Download Malwarebytes' Anti-Malware op je bureaublad.
Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
Druk daarna op "Finish".
Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
Druk dan op de knop "Start Scan".
Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
Als het programma je computer wil laten herstarten, sta je dit toe.
Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

Hoi,

Hier is het logje van het programma:

Malwarebytes' Anti-Malware 1.09
Database versie: 568

Scan type: Volledige Scan (C:\|D:\|G:\|H:\|I:\|J:\|)
Objecten gescand: 210509
Verstreken tijd: 46 minute(s), 49 second(s)

Geheugenprocessen geïnfecteerd: 1
Geheugenmodulen geïnfecteerd: 3
Registersleutels geïnfecteerd: 18
Registerwaarden geïnfecteerd: 2
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 19

Geheugenprocessen geïnfecteerd:
c:\WINDOWS\mrofinu1535.exe (Trojan.Downloader) -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\byXPjJaX.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wakvpmaw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ssqPjHwU.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2cb08d22-7cf9-4f90-8015-ec627ba8b8ed} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2cb08d22-7cf9-4f90-8015-ec627ba8b8ed} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqpjhwu (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxpjjax -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
c:\WINDOWS\mrofinu1535.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXPjJaX.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\XaJjPXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XaJjPXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wakvpmaw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wampvkaw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPjHwU.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070916-130120-781.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP10\A0008212.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP10\A0008213.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP10\A0025834.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034487.dll (Worm.Voterai) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034490.dll (Worm.Voterai) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034532.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034533.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP12\A0034534.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP37\A0046091.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\AutoUpdateWin32.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\AutoUpdateWin33.exe (Adware.Agent) -> Quarantined and deleted successfully.

En hier is een nieuw HiJackThis logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:28, on 30-3-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {f157e23b-4699-dc79-ae94-dc7292942923} - {32924929-27cd-49ea-97cd-9964b32e751f} - C:\WINDOWS\system32\yxxxqtgx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [a0bef045] rundll32.exe "C:\WINDOWS\system32\wakvpmaw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Enchanted .url
O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://www.dlrpfans.be/divxwebplayer/DivXBrowserPlugin.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8188 bytes

Nu nog geen last gehad van pop-upjes. Alleen na het opnieuw starten waar het programma mij om vroeg, kreeg ik een bericht over een .dll bestand. Er stond iets in dat ik een niet legale versie van Windows zou hebben.

Groetjes,
Robin.

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ren C:\WINDOWS\system32\yxxxqtgx.dll yxxxqtgx.bak
ren C:\WINDOWS\system32\wakvpmaw.dll wakvpmaw.bak
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\yxxxqtgx.bak
C:\WINDOWS\system32\wakvpmaw.bak
C:\WINDOWS\system32\yxxxqtgx.dll
C:\WINDOWS\system32\wakvpmaw.dll) DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Hoi,

Hier is het logje:

Deleting files
C:\WINDOWS\system32\yxxxqtgx.bak not deleted
C:\WINDOWS\system32\wakvpmaw.bak not found
C:\WINDOWS\system32\yxxxqtgx.dll not found
C:\WINDOWS\system32\wakvpmaw.dll not found

Groetjes,
Robin.

Herstart je computer.

Dubbelklik del.bat nog een keer en post het logje.

Hoi,

Nu zecht hij alleen nog maar iets over een wakvpmaw.dll bestand dat niet klopt, in de map Windows.

Logje:

Deleting files
C:\WINDOWS\system32\yxxxqtgx.bak deleted
C:\WINDOWS\system32\wakvpmaw.bak not found
C:\WINDOWS\system32\yxxxqtgx.dll not found
C:\WINDOWS\system32\wakvpmaw.dll not found

Groetjes,
Robni.

Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
O2 - BHO: {f157e23b-4699-dc79-ae94-dc7292942923} - {32924929-27cd-49ea-97cd-9964b32e751f} - C:\WINDOWS\system32\yxxxqtgx.dll
O4 - HKLM\..\Run: [a0bef045] rundll32.exe "C:\WINDOWS\system32\wakvpmaw.dll",b
Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

Download dit bestand: zoek.exe
Dubbelklik het, na een tijdje opent er een logje.
Post de inhoud van dit logje in je volgende bericht

Hoi,

Alles gedaan wat je had gezegd, hier is het logje:

