Ik zie geen rare dingen in je log gg.

Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
Als het tooltje klaar is, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

hallo, bedankt voor het reageren ik. Ik heb de aanwijzingen opgevolgd maar op de site van microsoft kan ik niet de Windows Recovery Console voor windows xp pro sp3 vinden. Welke moet ik nu kiezen of kan ik deze stap ook overslaan

Mvg gg

Sla die stap maar over dan.

hallo ik heb de log van combo fix hier onder staan en daar onder het ander logje

ComboFix 08-05-20.5 - Administrator 2008-05-21 14:22:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.659 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Administrator\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\KernelDrv.exe
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\lanmanwrk.exe
C:\WINDOWS\system32\nvrsma.dll
C:\WINDOWS\system32\qmopt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_lanmandrv


(((((((((((((((((((( Bestanden Gemaakt van 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))
.

2008-05-21 12:25 . 2008-05-21 12:25 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-21 12:24 . 2008-05-21 13:14 <DIR> d-------- C:\Program Files\Oberon Media
2008-05-21 12:24 . 2008-05-21 12:24 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-05-21 11:53 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
2008-05-20 17:31 . 2008-05-20 17:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-20 16:26 . 2008-05-20 22:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
2008-05-20 15:25 . 2008-05-20 15:25 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-20 11:42 . 2008-05-20 11:42 <DIR> d-------- C:\Program Files\Teletekstbrowser
2008-05-20 11:02 . 2008-05-20 11:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-05-20 11:01 . 2008-05-20 11:02 <DIR> d-------- C:\Program Files\LimeWire
2008-05-20 02:32 . 2008-05-20 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-20 02:32 . 2008-05-20 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-20 02:32 . 2008-05-20 02:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Zylom
2008-05-20 01:44 . 2008-05-20 16:56 <DIR> d-------- C:\My Download Files
2008-05-20 01:43 . 2008-05-20 01:49 <DIR> d-------- C:\Program Files\Common Files\Real
2008-05-20 01:43 . 2008-05-20 01:43 774,144 --a------ C:\Program Files\RngInterstitial.dll
2008-05-19 16:26 . 2008-05-19 16:26 <DIR> d-------- C:\Program Files\TopDesk
2008-05-19 16:01 . 2008-05-19 16:01 <DIR> d-------- C:\Program Files\Lavalys
2008-05-19 15:49 . 2008-05-19 15:49 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-18 21:16 . 2008-05-21 14:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 21:03 . 2008-05-18 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-05-18 21:03 . 2008-05-18 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-05-18 18:51 . 2008-05-18 18:51 244 --ah----- C:\sqmnoopt19.sqm
2008-05-18 18:51 . 2008-05-18 18:51 232 --ah----- C:\sqmdata19.sqm
2008-05-18 18:36 . 2008-05-18 18:36 244 --ah----- C:\sqmnoopt18.sqm
2008-05-18 18:36 . 2008-05-18 18:36 232 --ah----- C:\sqmdata18.sqm
2008-05-18 18:33 . 2008-05-18 18:33 244 --ah----- C:\sqmnoopt17.sqm
2008-05-18 18:33 . 2008-05-18 18:33 244 --ah----- C:\sqmnoopt16.sqm
2008-05-18 18:33 . 2008-05-18 18:33 244 --ah----- C:\sqmnoopt15.sqm
2008-05-18 18:33 . 2008-05-18 18:33 232 --ah----- C:\sqmdata17.sqm
2008-05-18 18:33 . 2008-05-18 18:33 232 --ah----- C:\sqmdata16.sqm
2008-05-18 18:33 . 2008-05-18 18:33 232 --ah----- C:\sqmdata15.sqm
2008-05-18 17:09 . 2008-05-18 17:09 268 --ah----- C:\sqmdata14.sqm
2008-05-18 17:09 . 2008-05-18 17:09 244 --ah----- C:\sqmnoopt14.sqm
2008-05-18 17:04 . 2008-05-19 15:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-18 17:04 . 2008-05-18 17:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-05-18 17:04 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-18 17:04 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-18 17:04 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-18 17:04 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-05-18 17:04 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-18 17:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-18 14:22 . 2008-05-18 14:22 <DIR> d-------- C:\WINDOWS\system32\nl
2008-05-18 14:22 . 2008-05-18 14:22 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-18 14:22 . 2008-05-18 14:22 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-18 14:18 . 2008-05-18 14:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-18 14:02 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-05-18 13:07 . 2008-05-18 13:07 244 --ah----- C:\sqmnoopt13.sqm
2008-05-18 13:07 . 2008-05-18 13:07 232 --ah----- C:\sqmdata13.sqm
2008-05-18 12:56 . 2008-05-18 12:56 244 --ah----- C:\sqmnoopt12.sqm
2008-05-18 12:56 . 2008-05-18 12:56 232 --ah----- C:\sqmdata12.sqm
2008-05-18 12:55 . 2008-05-18 12:55 244 --ah----- C:\sqmnoopt11.sqm
2008-05-18 12:55 . 2008-05-18 12:55 244 --ah----- C:\sqmnoopt10.sqm
2008-05-18 12:55 . 2008-05-18 12:55 232 --ah----- C:\sqmdata11.sqm
2008-05-18 12:55 . 2008-05-18 12:55 232 --ah----- C:\sqmdata10.sqm
2008-05-18 12:54 . 2008-05-18 12:54 244 --ah----- C:\sqmnoopt09.sqm
2008-05-18 12:54 . 2008-05-18 12:54 244 --ah----- C:\sqmnoopt08.sqm
2008-05-18 12:54 . 2008-05-18 12:54 232 --ah----- C:\sqmdata09.sqm
2008-05-18 12:54 . 2008-05-18 12:54 232 --ah----- C:\sqmdata08.sqm
2008-05-18 12:43 . 2008-05-18 12:43 244 --ah----- C:\sqmnoopt07.sqm
2008-05-18 12:43 . 2008-05-18 12:43 244 --ah----- C:\sqmnoopt06.sqm
2008-05-18 12:43 . 2008-05-18 12:43 232 --ah----- C:\sqmdata07.sqm
2008-05-18 12:43 . 2008-05-18 12:43 232 --ah----- C:\sqmdata06.sqm
2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt05.sqm
2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt04.sqm
2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt03.sqm
2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt02.sqm
2008-05-18 12:42 . 2008-05-18 12:42 244 --ah----- C:\sqmnoopt01.sqm
2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata05.sqm
2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata04.sqm
2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata03.sqm
2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata02.sqm
2008-05-18 12:42 . 2008-05-18 12:42 232 --ah----- C:\sqmdata01.sqm
2008-05-18 12:28 . 2008-05-20 16:10 <DIR> d-------- C:\Program Files\CCleaner
2008-05-18 10:47 . 2008-05-18 11:18 <DIR> d-------- C:\Program Files\Spinach AntiSpyware
