van combofix:

            ComboFix 07-12-30.3 - Timothy 2007-12-30 23:03:22.2 - NTFSx86
            Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1485 [GMT 1:00]Gestart vanuit: C:\Documents and Settings\Timothy\Bureaublad\ComboFix.exe
            Command switches used :: C:\Documents and Settings\Timothy\Bureaublad\cfscript.txt
            * Nieuw herstelpunt werd aangemaakt

            FILE
            C:\WINDOWS\system32\mlnmp.ini
            .

            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            C:\WINDOWS\system32\gjisfclw
            C:\WINDOWS\system32\gjisfclw\bg1.gif
            C:\WINDOWS\system32\gjisfclw\bgtop.gif
            C:\WINDOWS\system32\gjisfclw\bottom1.gif
            C:\WINDOWS\system32\gjisfclw\essentials.gif
            C:\WINDOWS\system32\gjisfclw\icon1.ico
            C:\WINDOWS\system32\gjisfclw\install1.gif
            C:\WINDOWS\system32\gjisfclw\left1.gif
            C:\WINDOWS\system32\gjisfclw\li.gif
            C:\WINDOWS\system32\gjisfclw\logo.gif
            C:\WINDOWS\system32\gjisfclw\main.htm
            C:\WINDOWS\system32\gjisfclw\mainframe.htm
            C:\WINDOWS\system32\gjisfclw\reinstall1.gif
            C:\WINDOWS\system32\gjisfclw\right1.gif
            C:\WINDOWS\system32\gjisfclw\s1.htm
            C:\WINDOWS\system32\gjisfclw\s2.htm
            C:\WINDOWS\system32\gjisfclw\s3.htm
            C:\WINDOWS\system32\gjisfclw\SMTop1.gif
            C:\WINDOWS\system32\gjisfclw\SMTop2.gif
            C:\WINDOWS\system32\gjisfclw\SMTop3.gif
            C:\WINDOWS\system32\gjisfclw\SMTop4.gif
            C:\WINDOWS\system32\gjisfclw\soft1_off.gif
            C:\WINDOWS\system32\gjisfclw\soft1_off_ext.gif
            C:\WINDOWS\system32\gjisfclw\soft1_on.gif
            C:\WINDOWS\system32\gjisfclw\soft1_on_ext.gif
            C:\WINDOWS\system32\gjisfclw\soft2_off.gif
            C:\WINDOWS\system32\gjisfclw\soft2_off_ext.gif
            C:\WINDOWS\system32\gjisfclw\soft2_on.gif
            C:\WINDOWS\system32\gjisfclw\soft2_on_ext.gif
            C:\WINDOWS\system32\gjisfclw\soft3_off.gif
            C:\WINDOWS\system32\gjisfclw\soft3_off_ext.gif
            C:\WINDOWS\system32\gjisfclw\soft3_on.gif
            C:\WINDOWS\system32\gjisfclw\soft3_on_ext.gif
            C:\WINDOWS\system32\gjisfclw\softbottom_off.gif
            C:\WINDOWS\system32\gjisfclw\softbottom_on.gif
            C:\WINDOWS\system32\gjisfclw\softleft_off.gif
            C:\WINDOWS\system32\gjisfclw\softleft_on.gif
            C:\WINDOWS\system32\gjisfclw\top1.gif
            C:\WINDOWS\system32\gjisfclw\top2.gif
            C:\WINDOWS\system32\gjisfclw\turnoff1.gif
            C:\WINDOWS\system32\gjisfclw\turnon1.gif
            C:\WINDOWS\system32\mlnmp.ini

            .
            (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))
            .