======C:\WINDOWS====
----a-w 0 2008-03-31 05:08:07 C:\WINDOWS\0.log
--s-a-w 2,048 2008-03-31 05:07:06 C:\WINDOWS\bootstat.dat
----a-w 272,915 2008-03-16 11:15:22 C:\WINDOWS\comsetup.log
----a-w 210,430 2008-03-29 14:36:57 C:\WINDOWS\DirectX.log
----a-w 12,298 2008-03-10 12:37:25 C:\WINDOWS\DPINST.LOG
----a-w 45,729 2008-03-16 11:15:22 C:\WINDOWS\ehOCGen.log
----a-w 808,068 2008-03-16 11:15:21 C:\WINDOWS\FaxSetup.log
----a-w 903,525 2008-03-16 11:15:22 C:\WINDOWS\iis6.log
----a-w 1,374 2008-03-16 11:15:11 C:\WINDOWS\imsins.BAK
----a-w 1,374 2008-03-16 11:15:22 C:\WINDOWS\imsins.log
----a-w 12,906 2008-03-15 09:40:14 C:\WINDOWS\KB885884.log
----a-w 75,719 2008-03-10 02:03:03 C:\WINDOWS\KB888302.log
----a-w 87,070 2008-03-10 02:04:20 C:\WINDOWS\KB890046.log
----a-w 66,149 2008-03-10 02:01:07 C:\WINDOWS\KB890859.log
----a-w 97,282 2008-03-10 02:06:22 C:\WINDOWS\KB893756.log
----a-w 61,015 2008-03-10 02:01:39 C:\WINDOWS\KB896428.log
----a-w 111,391 2008-03-10 02:07:42 C:\WINDOWS\KB899587.log
----a-w 96,963 2008-03-10 02:06:35 C:\WINDOWS\KB899591.log
----a-w 71,161 2008-03-10 02:02:30 C:\WINDOWS\KB900725.log
----a-w 96,314 2008-03-10 02:06:42 C:\WINDOWS\KB901017.log
----a-w 84,556 2008-03-10 02:03:43 C:\WINDOWS\KB905414.log
----a-w 64,522 2008-03-10 02:01:54 C:\WINDOWS\KB905749.log
----a-w 95,216 2008-03-10 02:06:08 C:\WINDOWS\KB911280.log
----a-w 97,291 2008-03-10 02:06:49 C:\WINDOWS\KB911927.log
----a-w 64,492 2008-03-10 02:01:47 C:\WINDOWS\KB913580.log
----a-w 86,185 2008-03-10 02:03:50 C:\WINDOWS\KB914388.log
----a-w 62,264 2008-03-10 02:01:19 C:\WINDOWS\KB914389.log
----a-w 78,645 2008-03-10 02:03:22 C:\WINDOWS\KB918118.log
----a-w 86,929 2008-03-10 02:04:27 C:\WINDOWS\KB918439.log
----a-w 85,681 2008-03-10 02:03:56 C:\WINDOWS\KB919007.log
----a-w 113,310 2008-03-10 07:09:42 C:\WINDOWS\KB920213.log
----a-w 86,574 2008-03-10 02:04:33 C:\WINDOWS\KB920670.log
----a-w 74,705 2008-03-10 02:01:26 C:\WINDOWS\KB920683.log
----a-w 95,964 2008-03-10 02:06:29 C:\WINDOWS\KB920685.log
----a-w 102,952 2008-03-10 02:07:20 C:\WINDOWS\KB922819.log
----a-w 77,827 2008-03-10 02:03:34 C:\WINDOWS\KB923191.log
----a-w 99,391 2008-03-10 02:07:13 C:\WINDOWS\KB923414.log
----a-w 96,270 2008-03-10 02:06:15 C:\WINDOWS\KB923980.log
----a-w 92,653 2008-03-10 02:05:42 C:\WINDOWS\KB924270.log
----a-w 88,896 2008-03-10 02:05:48 C:\WINDOWS\KB924667.log
----a-w 52,476 2008-03-28 06:38:10 C:\WINDOWS\KB925766.log
----a-w 86,564 2008-03-10 02:04:49 C:\WINDOWS\KB925902.log
----a-w 36,933 2008-03-15 11:51:39 C:\WINDOWS\KB926239.log
----a-w 50,814 2008-03-10 02:05:24 C:\WINDOWS\KB926251.log
----a-w 78,909 2008-03-10 02:03:15 C:\WINDOWS\KB926255.log
----a-w 85,837 2008-03-10 02:04:14 C:\WINDOWS\KB926436.log
----a-w 110,085 2008-03-10 02:07:34 C:\WINDOWS\KB927779.log
----a-w 104,320 2008-03-10 02:07:27 C:\WINDOWS\KB927802.log
----a-w 99,591 2008-03-10 02:06:56 C:\WINDOWS\KB928255.log
----a-w 71,055 2008-03-10 02:04:41 C:\WINDOWS\KB929123.log
----a-w 19,186 2008-03-16 11:15:22 C:\WINDOWS\KB929399.log
----a-w 86,814 2008-03-10 02:04:02 C:\WINDOWS\KB930178.log
----a-w 63,878 2008-03-10 02:02:06 C:\WINDOWS\KB930916.log
----a-w 89,546 2008-03-10 02:05:36 C:\WINDOWS\KB931261.log
----a-w 126,135 2008-03-10 07:09:49 C:\WINDOWS\KB932168.log
----a-w 57,708 2008-03-10 02:02:18 C:\WINDOWS\KB935840.log
----a-w 74,980 2008-03-10 02:06:01 C:\WINDOWS\KB936021.log
----a-w 22,384 2008-03-16 11:15:01 C:\WINDOWS\KB936782.log
----a-w 86,080 2008-03-10 02:07:06 C:\WINDOWS\KB937894.log
----a-w 98,618 2008-03-10 02:02:00 C:\WINDOWS\KB938127-IE7.log
----a-w 73,659 2008-03-10 02:05:54 C:\WINDOWS\KB938828.log
----a-w 72,638 2008-03-10 02:04:56 C:\WINDOWS\KB938829.log
----a-w 13,925 2008-03-16 11:15:11 C:\WINDOWS\KB939683.log
----a-w 66,265 2008-03-10 02:03:28 C:\WINDOWS\KB941202.log
----a-w 74,446 2008-03-10 02:03:09 C:\WINDOWS\KB941568.log
----a-w 37,297 2008-03-15 13:23:22 C:\WINDOWS\KB941569.log
----a-w 79,671 2008-03-10 02:05:30 C:\WINDOWS\KB941644.log
----a-w 101,198 2008-03-10 02:04:09 C:\WINDOWS\KB942763.log
----a-w 57,034 2008-03-10 02:01:33 C:\WINDOWS\KB943055.log
----a-w 57,923 2008-03-10 02:02:12 C:\WINDOWS\KB943485.log
----a-w 101,747 2008-03-10 02:02:57 C:\WINDOWS\KB944533-IE7.log
----a-w 55,327 2008-03-10 02:01:13 C:\WINDOWS\KB944653.log
----a-w 80,551 2008-03-10 02:05:01 C:\WINDOWS\KB946026.log
----a-w 2,416 2008-03-29 12:16:25 C:\WINDOWS\medblker.Log
----a-w 108,921 2008-03-29 12:16:19 C:\WINDOWS\MedCtrOC.log
----a-w 6,289 2008-03-29 21:51:49 C:\WINDOWS\mgxoschk.ini
----a-w 31,742 2008-03-15 11:51:02 C:\WINDOWS\MSCompPackV1.log
----a-w 40,064 2008-03-16 11:15:21 C:\WINDOWS\msgsocm.log
----a-w 248,222 2008-03-16 11:15:21 C:\WINDOWS\msmqinst.log
----a-w 153,491 2008-03-16 11:15:21 C:\WINDOWS\netfxocm.log
----a-w 164,826 2008-03-16 11:15:22 C:\WINDOWS\ntdtcsetup.log
----a-w 390,654 2008-03-16 11:15:21 C:\WINDOWS\ocgen.log
----a-w 49,634 2008-03-16 11:15:22 C:\WINDOWS\ocmsn.log
----a-w 395 2008-03-13 14:27:16 C:\WINDOWS\ODBC.INI
----a-w 93,439 2008-03-16 11:15:21 C:\WINDOWS\plusoc.log
----a-w 17,016 2008-03-30 19:58:23 C:\WINDOWS\SchedLgU.Txt
----a-w 71,476 2008-03-28 06:38:05 C:\WINDOWS\setupapi.log
----a-w 1,037,055 2008-03-16 11:14:52 C:\WINDOWS\setupapi.log.1.old
----a-w 92,810 2008-03-29 12:16:25 C:\WINDOWS\spupdsvc.log
----a-w 40,169 2008-03-16 11:15:22 C:\WINDOWS\tabletoc.log
----a-w 370,021 2008-03-16 11:15:22 C:\WINDOWS\tsoc.log
----a-w 88,094 2008-03-28 06:38:09 C:\WINDOWS\updspapi.log
----a-w 159 2008-03-26 06:21:18 C:\WINDOWS\wiadebug.log
----a-w 49 2008-03-26 06:21:19 C:\WINDOWS\wiaservc.log
----a-w 507 2008-03-15 11:50:23 C:\WINDOWS\win.ini
----a-w 2,030,673 2008-03-31 09:42:08 C:\WINDOWS\WindowsUpdate.log
----a-w 71,847 2008-03-15 11:49:50 C:\WINDOWS\WMFDist11.log
----a-w 52,382 2008-03-15 11:50:25 C:\WINDOWS\wmp11.log
----a-w 49,587 2008-03-30 19:00:29 C:\WINDOWS\wmsetup.log
----a-w 1,782 2008-03-15 11:50:23 C:\WINDOWS\wmsetup10.log
----a-w 316,640 2008-03-15 11:49:47 C:\WINDOWS\WMSysPr9.prx
----a-w 39,489 2008-03-15 11:49:16 C:\WINDOWS\Wudf01000Inst.log

