Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijack Log!!!!!!!

None
19 antwoorden
  • hallo iedereen

    Zou iemand zo vriendelijk willen zijn
    om mij log te checken?

    alvast bedankt grtz Geert:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:35:51, on 28-4-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ICIDU\ICIDU Wireless Utility\ZDWlan.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\map\rmvirut.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [e05d76e0] rundll32.exe "C:\WINDOWS\system32\fudacxca.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: ICIDU Wireless Utility.lnk = C:\Program Files\ICIDU\ICIDU Wireless Utility\ZDWlan.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11D5C0F9-6D73-429B-9002-0B53D7F94611} (gc5 Control) - http://hvd.getalenruimte.epn.nl/sites/getalenruimte/hvd/assets/3236CED6-70FA-15BF-C3F4-CF2601A553F9/vg5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3
    esources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1229539236_a6189753d621a7d3be2d6de357f7f5ab&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 9670 bytes
  • Ik weet of je problemen hebt dat je deze LOG plaatst, maar zo op het eerste gezicht ziet de LOG er netjes uit.
  • alvast bedankt voor het nakijken maxstar

    maar ik schijn toch last te hebben van wat virussen
    volgens avast en AVG maar ik krijg ze niet weg
    AVG kan ze wel verwijderen maar sommige bestanden
    zijn .dll bestanden uit system32 en het leek mij niet zo verstandig deze te verwijderen…

    verder lijkt het erop dat ik last heb van een trojan horse generic13.AGAB
    (of.AGAX)

    miss kunnen jullie me alsnog verder helpen?

    grtz geert
  • Draai ook eens de volgende programma's

    - Spybot
    - Adaware
    - MBAM

    Je kan deze bestanden ook eens online scannen, want het kan om een false positive gaan.

    http://www.kaspersky.com/scanforvirus
  • ok ik ga het proberen
  • ok ik heb die online scan laten draaien
    en die kwam tot de volgende conclusie:

    KASPERSKY ONLINE SCANNER 7.0 REPORT
    Wednesday, April 29, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Program database last update: Wednesday, April 29, 2009 14:57:57
    Records in database: 2093365


    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area Critical Areas
    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
    C:\Documents and Settings\Geert\Menu Start\Programma's\Opstarten
    C:\Program Files
    C:\WINDOWS

    Scan statistics
    Files scanned 38449
    Threat name 1
    Infected objects 1
    Suspicious objects 0
    Duration of the scan 00:29:46

    File name Threat name Threats count
    C:\WINDOWS\Temp\rtv_winupd.exe –> Infected: Trojan-Downloader.Win32.Adload.dvc

    enige suggesties?
  • ik heb ook maar MBAM laten lopen
    en daar kwam het volgende uiit:
    (hopelijk kunnen jullie me nu verder helpen)

    Malwarebytes' Anti-Malware 1.36
    Database versie: 2059
    Windows 5.1.2600 Service Pack 3

    29-4-2009 22:27:31
    mbam-log-2009-04-29 (22-27-26).txt

    Scan type: Snelle Scan
    Objecten gescand: 81694
    Verstreken tijd: 3 minute(s), 59 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 1
    Registersleutels geïnfecteerd: 14
    Registerwaarden geïnfecteerd: 2
    Registerdata bestanden geïnfecteerd: 2
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 7

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    C:\WINDOWS\system32\khfCtsSl.dll (Trojan.Vundo.H) -> No action taken.

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvsliy (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c10b9d75-91b6-48fe-965f-07f985a2f3c6} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{c10b9d75-91b6-48fe-965f-07f985a2f3c6} (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7e1d8f1-228b-4c39-abf8-e1d2badf1f85} (Trojan.Vundo.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{c7e1d8f1-228b-4c39-abf8-e1d2badf1f85} (Trojan.Vundo.H) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7e1d8f1-228b-4c39-abf8-e1d2badf1f85} (Trojan.Vundo.H) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e05d76e0 (Trojan.Vundo.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

    Registerdata bestanden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\khfctssl -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\khfctssl -> No action taken.