            2007-12-30 01:30 . 2007-12-30 01:31 <DIR> d-------- C:\Program Files\Winamp
            2007-12-30 01:30 . 2007-12-30 01:31 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Winamp
            2007-12-30 00:59 . 2007-12-30 00:57 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
            2007-12-30 00:57 . 2007-12-30 01:05 <DIR> d-------- C:\Documents and Settings\Timothy\.housecall6.6
            2007-12-20 19:20 . 2007-12-20 19:20 <DIR> d-------- C:\Program Files\GameSpy
            2007-12-20 19:19 . 2007-12-20 19:19 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
            2007-12-14 23:41 . 2007-12-14 23:41 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\InstallShield
            2007-12-10 00:16 . 2007-12-29 15:00 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\AVG7
            2007-12-10 00:15 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
            2007-12-10 00:15 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
            2007-12-10 00:15 . 2007-12-10 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
            2007-12-09 16:04 . 2007-12-09 16:04 <DIR> d-------- C:\Program Files\Common Files\HP
            2007-12-09 16:02 . 2007-12-09 16:02 <DIR> d-------- C:\Program Files\Hewlett-Packard
            2007-12-09 15:40 . 2007-12-09 16:49 68,642 --a------ C:\WINDOWS\hpoins05.dat
            2007-12-09 15:40 . 2004-12-14 19:06 19,696 --------- C:\WINDOWS\hpomdl05.dat
            2007-12-09 15:12 . 2007-12-09 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
            2007-12-08 15:58 . 2007-12-08 15:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
            2007-12-08 15:58 . 2007-12-08 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
            2007-12-08 15:58 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
            2007-12-08 15:58 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
            2007-12-08 15:58 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
            2007-12-08 15:57 . 2007-12-08 15:57 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Webroot
            2007-12-07 19:28 . 2007-12-07 19:28 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Lavasoft
            2007-12-07 18:54 . 2007-12-23 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
            2007-12-07 18:53 . 2007-12-23 18:48 <DIR> d-------- C:\Program Files\SpywareBlaster
            2007-12-07 18:53 . 2007-12-07 18:53 <DIR> d-------- C:\Program Files\Lavasoft
            2007-12-07 18:52 . 2007-12-07 18:52 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
            2007-12-07 18:52 . 2007-12-07 18:52 298,104 --a------ C:\WINDOWS\system32\imon.dll
            2007-12-07 18:52 . 2007-12-07 18:52 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
            2007-12-07 18:50 . 2007-12-23 18:48 <DIR> d-------- C:\Temp
            2007-12-07 18:50 . 2007-12-07 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
            2007-12-07 18:33 . 2007-12-07 18:33 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
            2007-12-07 18:33 . 2007-12-30 21:19 <DIR> d-------- C:\Program Files\Hitman Pro
            2007-12-07 17:48 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
            2007-12-05 22:39 . 2007-12-05 22:39 <DIR> d-------- C:\Program Files\Webroot
            2007-12-05 22:39 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
            2007-12-05 21:02 . 2007-12-05 21:03 <DIR> dr-h----- C:\Documents and Settings\LocalService\Onlangs geopend
            2007-12-05 21:02 . 2007-12-05 21:03 <DIR> dr------- C:\Documents and Settings\LocalService\Mijn documenten
            2007-12-05 21:02 . 2007-12-05 21:02 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
            2007-12-05 21:02 . 2007-12-10 00:15 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
            2007-11-28 18:23 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
            2007-11-28 18:22 . 2007-11-28 18:23 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
            2007-11-28 18:20 . 2007-11-28 18:20 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
            2007-11-25 01:57 . 2007-11-27 18:00 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
            2007-11-23 19:50 . 2007-11-23 19:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
            2007-11-22 22:46 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
            2007-11-22 22:46 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
            2007-11-22 22:46 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
            2007-11-22 22:45 . 2007-12-20 19:19 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
            2007-11-22 22:45 . 2007-12-20 19:19 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
            2007-11-22 22:45 . 2007-12-20 19:19 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
            2007-11-22 22:45 . 2007-12-20 19:19 22,328 --a------ C:\Documents and Settings\Timothy\Application Data\PnkBstrK.sys
            2007-11-22 22:45 . 2007-11-22 22:45 319 --a------ C:\WINDOWS\game.ini
            2007-11-19 10:05 . 2007-11-20 20:02 257,024 --a------ C:\WINDOWS\system32\ndt2.sys
            2007-11-06 17:54 . 2007-11-06 17:54 <DIR> d-------- C:\WINDOWS\system32\Futuremark
            2007-11-06 17:54 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
            2007-11-06 17:54 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
            2007-11-06 17:54 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
            2007-11-06 17:54 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
            2007-11-02 06:46 . 2007-12-05 18:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

