Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Rbot.gen

None
18 antwoorden
  • Hallo,
    Ik krijg bij het opstarten van mijn PC de melding van windows dat er een bestand Rbot.gen is gevonden in win32. Wanneer ik mijn virusscanner (Avira) laat scannen vindt hij niets. Ik merk zelf niets van het virus, behalve dan dat ik die melding krijg bij het opstarten van mijn PC.
    Omdat ik nog nooit een virus heb gehad, heb ik er ook niet zo veel verstand van hoe ik het eraf krijg, dus al iemand het wel weet hoor ik het graag !. Besturingssysteem: Windows 7 Home Premium. Virusscanner: Avira Anti-Vir Personal. Misschien heeft iemand er wat aan als ik er een logfile van Hijack this bij plaats:

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 16:20:50, on 19-2-2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\vsnpstd.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\AltBinz\altbinz.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\WerFault.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HKLM] C:\Windows\System32\spynet\server.exe
    O4 - HKLM\..\Run: [WindowsNT Service] C:\Users\Tim\AppData\Roaming\WindowsNT Service.exe
    O4 - HKLM\..\RunServices: [WindowsNT Service] C:\Users\Tim\AppData\Roaming\WindowsNT Service.exe
    O4 - HKCU\..\Run: [HKCU] C:\Windows\System32\spynet\server.exe
    O4 - HKCU\..\Run: [WindowsNT Service] C:\Users\Tim\AppData\Roaming\WindowsNT Service.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Critical Service Manager] C:\Program Files\Windows NT\csrss.exe
    O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\spynet\server.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Critical Service Manager] C:\Program Files\Windows NT\csrss.exe
    O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\spynet\server.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe


    End of file - 10204 bytes

    Ik hoop dat iemand kan helpen. Alvast bedankt !

  • Download Superantispyware eens:

    http://www.superantispyware.com/
  • MBAM is beter!
  • Bedankt voor de snelle reactie's.
    Ik heb gescand met superantispyware. Hij vond alleen 5 cookies van Internet Explorer, en heeft deze dus verwijderd, maar hij heeft niets gevonden wat te maken heeft met Rbot.gen. Dus zal ik MBAM maar eens proberen.
  • Hallo Tim, ik weet niet of je MBAM al hebt laten scannen, maar post het log.

    Doe ook het volgende: download [b:0ec5c1496b] naar je bureaublad.

    - dds.scr dubbelklikken - wacht tot de scan klaar is.
    - Na de scan worden twee tekstdocumnenten geopend - post het DDS-log!
  • Ik heb gescand met MBAM.
    De Logfile:
    Malwarebytes' Anti-Malware 1.44
    Database versie: 3766
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    20-2-2010 14:01:22
    mbam-log-2010-02-20 (14-01-16).txt

    Scan type: Volledige Scan (C:\|D:\|)
    Objecten gescand: 363324
    Verstreken tijd: 1 hour(s), 32 minute(s), 33 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 2
    Registerwaarden geïnfecteerd: 6
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 4

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Generic.Bot.H) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{872273i2-l65w-75a5-16x5-5xxj70c8lobv} (Generic.Bot.H) -> No action taken.

    Registerwaarden geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Downloader) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Downloader) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\critical service manager (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\critical service manager (Trojan.Agent) -> No action taken.

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\Windows\System32\spynet\server.exe (Generic.Bot.H) -> No action taken.
    C:\Users\Tim\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
    C:\Users\Tim\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
    C:\Users\Tim\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.


    Het programma gaf de optie om deze bestanden
    egistersleutels die geinfecteerd waren met het virus te verwijderen. Dit heb ik gedaan. Ik moest mijn pc hiervoor opnieuw opstarten om dat sommige onderdelen alleen konden worden verwijderd wanneer de pc opnieuw werd opgestart. Na het opstarten kreeg ik verder geen bericht meer van MBAM, wel nog steeds van windows met het bericht dat er mogelijke schadelijke software gevonden was. Ik zal nu die andere scan laten draaien, ik plaats de log zodra hij klaar is!