Entries: 102 (101)
Directories: 0 Files: 102
Bytes: 12,711,497 Blocks: 24,880
======C:\WINDOWS\system32=====
----a-w 16,832 2008-03-15 12:50:58 C:\WINDOWS\System32\amcompat.tlb
----a-w 1,884,848 2008-03-29 19:11:33 C:\WINDOWS\System32\FNTCACHE.DAT
----a-w 93 2008-03-10 20:54:53 C:\WINDOWS\System32\LuResult.txt
----a-w 23,392 2008-03-15 12:50:58 C:\WINDOWS\System32\nscompat.tlb
----a-w 68,694 2008-03-31 05:09:29 C:\WINDOWS\System32\nvapps.xml
----a-w 53,572 2008-03-30 11:45:02 C:\WINDOWS\System32\perfc009.dat
----a-w 70,546 2008-03-30 11:45:02 C:\WINDOWS\System32\perfc013.dat
----a-w 381,828 2008-03-30 11:45:02 C:\WINDOWS\System32\perfh009.dat
----a-w 443,836 2008-03-30 11:45:02 C:\WINDOWS\System32\perfh013.dat
----a-w 959,226 2008-03-30 11:45:01 C:\WINDOWS\System32\PerfStringBackup.INI
----a-w 138,760 2008-03-10 02:04:05 C:\WINDOWS\System32\TZLog.log
----a-w 1,158 2008-03-29 12:15:47 C:\WINDOWS\System32\wpa.dbl