2008-05-18 10:33 . 2008-05-18 10:34 26,990 --a------ C:\WINDOWS\system32\kcopt.dll
2008-05-18 10:32 . 2008-05-18 10:36 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-18 10:32 . 2008-05-18 10:36 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-18 10:32 . 2008-05-18 10:32 135,168 --a------ C:\WINDOWS\system32\ntpl.bin
2008-05-18 10:32 . 2008-05-18 10:32 54,784 --a------ C:\WINDOWS\system32\lght.ln
2008-05-18 10:32 . 2008-05-18 10:32 32,768 --a------ C:\WINDOWS\system32\pryx.ln
2008-05-18 01:54 . 2008-05-18 01:54 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-18 01:52 . 2008-05-18 01:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-17 20:58 . 2008-05-17 20:58 268 --ah----- C:\sqmdata00.sqm
2008-05-17 20:58 . 2008-05-17 20:58 244 --ah----- C:\sqmnoopt00.sqm
2008-05-17 13:08 . 2008-05-17 13:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-17 13:08 . 2008-05-19 16:49 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-05-17 13:00 . 2008-05-17 13:08 <DIR> d-------- C:\Program Files\Windows Live
2008-05-17 13:00 . 2008-05-17 13:07 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-17 13:00 . 2008-05-17 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-17 12:43 . 2008-05-17 12:43 <DIR> d-------- C:\WINDOWS\Performance
2008-05-17 12:43 . 2008-05-18 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-05-17 11:58 . 2006-11-15 11:29 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2008-05-17 11:57 . 2006-04-11 15:03 184,320 --------- C:\WINDOWS\system32\RALMain.dll
2008-05-17 11:57 . 2005-12-12 15:57 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2008-05-17 11:53 . 2004-07-02 17:28 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-17 11:53 . 2004-07-02 17:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-05-17 11:52 . 2005-02-09 12:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2008-05-17 11:39 . 2008-05-17 11:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-17 11:36 . 2008-05-17 11:37 <DIR> d-------- C:\Program Files\QuickTime
2008-05-17 11:36 . 2008-05-17 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-17 11:03 . 2008-05-17 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-17 11:00 . 2008-05-17 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-17 10:41 . 2008-05-20 01:21 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-17 10:41 . 2008-05-17 10:41 0 --a------ C:\dump_dvd.vob
2008-05-17 10:33 . 2008-05-17 11:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-05-17 10:31 . 2008-05-17 10:31 <DIR> d-------- C:\Program Files\Nero
2008-05-17 10:31 . 2008-05-17 11:03 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-17 01:57 . 2008-05-20 19:52 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-17 01:56 . 2008-05-17 01:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-17 01:53 . 2008-05-17 01:53 <DIR> d-------- C:\Program Files\MSBuild
2008-05-17 01:49 . 2008-05-17 01:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-17 01:48 . 2008-05-17 01:48 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-17 01:48 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-17 01:47 . 2008-05-17 01:47 <DIR> d-------- C:\22cab8a14a809911ed194b
2008-05-17 01:41 . 2008-05-17 01:42 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-17 01:41 . 2008-05-17 01:43 <DIR> d-------- C:\Program Files\uTorrent
2008-05-17 01:41 . 2008-05-21 14:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-17 01:23 . 2008-05-17 01:23 <DIR> d-------- C:\Program Files\MSECache
2008-05-17 01:04 . 2008-05-17 01:04 395 --a------ C:\WINDOWS\ODBC.INI
2008-05-17 01:03 . 2008-05-17 01:03 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-17 01:00 . 2008-05-17 01:00 <DIR> dr-h----- C:\MSOCache
2008-05-17 00:51 . 2008-05-17 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-17 00:51 . 2008-05-17 00:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2008-05-17 00:51 . 2008-05-17 00:51 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 17:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 17:03 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 17:03 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 17:03 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 17:03 287,232 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 17:03 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 17:03 153,088 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 17:03 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 17:03 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 17:03 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 16:43 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 16:43 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 16:43 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 16:43 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 16:43 120,448 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 16:40 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 16:40 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 16:39 25,088 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 16:38 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 16:38 37,760 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 16:37 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 16:37 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 16:36 65,536 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 16:35 53,504 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 16:34 58,112 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 16:34 273,536 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 16:34 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 16:33 53,504 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 16:32 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 16:32 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 16:31 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 16:31 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 16:30 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 16:30 23,552 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 16:30 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 03:54 65536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:03]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-17 00:51]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 14:27:21
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-21 14:32:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 12:32:08