    EDIT: Blijkbaar duurt deze scan kort, dus hierbij ook de logfile van DDS:

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Tim at 14:08:56,93 on za 20-02-2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2047.1244 [GMT 1:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32
    vvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32
    vvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\vsnpstd.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Tim\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.msn.nl/
    uDefault_Page_URL = hxxp://www.asus.com
    uInternet Settings,ProxyOverride = *.local
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [WindowsNT Service] c:\users\tim\appdata\roaming\WindowsNT Service.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [snpstd] c:\windows\vsnpstd.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [WindowsNT Service] c:\users\tim\appdata\roaming\WindowsNT Service.exe
    mRunServices: [WindowsNT Service] c:\users\tim\appdata\roaming\WindowsNT Service.exe
    StartupFolder: c:\users\tim\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: LocalAccountTokenFilterPolicy = 1 (0x1)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: han.nl
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-27 11608]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-27 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-27 185089]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-27 56816]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files
    vidia corporation\3d vision
    vSCPAPISvr.exe [2009-11-20 240232]
    R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\system32\drivers\RTL85n86.sys [2009-6-10 311808]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-28 135664]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
    S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]

    =============== Created Last 30 ================

    2010-02-20 11:26:58 0 d—–w- c:\users\tim\appdata\roaming\Malwarebytes
    2010-02-20 11:26:54 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-20 11:26:52 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-20 11:26:51 0 d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-19 15:43:40 0 d—–w- c:\programdata\SUPERAntiSpyware.com
    2010-02-19 15:43:35 0 d—–w- c:\users\tim\appdata\roaming\SUPERAntiSpyware.com
    2010-02-19 15:43:35 0 d—–w- c:\program files\SUPERAntiSpyware
    2010-02-19 15:25:21 0 d—–w- c:\users\tim\appdata\roaming\GrabIt
    2010-02-19 15:24:10 0 d—–w- c:\program files\GrabIt
    2010-02-19 12:54:05 0 d—–w- c:\program files\TrendMicro
    2010-02-18 10:15:51 23208 —-a-w- c:\windows\hpqins15.dat
    2010-02-17 13:13:51 0 d—–w- c:\program files\FTDv3.8
    2010-02-16 19:43:17 87608 —-a-w- c:\users\tim\appdata\roaming\inst.exe
    2010-02-16 19:43:17 47360 —-a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-02-16 19:43:17 47360 —-a-w- c:\users\tim\appdata\roaming\pcouffin.sys
    2010-02-16 19:43:02 0 d—–w- c:\program files\VSO
    2010-02-16 18:51:40 69 —-a-w- c:\windows\NeroDigital.ini
    2010-02-14 23:39:03 0 d—–w- c:\program files\PowerISO
    2010-02-14 23:27:46 0 d—–w- c:\program files\VirtualCloneDrive
    2010-02-14 23:09:19 175104 —-a-w- c:\users\tim\appdata\roaming\SQLite3.dll
    2010-02-14 23:07:35 0 d—–w- c:\users\tim\Tracing
    2010-02-14 21:21:54 0 d—–w- c:\program files\Nero
    2010-02-14 21:21:25 0 d—–w- c:\programdata\Nero
    2010-02-14 20:49:37 0 d—–w- c:\users\tim\appdata\roaming\Canneverbe Limited
    2010-02-14 20:49:36 0 d—–w- c:\programdata\Canneverbe Limited
    2010-02-14 11:55:33 0 d—–w- c:\users\tim\appdata\roaming\DAEMON Tools Pro
    2010-02-14 11:55:33 0 d—–w- c:\programdata\DAEMON Tools Pro
    2010-02-14 11:43:34 0 d—–w- c:\program files\Your Uninstaller 2010
    2010-02-10 09:08:59 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-02-10 09:08:59 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
    2010-02-10 09:08:59 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
    2010-02-10 09:08:59 320512 —-a-w- c:\windows\system32\RMActivate.exe
    2010-02-10 09:08:59 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-02-10 09:08:59 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-02-02 19:07:50 0 d—–w- c:\program files\iPod
    2010-02-02 19:07:49 0 d—–w- c:\program files\iTunes
    2010-01-29 00:17:05 0 d—–w- c:\program files\MSXML 4.0
    2010-01-27 23:14:20 0 d—–w- c:\programdata\WEBREG
    2010-01-27 23:10:35 1843 ——w- c:\windows\hpwmdl23.dat.temp
    2010-01-27 22:59:19 0 d—–w- c:\program files\VDOWNLOADER
    2010-01-27 22:59:19 0 d—–w- c:\program files\common files\eBay
    2010-01-27 22:47:18 0 d—–w- c:\programdata\HP Product Assistant
    2010-01-27 22:45:35 0 d—–w- c:\program files\common files\HP
    2010-01-27 22:45:33 0 d—–w- c:\program files\common files\Hewlett-Packard
    2010-01-27 22:45:19 0 d—–w- c:\windows\hpoj6500e709
    2010-01-27 22:44:38 118272 —-a-w- c:\windows\system32\hpf3l082.dll
    2010-01-27 22:44:31 0 d—–w- c:\program files\HP
    2010-01-27 22:43:37 250099 —-a-w- c:\windows\hpwins23.dat
    2010-01-27 22:43:37 1843 ——w- c:\windows\hpwmdl23.dat
    2010-01-27 22:43:17 966656 —-a-w- c:\windows\system32\hpwtiop4.dll
    2010-01-27 22:43:17 741376 —-a-w- c:\windows\system32\hpwwiax5.dll
    2010-01-27 22:43:17 271704 —-a-w- c:\windows\system32\hpzids01.dll
    2010-01-27 22:43:16 364544 —-a-w- c:\windows\system32\hppldcoi.dll
    2010-01-27 22:43:16 294912 —-a-w- c:\windows\system32\hpovst11.dll
    2010-01-27 22:27:49 0 d—–w- c:\program files\QuickPar
    2010-01-27 22:18:12 0 d—–w- c:\programdata\HP
    2010-01-27 21:30:30 0 d—–w- c:\programdata\Office Genuine Advantage
    2010-01-27 11:01:01 331776 –sh–r- c:\users\tim\appdata\roaming\ServiceNT.exe
    2010-01-27 11:01:01 285696 —-a-w- c:\windows\system32\winlogon.exe
    2010-01-27 11:01:01 2614272 —-a-w- c:\windows\explorer.exe
    2010-01-27 11:01:01 188416 –sh–r- c:\users\tim\appdata\roaming\WindowsNT Service.exe
    2010-01-22 07:29:59 977920 —-a-w- c:\windows\system32\wininet.dll