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\WINDOWS\system32\yayvSlIY.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\fopvza.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\khfCtsSl.dll (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\lSstCfhk.ini (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\lSstCfhk.ini2 (Trojan.Vundo.H) -> No action taken.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
    C:\WINDOWS\Temp\rtv_winupd.exe (Virus.Sality) -> No action taken.
  • Nieuw HJT logje plaatsen aub
  • ok maar ik weet niet of deze anders is dan de vorige:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:40:50, on 30-4-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\GameSpy\Comrade\Comrade.exe
    C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\ICIDU\ICIDU Wireless Utility\ZDWlan.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [e05d76e0] rundll32.exe "C:\WINDOWS\system32\gqmwecvl.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: ICIDU Wireless Utility.lnk = C:\Program Files\ICIDU\ICIDU Wireless Utility\ZDWlan.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11D5C0F9-6D73-429B-9002-0B53D7F94611} (gc5 Control) - http://hvd.getalenruimte.epn.nl/sites/getalenruimte/hvd/assets/3236CED6-70FA-15BF-C3F4-CF2601A553F9/vg5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3
    esources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1229539236_a6189753d621a7d3be2d6de357f7f5ab&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    End of file - 10145 bytes
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:10b2ff3e3e]
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [e05d76e0] rundll32.exe "C:\WINDOWS\system32\gqmwecvl.dll",b
    [/b:10b2ff3e3e]
    Klik op 'Fix checked' om de items te verwijderen.


    Download [b:10b2ff3e3e]Combofix[/color:10b2ff3e3e][/b:10b2ff3e3e] naar je Bureaublad en gebruik het volgens deze handleiding.

    [i:10b2ff3e3e]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:10b2ff3e3e]download Combofix opnieuw[/b:10b2ff3e3e].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:10b2ff3e3e][/i:10b2ff3e3e][list:10b2ff3e3e][*:10b2ff3e3e]Dubbelklik op [b:10b2ff3e3e]Combofix.exe[/b:10b2ff3e3e] om het te starten.
    [*:10b2ff3e3e][i:10b2ff3e3e]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:10b2ff3e3e]
    [*:10b2ff3e3e]Klik op [b:10b2ff3e3e]OK[/b:10b2ff3e3e] in het "NirCmd" venstertje.
    [*:10b2ff3e3e][i:10b2ff3e3e]Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:10b2ff3e3e]JA[/b:10b2ff3e3e] te klikken in het "Query - Recovery Console" venster.[/i:10b2ff3e3e]
    [*:10b2ff3e3e]Klik op [b:10b2ff3e3e]OK[/b:10b2ff3e3e] en [b:10b2ff3e3e]Ja[/b:10b2ff3e3e] om automatisch de Recovery Console te laten installeren.
    [*:10b2ff3e3e]Klik na afloop terug op [b:10b2ff3e3e]Ja[/b:10b2ff3e3e] om het scannen op malware te starten.
    [*:10b2ff3e3e]Tijdens het runnen van de fix, [b:10b2ff3e3e]NIET[/b:10b2ff3e3e] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:10b2ff3e3e]Wanneer de fix voltooid is en na herstart, zal de log [b:10b2ff3e3e]Combofix.txt[/b:10b2ff3e3e] openen.[/list:u:10b2ff3e3e]Post dit logje in je volgende antwoord.
  • ok stappen gevolgd en er kwam ind een log
    alleen is hij erg lang nja hier is ie:

    ComboFix 09-04-30.02 - Geert 30-04-2009 22:11.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1414 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Geert\Bureaublad\ComboFix.exe
    AV: avast! antivirus 4.8.1296 [VPS 090429-0] *On-access scanning disabled* (Updated)
    AV: AVG Internet Security *On-access scanning disabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\acxcaduf.ini
    c:\windows\system32\bajefdvn.ini
    c:\windows\system32\gqmwecvl.dll
    c:\windows\system32\jsippfnw.ini
    c:\windows\system32\khfCtsSl.dll
    c:\windows\system32\lSstCfhk.ini
    c:\windows\system32\lSstCfhk.ini2
    c:\windows\system32\lvcewmqg.ini
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\txqgwoab.ini
    c:\windows\system32\vwcotvym.dll
    E:\Autorun.inf

    —– BITS: Mogelijk geïnfecteerde sites —–

    hxxp://codecs.sytes.net
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-03-28 to 2009-04-30 ))))))))))))))))))))))))))))))
    .