Pre-Run: 68,633,952,256 bytes beschikbaar
Post-Run: 71,878,074,368 bytes beschikbaar

319 --- E O F --- 2008-05-20 17:52:45



en hier het HijackThis logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:35, on 21-5-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuws.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1211021919218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210965413625
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A9266C4-FDC5-429C-ADEA-978CE8AE14DA}: NameServer = 62.45.45.45 62.45.46.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A9266C4-FDC5-429C-ADEA-978CE8AE14DA}: NameServer = 62.45.45.45 62.45.46.46
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5983 bytes

Mvg gg

Zijn er nog problemen?

nee als het logje goed was bevonden is het voor mij ook goed, alleen zie ik mijn virus scanner niet meer staan in het opstart menu en in de pictogrammen rechts onder in mijn werk balk. kan dit kloppen?

Deïnstalleren dan en na een reboot opnieuw installeren.

ok bedankt voor de medewerking verder werkt alles na mijn inzicht goed.

mvg gg

Mooi zo.

Ga naar Start - Uitvoeren en tik in: ComboFix /u
Druk op Enter.



Ga naar Kaspersky Online Scanner en klik onderaan op Accept.
Deze scanner werkt uitsluitend met Internet Explorer 6 en hoger !!
Het zou kunnen dat je aan de bovenkant van je scherm op een gele balk moet klikken om ActiveX bestanden die Kaspersky nodig heeft om te kunnen scannen te downloaden. Sta dit toe.

• Het programma begint nu met het downloaden van de laatste definitie files. Hierna klik je op Next.
  
• Klik vervolgens op de toets Scan Settings.
  Onder de tekst Scan using the following antivirus database: kies je de tweede mogelijkheid: extended - protect your .....
  Onder de tekst Scan options: zet je de twee vinkjes: Scan Archives .... en Scan Mail Bases ....
  
• Klik dan op de toets OK.
  
• Start nu het scannen door op de tekst My Computer te klikken.
  
  
  Hou er rekening mee dat deze scan een tijdje in beslag neemt.
  
• Eenmaal de scan volledig is krijg je de gelegenheid om het scanrapport op te slaan.
  Klik op de toets Save Report As te klikken. Sla het rapport op je Bureaublad op met als naam kavscan.txt

Post dit rapport in je volgende bericht.

hallo ik dacht dat het klaar was haha nou hier het log bestand van de online scanner

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 22, 2008 2:50:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/05/2008
Kaspersky Anti-Virus database records: 793934
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
A:\
C:\
D:\
E:\
H:\
I:\
J:\
K:\
M:\

Scan Statistics:
Total number of scanned objects: 69632
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 00:39:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Geschiedenis\History.IE5\MSHist012008052220080523\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Interne bescherming.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C336DDDE-E8A6-4BC4-91F8-DCE0949F79CE}\RP8\change.log Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\user32.dll Infected: Trojan.Win32.Patched.bb skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lght.ln Infected: Trojan-Spy.Win32.Agent.cad skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\ntpl.bin Infected: Trojan-Spy.Win32.Agent.clk skipped
C:\WINDOWS\system32\pryx.ln Infected: Trojan-Spy.Win32.Agent.cad skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4f4.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Restjes van de infecties opruimen.

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.
@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
"C:\WINDOWS\$NtServicePackUninstall$\user32.dll"
"C:\WINDOWS\system32\lght.ln"
"C:\WINDOWS\system32\ntpl.bin"
"C:\WINDOWS\system32\pryx.ln") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted successfully>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Deleting files
"C:\WINDOWS\$NtServicePackUninstall$\user32.dll" deleted successfully
"C:\WINDOWS\system32\lght.ln" deleted successfully
"C:\WINDOWS\system32\ntpl.bin" deleted successfully
"C:\WINDOWS\system32\pryx.ln" deleted successfully

Mooi.
Alle problemen zijn opgelost?

ok bedankt voor de hulp.

mvg gg