    ==================== Find3M ====================

    2010-02-20 12:20:24 691490 —-a-w- c:\windows\system32\perfh013.dat
    2010-02-20 12:20:24 130026 —-a-w- c:\windows\system32\perfc013.dat
    2010-02-16 19:03:59 142504 —ha-w- c:\windows\system32\mlfcache.dat
    2010-01-18 23:29:31 365568 —-a-w- c:\windows\system32\secproc_isv.dll
    2010-01-18 23:29:30 369152 —-a-w- c:\windows\system32\secproc.dll
    2010-01-14 10:12:06 181120 ——w- c:\windows\system32\MpSigStub.exe
    2010-01-08 03:18:02 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-01-08 03:17:36 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-12-23 14:57:11 248 —-a-w- c:\programdata
    vUnsupRes.dat
    2009-12-19 09:02:52 12288 —-a-w- c:\windows\system32\tsbyuv.dll
    2009-12-19 09:02:48 1328640 —-a-w- c:\windows\system32\quartz.dll
    2009-12-19 09:02:46 22016 —-a-w- c:\windows\system32\msyuv.dll
    2009-12-19 09:02:45 31744 —-a-w- c:\windows\system32\msvidc32.dll
    2009-12-19 09:02:45 13312 —-a-w- c:\windows\system32\msrle32.dll
    2009-12-19 09:02:40 84480 —-a-w- c:\windows\system32\mciavi32.dll
    2009-12-19 09:02:39 50176 —-a-w- c:\windows\system32\iyuv_32.dll
    2009-12-19 09:02:01 91648 —-a-w- c:\windows\system32\avifil32.dll
    2009-12-10 18:31:10 1539104 —-a-w- c:\windows\system32\RtkPgExt.dll
    2009-12-10 18:31:04 56864 —-a-w- c:\windows\system32\RtkCoInst.dll
    2009-12-10 18:31:04 367136 —-a-w- c:\windows\system32\RtkApoApi.dll
    2009-12-10 18:30:58 2796576 —-a-w- c:\windows\system32\RtkAPO.dll
    2009-12-08 11:40:12 3955288 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2009-12-08 11:40:12 3899464 —-a-w- c:\windows\system32
    toskrnl.exe
    2009-12-08 11:32:02 292864 —-a-w- c:\windows\system32\apphelp.dll
    2009-12-04 17:26:12 297376 —-a-w- c:\windows\system32\FMAPO.dll
    2009-12-04 14:43:54 132368 —-a-w- c:\windows\system32\MaxxAudioAPO.dll
    2009-11-28 15:56:18 29480 —-a-w- c:\windows\system32\msxml3a.dll
    2009-11-28 15:56:17 505128 —-a-w- c:\windows\system32\msvcp71.dll
    2009-11-28 15:56:17 353576 —-a-w- c:\windows\system32\msvcr71.dll
    2009-11-28 13:18:33 2853 —-a-w- c:\windows\system32\COMMAND.PIF
    2009-11-24 16:40:20 838176 —-a-w- c:\windows\RtlExUpd.dll
    2009-11-24 08:55:08 345328 —-a-w- c:\windows\system32\SRSTSXT.dll
    2009-11-24 08:55:08 185584 —-a-w- c:\windows\system32\SRSTSHD.dll
    2009-11-24 08:55:08 173296 —-a-w- c:\windows\system32\SRSHP360.dll
    2009-11-24 08:55:08 140528 —-a-w- c:\windows\system32\SRSWOW.dll
    2009-08-26 08:51:37 43068 —-a-w- c:\windows\inf\perflib\0413\perfd.dat
    2009-08-26 08:51:37 43068 —-a-w- c:\windows\inf\perflib\0413\perfc.dat
    2009-08-26 08:51:37 341322 —-a-w- c:\windows\inf\perflib\0413\perfi.dat
    2009-08-26 08:51:37 341322 —-a-w- c:\windows\inf\perflib\0413\perfh.dat
    2009-07-14 04:41:57 174 –sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 —-a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 —-a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 –sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:14:45 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 14:10:26,66 ===============