    2009-04-30 18:11 . 2009-04-30 18:12 ——– d–h–w c:\documents and settings\Administrator\Sjablonen
    2009-04-30 18:11 . 2009-04-30 18:12 ——– d—–w c:\documents and settings\Administrator
    2009-04-30 09:18 . 2009-04-30 09:18 ——– d—–w c:\documents and settings\All Users\Application Data\Electronic Arts
    2009-04-29 20:21 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys
    2009-04-29 20:21 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-29 20:21 . 2009-04-29 20:21 ——– d—–w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-04-29 20:20 . 2009-04-30 18:12 ——– d—–w c:\program files\Malwarebytes' Anti-Malware
    2009-04-28 21:21 . 2009-04-29 12:55 ——– d–h–w C:\$AVG8.VAULT$
    2009-04-28 21:10 . 2009-04-28 21:10 11952 —-a-w c:\windows\system32\avgrsstx.dll
    2009-04-28 21:10 . 2009-04-28 21:10 12552 —-a-w c:\windows\system32\drivers\avgrkx86.sys
    2009-04-28 21:10 . 2009-04-28 21:10 108552 —-a-w c:\windows\system32\drivers\avgtdix.sys
    2009-04-28 21:10 . 2009-04-28 21:10 325896 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-04-28 21:10 . 2009-04-30 15:33 ——– d—–w c:\windows\system32\drivers\Avg
    2009-04-28 21:10 . 2009-04-28 21:10 ——– d—–w c:\program files\AVG
    2009-04-28 21:10 . 2009-04-29 12:58 ——– d—–w c:\documents and settings\All Users\Application Data\avg8
    2009-04-28 20:56 . 2009-04-28 20:56 ——– d—–w c:\program files\Trend Micro
    2009-04-28 12:30 . 2001-09-06 19:26 66048 -c–a-w c:\windows\system32\dllcache\s3legacy.dll
    2009-04-26 21:01 . 2009-04-26 21:02 ——– d—–w c:\windows\system32\NtmsData
    2009-04-26 20:41 . 2009-04-26 20:41 32 —-a-w c:\documents and settings\Geert\Application Data\__t.bin
    2009-04-25 14:29 . 2009-04-25 14:29 ——– d—–w c:\documents and settings\All Users\Application Data\wanted
    2009-04-25 14:29 . 2009-04-25 14:29 ——– d—–w c:\documents and settings\Geert\Local Settings\Application Data\wanted
    2009-04-22 19:45 . 2009-03-09 13:27 1846632 —-a-w c:\windows\system32\D3DCompiler_41.dll
    2009-04-22 19:45 . 2009-03-09 13:27 453456 —-a-w c:\windows\system32\d3dx10_41.dll
    2009-04-22 19:45 . 2009-03-09 13:27 4178264 —-a-w c:\windows\system32\D3DX9_41.dll
    2009-04-22 19:44 . 2009-03-16 12:18 69448 —-a-w c:\windows\system32\XAPOFX1_3.dll
    2009-04-22 19:44 . 2009-03-16 12:18 517448 —-a-w c:\windows\system32\XAudio2_4.dll
    2009-04-22 19:44 . 2009-03-16 12:18 235352 —-a-w c:\windows\system32\xactengine3_4.dll
    2009-04-22 19:44 . 2009-03-16 12:18 22360 —-a-w c:\windows\system32\X3DAudio1_6.dll
    2009-04-16 14:05 . 2009-04-16 14:09 ——– d—–w C:\Converted Audio Files
    2009-04-16 14:00 . 2009-04-16 14:05 ——– d—–w c:\program files\Acoustica MP3 To Wave Converter PLUS
    2009-04-16 13:58 . 2009-04-16 13:58 295424 —-a-w c:\windows\system32\bwmedia1.dll
    2009-04-16 13:58 . 2009-04-16 13:58 150016 —-a-w c:\windows\system32\bwmedia.dll
    2009-04-15 18:02 . 2009-02-06 10:10 227840 -c—-w c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-15 18:02 . 2009-03-06 14:23 285696 -c—-w c:\windows\system32\dllcache\pdh.dll
    2009-04-15 18:02 . 2009-02-09 11:27 111104 -c—-w c:\windows\system32\dllcache\services.exe
    2009-04-15 18:02 . 2009-02-09 10:56 401408 -c—-w c:\windows\system32\dllcache\rpcss.dll
    2009-04-15 18:02 . 2009-02-09 10:56 473600 -c—-w c:\windows\system32\dllcache\fastprox.dll
    2009-04-15 18:02 . 2009-02-09 10:56 684544 -c—-w c:\windows\system32\dllcache\advapi32.dll
    2009-04-15 18:02 . 2009-02-09 10:56 453120 -c—-w c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-15 18:01 . 2008-04-21 21:16 218624 -c—-w c:\windows\system32\dllcache\wordpad.exe
    2009-04-13 20:23 . 2009-04-13 20:24 ——– d—–w c:\program files\XVideoConverter
    2009-04-13 20:18 . 2009-04-13 20:20 ——– d—–w c:\program files\AimOne_AlltoMP3
    2009-04-11 13:48 . 2009-04-11 13:48 ——– d—–w c:\documents and settings\All Users\Application Data\2DBoy
    2009-04-08 20:26 . 2009-03-10 20:18 454024 —-a-w c:\windows\system32\KB905474\wgasetup.exe
    2009-04-08 20:26 . 2009-04-08 20:26 ——– d—–w c:\windows\system32\KB905474
    2009-04-08 20:26 . 2009-03-10 20:26 1436544 —-a-w c:\windows\system32\KB905474\wganotifypackageinner.exe