Entries: 12 (12)
Directories: 0 Files: 12
Bytes: 4,042,785 Blocks: 7,902
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
--sha-w 1,072,222,208 2008-03-31 05:06:59 C:\hiberfil.sys
--sha-w 1,610,612,736 2008-03-31 05:06:57 C:\pagefile.sys
---ha-w 232 2008-03-31 06:59:26 C:\sqmdata00.sqm
---ha-w 232 2008-03-31 12:19:40 C:\sqmdata01.sqm
---ha-w 232 2008-03-31 13:49:34 C:\sqmdata02.sqm
---ha-w 232 2008-03-29 13:44:07 C:\sqmdata03.sqm
---ha-w 232 2008-03-29 13:44:07 C:\sqmdata04.sqm
---ha-w 232 2008-03-29 13:44:11 C:\sqmdata05.sqm
---ha-w 232 2008-03-29 13:44:14 C:\sqmdata06.sqm
---ha-w 232 2008-03-29 14:27:52 C:\sqmdata07.sqm
---ha-w 232 2008-03-29 15:09:30 C:\sqmdata08.sqm
---ha-w 232 2008-03-29 21:15:57 C:\sqmdata09.sqm
---ha-w 232 2008-03-29 21:17:03 C:\sqmdata10.sqm
---ha-w 232 2008-03-29 22:06:43 C:\sqmdata11.sqm
---ha-w 232 2008-03-30 12:12:39 C:\sqmdata12.sqm
---ha-w 232 2008-03-30 14:17:53 C:\sqmdata13.sqm
---ha-w 232 2008-03-30 14:17:58 C:\sqmdata14.sqm
---ha-w 232 2008-03-30 14:30:22 C:\sqmdata15.sqm
---ha-w 232 2008-03-30 16:32:13 C:\sqmdata16.sqm
---ha-w 232 2008-03-30 16:57:17 C:\sqmdata17.sqm
---ha-w 232 2008-03-30 18:38:06 C:\sqmdata18.sqm
---ha-w 232 2008-03-31 05:30:33 C:\sqmdata19.sqm
---ha-w 244 2008-03-31 06:59:26 C:\sqmnoopt00.sqm
---ha-w 244 2008-03-31 12:19:40 C:\sqmnoopt01.sqm
---ha-w 244 2008-03-31 13:49:34 C:\sqmnoopt02.sqm
---ha-w 244 2008-03-29 13:44:07 C:\sqmnoopt03.sqm
---ha-w 244 2008-03-29 13:44:07 C:\sqmnoopt04.sqm
---ha-w 244 2008-03-29 13:44:11 C:\sqmnoopt05.sqm
---ha-w 244 2008-03-29 13:44:14 C:\sqmnoopt06.sqm
---ha-w 244 2008-03-29 14:27:52 C:\sqmnoopt07.sqm
---ha-w 244 2008-03-29 15:09:30 C:\sqmnoopt08.sqm
---ha-w 244 2008-03-29 21:15:57 C:\sqmnoopt09.sqm
---ha-w 244 2008-03-29 21:17:03 C:\sqmnoopt10.sqm
---ha-w 244 2008-03-29 22:06:43 C:\sqmnoopt11.sqm
---ha-w 244 2008-03-30 12:12:39 C:\sqmnoopt12.sqm
---ha-w 244 2008-03-30 14:17:52 C:\sqmnoopt13.sqm
---ha-w 244 2008-03-30 14:17:58 C:\sqmnoopt14.sqm
---ha-w 244 2008-03-30 14:30:21 C:\sqmnoopt15.sqm
---ha-w 244 2008-03-30 16:32:13 C:\sqmnoopt16.sqm
---ha-w 244 2008-03-30 16:57:17 C:\sqmnoopt17.sqm
---ha-w 244 2008-03-30 18:38:06 C:\sqmnoopt18.sqm
---ha-w 244 2008-03-31 05:30:33 C:\sqmnoopt19.sqm