  • en is de melding weg?
  • Ik heb MBAM nog een keer laten scannen, en heeft kan nu niets meer vinden, echter als ik windows weer opnieuw opstart, geeft het onderhoudscentrum nog steeds de waarschuwing dat er schadelijke software gevonden is. Wanneer ik op deze melding klik en de opdracht geef om Rbot.gen te verwijderen doet hij dit. Hierna krijg ik geen melding meer, maar wanneer ik windows daarna weer opnieuw opstart komt deze melding weer tevoorschijn. Dus is het virus nu van mijn PC af of niet ?
  • Nee, het virus komt na herstart van je pc weer tevoorschijn.

    Scan anders eens in de veilige modus.
  • Ik heb hem gescand in veilige modus, kon niets vinden. Weet jij of iemand anders nog een programma of tip ?
  • Probeer anders eens met Spybot Seach & Destroy?

    http://www.safer-networking.org/nl/spybotsd/index.html
  • Ik heb spybot search en destroy geprobeert, deze vond alleen 6 cookies van internet explorer. Dus iemand nog een ander programma/tip graag !
  • Ok, start Internet Explorer en verwijder je cookies. Download daarna Kaspersky Online Scanner http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html en ga scannen.
  • Hallo Tim, je hebt ondertussen van een aantal mensen adviezen ter hand genomen!

    Het hele vreemde van de melding over rbot.gen is, dat deze niet in één van de logs voorkomt - waarschijnlijk ook al verwijderd is!


    Ergo -doe eerst het volgende (essentieel):
    deïnstalleer Super Antispyware en Spybot Search and Destroy.
    Je hebt nu MBAM - dus die andere tools heb je echt niet nodig!

    Na deïnstallatie start je jouw PC opnieuw op en dan ga je het volgende doen:


    [b:4f642c140e]Laat Combofix jouw Windows scannen[/b:4f642c140e] (klik).

    [b:4f642c140e]Hoe Combofix goed te gebruiken[/b:4f642c140e] (klik)

    [b:4f642c140e]Aanvulling: om Combofix te kunnen gebruiken geldt het volgende:
  • Hallo, hierbij de combo-fix log. Ik had de andere 2 programma's al verwijderd, en heb nu dus nog alleen mbam.