    2009-04-07 15:24 . 2009-04-07 15:24 ——– d—–w c:\program files\iPod
    2009-04-07 15:24 . 2009-04-07 15:24 ——– d—–w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-02 15:40 . 2009-04-02 15:41 ——– d—–w c:\program files\QuickTime
    2009-04-02 13:57 . 2009-04-02 14:05 ——– d—–w c:\program files\Garena
    2009-04-02 13:51 . 2009-04-02 13:52 ——– d—–w c:\documents and settings\Geert\Application Data\teamspeak2
    2009-04-02 13:27 . 2009-04-02 13:51 ——– d—–w c:\program files\Teamspeak2_RC2
    2009-04-02 13:25 . 2009-04-02 13:50 68289 —-a-w c:\windows\War3Unin.dat
    2009-04-02 13:25 . 2009-04-02 13:27 2829 —-a-w c:\windows\War3Unin.pif
    2009-04-02 13:25 . 2009-04-02 13:27 139264 —-a-w c:\windows\War3Unin.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-30 16:45 . 2008-11-26 17:38 137688 —-a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-04-30 16:45 . 2008-11-26 17:38 202040 —-a-w c:\windows\system32\PnkBstrB.exe
    2009-04-25 14:27 . 2008-12-29 00:09 ——– d—–w c:\program files\OpenAL
    2009-04-25 14:13 . 2008-11-25 14:13 ——– d–h–w c:\program files\InstallShield Installation Information
    2009-04-22 19:45 . 2008-11-25 14:56 ——– d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-04-22 19:45 . 2008-11-25 14:56 ——– d—–w c:\program files\AGEIA Technologies
    2009-04-16 05:57 . 2002-09-11 12:00 82224 —-a-w c:\windows\system32\perfc013.dat
    2009-04-16 05:57 . 2002-09-11 12:00 468830 —-a-w c:\windows\system32\perfh013.dat
    2009-04-12 07:58 . 2008-11-25 14:50 70856 —-a-w c:\documents and settings\Geert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-11 13:37 . 2008-11-25 15:12 ——– d—–w c:\program files\Common Files\Ahead
    2009-04-11 13:27 . 2008-11-25 15:08 ——– d—–w c:\program files\Common Files\Adobe
    2009-04-07 15:24 . 2009-03-17 16:27 ——– d—–w c:\program files\iTunes
    2009-04-07 15:24 . 2008-11-26 21:30 ——– d—–w c:\program files\Common Files\Apple
    2009-04-02 14:47 . 2009-02-13 15:30 ——– d—–w c:\program files\Google
    2009-04-02 14:44 . 2008-11-25 15:12 ——– d—–w c:\program files\Nero
    2009-03-30 11:30 . 2008-12-29 12:41 ——– d—–w c:\program files\Fraps
    2009-03-28 14:45 . 2009-01-25 12:36 ——– d—–w c:\program files\Last.fm
    2009-03-19 14:32 . 2008-11-26 21:31 23400 —-a-w c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-03-17 16:27 . 2009-03-17 16:27 ——– d—–w c:\program files\Bonjour
    2009-03-06 14:23 . 2002-09-11 12:00 285696 —-a-w c:\windows\system32\pdh.dll
    2009-03-05 22:59 . 2009-03-17 16:25 1900544 —-a-w c:\windows\system32\usbaaplrc.dll
    2009-03-05 22:59 . 2008-11-26 21:30 36864 —-a-w c:\windows\system32\drivers\usbaapl.sys
    2009-03-03 00:16 . 2002-09-11 12:00 826368 —-a-w c:\windows\system32\wininet.dll
    2009-02-20 17:18 . 2008-11-25 14:34 78336 —-a-w c:\windows\system32\ieencode.dll
    2009-02-09 14:08 . 2002-09-11 12:00 1846912 —-a-w c:\windows\system32\win32k.sys
    2009-02-09 11:27 . 2002-09-09 13:18 2028544 —-a-w c:\windows\system32
    tkrnlpa.exe
    2009-02-09 11:27 . 2002-09-11 12:00 2149888 —-a-w c:\windows\system32
    toskrnl.exe
    2009-02-09 11:27 . 2002-09-11 12:00 111104 —-a-w c:\windows\system32\services.exe
    2009-02-09 10:56 . 2002-09-11 12:00 734208 —-a-w c:\windows\system32\lsasrv.dll
    2009-02-09 10:56 . 2002-09-11 12:00 684544 —-a-w c:\windows\system32\advapi32.dll
    2009-02-09 10:56 . 2002-09-11 12:00 401408 —-a-w c:\windows\system32\rpcss.dll
    2009-02-09 10:56 . 2002-09-11 12:00 735744 —-a-w c:\windows\system32
    tdll.dll
    2009-02-06 17:52 . 2009-02-06 17:52 49504 —-a-w c:\windows\system32\sirenacm.dll
    2009-02-06 10:39 . 2002-09-11 12:00 35328 —-a-w c:\windows\system32\sc.exe
    2009-02-03 19:59 . 2002-09-11 12:00 56832 —-a-w c:\windows\system32\secur32.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2009-01-22 14:41 408448 —-a-w c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    2009-03-25 15:59 668656 —-a-w c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    2008-12-17 18:39 34816 —-a-w c:\program files\Java\jre6\bin\jp2ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    2008-12-17 18:39 73728 —-a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2009-02-20 6066176]