Entries: 42 (0)
Directories: 0 Files: 42
Bytes: 2,682,844,464 Blocks: 5,239,952
======C:\Documents and Settings\HP_Administrator\Application Data======
----a-w 25,128 2008-03-27 04:48:23 C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 25,128 Blocks: 50
======C:\Temp======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Documents and Settings\HP_Administrator======
----a-w 93 2008-03-10 20:54:32 C:\Documents and Settings\HP_Administrator\LuResult.txt
----a-w 2,883,584 2008-03-30 19:58:43 C:\Documents and Settings\HP_Administrator\NTUSER.DAT
----a-w 49,152 2008-03-31 13:51:05 C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
--sh--w 188 2008-03-30 19:58:20 C:\Documents and Settings\HP_Administrator\ntuser.ini
----a-w 28 2008-03-12 15:50:00 C:\Documents and Settings\HP_Administrator\sc_serv.ban

Entries: 5 (4)
Directories: 0 Files: 5
Bytes: 2,933,045 Blocks: 5,731
=============

Groetjes,
Robin.

Ik zie geen foute dingen

Doe dit nog:

Je Java software is verouderd.
Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:

• Download Java Runtime Environment (JRE) 6u5 en bewaar het naar je Bureaublad.
• Sluit alle programma's die eventueel open zijn - Zeker je web browser!
• Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
• Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
• Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
• Herhaal dit tot alle oudere versies verdwenen zijn.
• Na het verwijderen van alle oudere versies, herstart je pc.
• Dubbelklik vervolgens op jre-6u5-windows-i586-p-s.exe op je Bureaublad om de nieuwste versie van Java te installeren.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Post als laatste nog een nieuw logje van Hijackthis ter controle

Hoi,

Sorry dat het wat lang duurde!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:46, on 1-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Google Zoeken - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://www.dlrpfans.be/divxwebplayer/DivXBrowserPlugin.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 8365 bytes

Ik denk dat het allemaal heeft gewerkt! Héél erg bedankt maar weer!

Groetjes,
Robin.

Graag gedaan hoor

Logje ziet er weer goed uit