    ComboFix 10-02-20.04 - Tim 21-02-2010 16:50:23.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2047.1096 [GMT 1:00]
    Gestart vanuit: c:\users\Tim\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\temp
    c:\users\Tim\AppData\Roaming\inst.exe
    c:\users\Tim\AppData\Roaming\ServiceNT.exe
    c:\users\Tim\AppData\Roaming\SQLite3.dll
    c:\users\Tim\AppData\Roaming\WindowsNT Service.exe
    c:\windows\system32\command.pif

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-01-21 to 2010-02-21 ))))))))))))))))))))))))))))))
    .

    2010-02-21 15:57 . 2010-02-21 15:57 ——– d—–w- c:\users\Tim\AppData\Local\temp
    2010-02-21 15:57 . 2010-02-21 15:57 ——– d—–w- c:\users\Default\AppData\Local\temp
    2010-02-21 13:48 . 2010-02-21 13:48 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{1B158E12-E145-E704-3CB6-3A64B875E5FA}-iexplore.exe
    2010-02-21 13:37 . 2010-02-21 13:37 ——– d—–w- c:\users\Tim\AppData\Roaming\HPAppData
    2010-02-21 10:09 . 2010-02-21 10:09 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{EB80568D-5416-292D-521C-298ADC5DF005}-iexplore.exe
    2010-02-20 19:27 . 2010-02-20 19:27 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{7B5DF56B-7974-EB46-E01B-75D246384204}-iexplore.exe
    2010-02-20 18:43 . 2010-02-20 18:43 ——– d—–w- c:\users\Tim\AppData\Roaming\NeroDigital(TM)
    2010-02-20 18:00 . 2010-02-20 18:36 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2010-02-20 17:02 . 2010-02-20 17:02 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{14804A7E-8144-BEE2-E51B-213DFFDEDCD6}-iexplore.exe
    2010-02-20 15:25 . 2010-02-20 15:25 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{8875A5C6-7594-2750-848C-5B85C871F5A3}-iexplore.exe
    2010-02-20 11:26 . 2010-02-20 11:26 ——– d—–w- c:\users\Tim\AppData\Roaming\Malwarebytes
    2010-02-20 11:26 . 2010-01-07 15:07 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-20 11:26 . 2010-01-07 15:07 19160 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-20 11:26 . 2010-02-20 11:26 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-20 10:47 . 2010-02-20 10:47 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{99A4332B-CE58-E2BF-3A58-B117060D403E}-iexplore.exe
    2010-02-20 10:35 . 2010-02-21 13:59 ——– d—–w- c:\users\Tim\AppData\Local\Adobe
    2010-02-19 15:43 . 2010-02-19 15:43 ——– d—–w- c:\programdata\SUPERAntiSpyware.com
    2010-02-19 15:43 . 2010-02-19 16:29 ——– d—–w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com
    2010-02-19 15:36 . 2010-02-20 19:04 ——– d—–w- c:\users\Tim\AppData\Local\Apple Computer
    2010-02-19 15:25 . 2010-02-19 15:29 ——– d—–w- c:\users\Tim\AppData\Roaming\GrabIt
    2010-02-19 15:22 . 2010-02-19 15:23 ——– d—–w- c:\users\Tim\AppData\Local\Alt.Binz
    2010-02-19 12:54 . 2010-02-19 12:54 388096 —-a-r- c:\users\Tim\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-02-19 12:54 . 2010-02-19 12:54 ——– d—–w- c:\program files\TrendMicro
    2010-02-19 12:41 . 2010-02-19 12:41 673048 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{831629CF-3090-4928-3965-D29829C159E9}-iexplore.exe
    2010-02-18 10:15 . 2010-02-18 10:16 23208 —-a-w- c:\windows\hpqins15.dat
    2010-02-17 13:13 . 2010-02-17 13:15 ——– d—–w- c:\program files\FTDv3.8
    2010-02-16 19:43 . 2010-02-16 19:54 47360 —-a-w- c:\users\Tim\AppData\Roaming\pcouffin.sys