            .
            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2007-12-29 23:13 --------- d-----w C:\Program Files\ui
            2007-12-20 18:03 --------- d-----w C:\Program Files\Electronic Arts
            2007-12-14 23:07 --------- d-----w C:\Documents and Settings\Timothy\Application Data\uTorrent
            2007-12-14 23:01 --------- d-----w C:\Program Files\Common Files\Sonic Shared
            2007-12-14 23:01 --------- d-----w C:\Program Files\Common Files\Roxio Shared
            2007-12-14 22:58 --------- d-----w C:\Program Files\ResChanger 2005
            2007-12-14 22:58 --------- d-----w C:\Program Files\LimeWire
            2007-12-14 22:58 --------- d-----w C:\Program Files\DivX
            2007-12-14 22:58 --------- d-----w C:\Program Files\Counter-Strike Source
            2007-12-14 22:58 --------- d-----w C:\Program Files\AutoUnpack
            2007-12-14 22:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
            2007-12-14 22:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
            2007-12-14 22:40 --------- d-----w C:\Program Files\Ahead
            2007-12-07 17:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
            2007-11-28 16:02 --------- d-----w C:\Program Files\HP
            2007-11-22 14:45 --------- d-----w C:\Documents and Settings\Timothy\Application Data\Autodesk
            2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
            2007-11-06 16:56 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
            2007-10-30 23:27 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
            2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
            2007-10-29 22:45 1,291,776 ------w C:\WINDOWS\system32\dllcache\quartz.dll
            2007-10-25 16:44 8,507,392 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
            2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
            2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
            2007-10-10 23:53 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
            2007-10-10 23:53 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
            2007-10-10 23:53 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
            2007-10-10 23:53 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
            2007-10-10 23:53 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
            2007-10-10 23:53 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
            2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
            2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
            2007-10-10 23:53 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
            2007-10-10 23:53 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
            2007-10-10 23:53 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
            2007-10-10 23:53 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
            2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
            2007-10-10 23:53 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
            2007-10-10 23:53 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
            2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
            2007-10-10 23:53 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
            2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
            2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
            2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
            2007-10-10 23:53 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
            2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
            2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
            2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
            2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
            2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
            2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
            2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
            2007-09-16 23:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
            2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
            2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
            2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
            2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
            2007-09-16 23:07 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
            2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
            2007-09-16 23:07 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
            2007-09-16 23:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
            2007-09-16 23:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
            2007-09-16 23:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
            2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
            2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
            2007-09-16 23:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
            2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
            2007-09-16 23:07 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
            2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
            2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
            2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
            2007-09-16 23:07 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
            2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
            2007-09-16 23:07 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
            2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
            2007-09-16 23:07 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
            2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
            2007-09-16 23:07 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
            2007-09-16 23:07 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
            2007-09-16 23:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
            2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
            2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
            2007-09-16 23:07 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
            2007-09-16 23:07 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
            2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
            2007-09-16 23:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
            2007-09-16 23:07 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
            2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
            2007-09-16 23:07 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
            2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
            2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
            2007-09-16 23:07 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
            2007-09-16 23:07 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
            2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
            2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
            2007-09-16 23:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
            2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
            2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
            2007-09-16 23:07 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
            2006-07-20 22:56 88 --sh--r C:\WINDOWS\system32\0BFA6C5EBE.sys
            2006-06-25 22:15 56 --sh--r C:\WINDOWS\system32\BE5E6CFA0B.sys
            2006-07-20 22:56 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
            .

            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            REGEDIT4
            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
            "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 33792 C:\WINDOWS\system32\rundll32.exe]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
            "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
            "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 07:56 139264]
            "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
            "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
            "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
            "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
            "P17Helper"="SPIRun.dll" [2006-07-03 05:43 10752 C:\WINDOWS\system32\SPIRun.dll]
            "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 09:56 122880]
            "nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
            "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 33792 C:\WINDOWS\system32\rundll32.exe]
            "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-07 18:52 949376]
            "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [2007-01-30 14:41 596760]
            "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
            "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
            "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-10 00:15 219136]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
            "UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy^Menu Start^Programma's^Opstarten^Registration Ghost Recon Advanced Warfighter.LNK]
            path=C:\Documents and Settings\Timothy\Menu Start\Programma's\Opstarten\Registration Ghost Recon Advanced Warfighter.LNK
            backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Timothy^Menu Start^Programma's^Opstarten^Registration Tom Clancy's Rainbow Six]
            path=C:\Documents and Settings\Timothy\Menu Start\Programma's\Opstarten\Registration Tom Clancy's Rainbow Six
            backup=C:\WINDOWS\pss\Registration Tom Clancy's Rainbow SixStartup

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
            Rundll32 CTMBHA.DLL,MBMon

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
            nwiz.exe /install

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
            C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
            2000-05-11 01:00 90112 --------- C:\WINDOWS\UpdReg.EXE

            [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
            "MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
            "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
            "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
            "Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe"
            "Steam"="c:\program files\valve\steam\steam.exe" -silent
            "ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe"

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
            "CTRegRun"=C:\WINDOWS\CTRegRun.EXE
            "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE"
            "CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
            "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
            "Norman ZANDA"="C:\Norman\Nvc\BIN\ZLH.EXE" /LOAD /SPLASH
            "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall

            R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
            R3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys [2006-09-25 10:58]
            R3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys [2006-10-12 01:54]
            S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 14:38]
            S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 14:38]
            S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 14:38]

            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
            UxTuneUp

            .
            Inhoud van de 'Gedeelde Taken' map
            "2007-12-21 21:49:49 C:\WINDOWS\Tasks\Easy Onderhoud.job"
            - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
            "2007-12-30 19:00:00 C:\WINDOWS\Tasks\HPpromotions psc 1600 series.job"
            - C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
            .
            **************************************************************************

            catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2007-12-30 23:05:21
            Windows 5.1.2600 Service Pack 2 NTFS

            scannen van verborgen processen ...

            scannen van verborgen autostart items ...

            scannen van verborgen bestanden ...

            Scan succesvol afgerond
            verborgen bestanden: 0

            **************************************************************************
            .
            --------------------- DLLs Loaded Under Running Processes ---------------------

            PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
            -> C:\Program Files\Eset\pr_imon.dll
            .
            Voltooingstijd: 2007-12-30 23:05:51
            C:\qoobox\ComboFix-quarantined-files.txt 2007-12-30 22:05:45
            C:\qoobox\ComboFix2.txt 2007-12-30 20:23:36
            .
            2007-12-24 15:00:58 --- E O F ---
            • Citaat

            Comment

            • #7
              en hier heb je het logje van hijackthis.

              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 23:08:32, on 30-12-2007
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
              C:\WINDOWS\system32\CTsvcCDA.exe
              C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\Eset\nod32krn.exe
              C:\Norman\Nvc\BIN\Zanda.exe
              C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
              C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
              C:\WINDOWS\stsystra.exe
              C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
              C:\Program Files\Logitech\G-series Software\LGDCore.exe
              C:\Program Files\Logitech\G-series Software\LCDMon.exe
              C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
              C:\Program Files\Eset\nod32kui.exe
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
              C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
              C:\Program Files\Winamp\winampa.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              C:\DOCUME~1\Timothy\LOCALS~1\Temp\clclean.0001
              C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
              C:\Program Files\internet explorer\iexplore.exe
              C:\WINDOWS\explorer.exe
              C:\WINDOWS\system32\notepad.exe
              C:\Documents and Settings\Timothy\Bureaublad\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
              O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
              O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
              O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
              O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
              O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
              O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
              O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
              O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
              O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
              O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
              O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
              O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
              O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
              O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O15 - Trusted Zone: http://toolbar.imageshack.us
              O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
              O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
              O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
              O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
              O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
              O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
              O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
              O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
              O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
              O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
              O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
              O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
              O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe
              O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
              O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

              --
              End of file - 8619 bytes
              • Citaat

              Comment

              • #8
                Verwijder de volgende map:
                C:\Qoobox

                Maak dan je prullenbak leeg.

                Download ATF cleaner (mirror)(gemaakt door Atribune)

                Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                Dubbelklik op ATF cleaner om het programma te starten.
                Op het tabblad "Main", plaats je een vinkje bij Select All.
                Klik op de knop Empty Selected.

                Het volgende doen als je ook FireFox als browser hebt:
                Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                Klik op de knop Empty Selected.

                Het volgende doen als je ook Opera als browser hebt:
                Klik op tabblad "Opera", plaats een vinkje bij Select All.
                Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                Klik op de knop Empty Selected.
                Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                Ga naar Start - Uitvoeren en geef hier het volgende in:
                Combofix /U
                Druk daarna op OK.
                Let op: Er moet een spatie tussen Combofix en /U zitten.

                Dit zal Combofix deïnstalleren.

                Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                Kijk hier hoe je je systeemherstel moet uitschakelen.
                Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                Zijn de problemen nu voorbij?
                • Citaat

                Comment

                • #9
                  Hartstikke bedankt

                  Hartstikke bedankt ik kan nu weer mijn favoriete achtergrond gebruiken

                  er zouden meer mensen moeten zijn zoals u. Dan zou het allemaal een stuk vlotter gaan met heel dat spyware gedoe.

                  ik zal zeker tegen mijn vrienden vertellen wat voor fantastische replies je hier krijgt over hoe je het allemaal weer "fixt"
                  • Citaat

                  Comment

                  • #10
                    Graag gedaan hoor, fijn dat het allemaal gelukt is
                    • Citaat

                    Comment

                    Vorige template Volgende
                    Sorry, you are not authorized to view this page
                    Working...
                    X