    [HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
    "Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-28 1947928]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
    "nwiz"="nwiz.exe" - c:\windows\system32
    wiz.exe [2008-11-12 1630208]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Geert\Menu Start\Programma's\Opstarten\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    ICIDU Wireless Utility.lnk - c:\program files\ICIDU\ICIDU Wireless Utility\ZDWlan.exe [2008-11-26 503808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-02-20 233472]
    "WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-04-28 21:10 11952 —-a-w c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "e:\\Mijn documenten\\Downloads\\Monopoly Tycoon with crack FULL version by awope1 ToRrEnTs for PC Windows PLEASE SEED AFTER DOWNLOAD~Thanks =)\\mnta\\mc.exe"=
    "d:\\games\\Trackmania Nations Forever\\TmNationsForever\\TmForever.exe"=
    "d:\\games\\Crysis\\Bin32\\Crysis.exe"=
    "d:\\games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "d:\\games\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
    "d:\\games\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
    "d:\\games\\Frontlines FoW\\Binaries\\FFOW.exe"=
    "d:\\games\\Sup Com\\Supreme Commander\\bin\\SupremeCommander.exe"=
    "d:\\games\\Sup Com\\GPGNet\\GPG.Multiplayer.Client.exe"=
    "d:\\games\\Far Cry 2\\bin\\FarCry2.exe"=
    "d:\\games\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "d:\\games\\Far Cry 2\\bin\\FC2Editor.exe"=
    "d:\\games\\RaceDriver GRID\\GRID.exe"=
    "d:\\games\\Battlefield 2\\BF2.exe"=
    "d:\\games\\LotR Battle For Middle Earth II\\game.dat"=
    "d:\\games\\LotR Battle For Middle Earth II Witch King\\game.dat"=
    "d:\\games\\Call of Duty 4\\iw3mp.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "d:\\games\\Dead Space\\Dead Space.exe"=
    "d:\\games\\The Lord of the Rings - Conquest™\\Conquest.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "d:\\games\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\games\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Garena\\Garena.exe"=
    "d:\\games\\Tom Clancy's H.A.W.X\\HAWX.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "d:\\games\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
    "d:\\games\\Call of Duty\\CoDMP.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    R3 MOSUMAC;USB-Ethernet Driver; [x]
    S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-28 12552]
    S1 aswSP;avast! Self Protection; [x]
    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-28 325896]
    S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-28 108552]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
    S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-28 298776]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]
    S3 ZD1211BU(ICIDU);ICIDU Wireless USB Adapter Driver(ICIDU);c:\windows\system32\DRIVERS\zd1211Bu.sys [2007-06-25 500736]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ae6628c-c216-11dd-96b4-001d0fbc6485}]
    \Shell\AutoRun\command - setupSNK.exe
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-04-30 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-13 15:59]

    2009-04-29 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Geert.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-29 13:32]

    2009-04-29 c:\windows\Tasks\Malwarebytes' Scheduled Update for Geert.job
    - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-29 13:32]

    2009-04-30 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18]
    .
    - - - - ORPHANS VERWIJDERD - - - -

    BHO-{1C2555B1-EC41-4F6B-944D-C3A86D2BF45D} - c:\windows\system32\khfCtsSl.dll
    BHO-{c10b9d75-91b6-48fe-965f-07f985a2f3c6} - c:\windows\system32\fopvza.dll
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    HKCU-Run-Nero PhotoShow Media Manager - c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
    HKLM-Run-NWEReboot - (no file)
    SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
    ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
    ShellExecuteHooks-{b4d41f87-9cb2-48af-b2b5-3cb48ae9cbd3} - c:\windows\system32\fopvza.dll
    SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
    Notify-yayvSlIY - yayvSlIY.dll


    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
    IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MICROS~2\Office12\REFIEBAR.DLL
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
    Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
    Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - c:\progra~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: http\[u:feef4152cd]0[/u:feef4152cd]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
    Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
    Handler: https\[u:feef4152cd]0[/u:feef4152cd]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
    Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
    Handler: ipp\[u:feef4152cd]0[/u:feef4152cd]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
    Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\AVG\AVG8\avgpp.dll
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
    Handler: msdaipp\[u:feef4152cd]0[/u:feef4152cd]x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
    Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - c:\progra~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
    Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {11D5C0F9-6D73-429B-9002-0B53D7F94611} - hxxp://hvd.getalenruimte.epn.nl/sites/getalenruimte/hvd/assets/3236CED6-70FA-15BF-C3F4-CF2601A553F9/vg5.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-30 22:16
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …


    c:\windows\TEMP\_av_proI.tm~a03884
    c:\windows\TEMP\_av_proI.tm~a03884\setup.lok 0 bytes

    Scan succesvol afgerond
    verborgen bestanden: 2

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
    "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'explorer.exe'(2404)
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\progra~1\AVG\AVG8\avgam.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32
    vsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2009-04-30 22:17 - machine werd herstart
    ComboFix-quarantined-files.txt 2009-04-30 20:17

    Pre-Run: 14.155.005.952 bytes beschikbaar
    Post-Run: 15.276.003.328 bytes beschikbaar

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

    342 — E O F — 2009-04-15 20:51
  • Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

    Verwijder ComboFix via [b:d0a98622ec]Start[/b:d0a98622ec] > [b:d0a98622ec]Uitvoeren[/b:d0a98622ec], kopiëer en plak [b:d0a98622ec]Combofix /U[/b:d0a98622ec]
    Klik op OK of toets Enter.
    Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.

    [img:d0a98622ec]http://i78.photobucket.com/albums/j116/amateur_photos/CFuninstall.png[/img:d0a98622ec]


    vertel even hoe het nu gaat .
  • ja hij doet het weer helemaal als vanouds

    ontzettend bedankt jongens

    jullie zijn te gek :wink:
  • hallo,

    Ik heb net hawx gekocht en mijn pc (vista) kan de cd gewoon lezen, maar als ik op install druk dan geeft hij een melding dat setup.exe niet meer werkt

    Weet iemand een oplossing?
  • [quote:4d4a5b7a2a="yuki"]hallo,

    Ik heb net hawx gekocht en mijn pc (vista) kan de cd gewoon lezen, maar als ik op install druk dan geeft hij een melding dat setup.exe niet meer werkt

    Weet iemand een oplossing?[/quote:4d4a5b7a2a] maak een eigen topic aan .
  • Misschien stomme vraag, maar hoe moet je een eigen topic maken??

    alvast badankt
  • http://forum.computertotaal.nl/phpBB2/faq.php :wink:
  • De knop [b:912a9cb8eb]Nieuw Antwoord[/b:912a9cb8eb] weet je al te vinden, dat is dus duidelijk.

    Probeer dus nu ook de knop [b:912a9cb8eb]Nieuw Onderwerk[/b:912a9cb8eb] te vinden!
  • [img:913aa2004d]http://forum.computertotaal.nl/phpBB2/templates/ct/images/lang_dutch/post.gif[/img:913aa2004d]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.