    2010-02-16 19:43 . 2010-02-16 19:43 47360 —-a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-02-16 19:43 . 2010-02-16 19:54 ——– d—–w- c:\users\Tim\AppData\Roaming\Vso
    2010-02-14 23:39 . 2010-02-14 23:39 ——– d—–w- c:\program files\PowerISO
    2010-02-14 23:07 . 2010-02-21 14:24 ——– d—–w- c:\users\Tim\Tracing
    2010-02-14 21:26 . 2010-02-14 21:27 ——– d—–w- c:\users\Tim\AppData\Roaming\Nero
    2010-02-14 21:21 . 2010-02-14 21:24 ——– d—–w- c:\program files\Nero
    2010-02-14 21:21 . 2010-02-14 21:23 ——– d—–w- c:\programdata\Nero
    2010-02-14 21:21 . 2010-02-14 21:24 ——– d—–w- c:\program files\Common Files\Nero
    2010-02-14 20:49 . 2010-02-14 20:49 ——– d—–w- c:\users\Tim\AppData\Roaming\Canneverbe Limited
    2010-02-14 20:49 . 2010-02-14 20:49 ——– d—–w- c:\programdata\Canneverbe Limited
    2010-02-14 11:55 . 2010-02-14 12:01 ——– d—–w- c:\users\Tim\AppData\Roaming\DAEMON Tools Pro
    2010-02-14 11:55 . 2010-02-14 12:00 ——– d—–w- c:\programdata\DAEMON Tools Pro
    2010-02-14 11:43 . 2010-02-14 11:46 ——– d—–w- c:\program files\Your Uninstaller 2010
    2010-02-14 10:54 . 2010-02-14 10:54 1955784 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{5339287C-37F4-9D0E-511B-937074C0162C}-FlashPlayerUpdate.exe
    2010-02-10 09:08 . 2010-01-18 23:29 85504 —-a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-02-10 09:08 . 2010-01-18 23:29 85504 —-a-w- c:\windows\system32\secproc_ssp.dll
    2010-02-10 09:08 . 2010-01-18 23:28 324608 —-a-w- c:\windows\system32\RMActivate_isv.exe
    2010-02-10 09:08 . 2010-01-18 23:28 277504 —-a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-02-10 09:08 . 2010-01-18 23:28 320512 —-a-w- c:\windows\system32\RMActivate.exe
    2010-02-10 09:08 . 2010-01-18 23:28 280064 —-a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-02-09 10:47 . 2010-02-09 10:47 2326901 —-a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{849AA657-ECD3-6F42-E659-0D9278C664E6}-aeheur.dll
    2010-02-02 19:07 . 2010-02-02 19:07 ——– d—–w- c:\program files\iPod
    2010-02-02 19:07 . 2010-02-02 19:08 ——– d—–w- c:\program files\iTunes
    2010-02-02 19:05 . 2010-02-02 19:05 72488 —-a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-01-29 00:17 . 2010-01-29 00:17 ——– d—–w- c:\program files\MSXML 4.0
    2010-01-27 23:25 . 2010-01-27 23:25 ——– d—–w- c:\users\Tim\AppData\Local\vdownloader
    2010-01-27 22:43 . 2009-11-06 09:17 1843 ——w- c:\windows\hpwmdl23.dat
    2010-01-27 22:43 . 2009-10-16 05:56 966656 —-a-w- c:\windows\system32\hpwtiop4.dll
    2010-01-27 22:43 . 2009-10-16 05:56 741376 —-a-w- c:\windows\system32\hpwwiax5.dll
    2010-01-27 22:43 . 2009-10-16 05:55 271704 —-a-w- c:\windows\system32\hpzids01.dll
    2010-01-27 22:43 . 2009-10-16 05:56 364544 —-a-w- c:\windows\system32\hppldcoi.dll
    2010-01-27 22:43 . 2009-10-16 05:56 294912 —-a-w- c:\windows\system32\hpovst11.dll
    2010-01-27 22:29 . 2010-02-20 13:20 ——– d—–w- c:\users\Tim\AppData\Local\QuickPar
    2010-01-27 22:27 . 2010-02-18 13:16 ——– d—–w- c:\program files\QuickPar
    2010-01-27 22:18 . 2010-01-27 23:14 ——– d—–w- c:\programdata\HP
    2010-01-27 21:30 . 2010-01-27 21:30 ——– d—–w- c:\programdata\Office Genuine Advantage
    2010-01-27 11:01 . 2009-10-31 05:45 2614272 —-a-w- c:\windows\explorer.exe
    2010-01-27 11:01 . 2009-10-28 06:17 285696 —-a-w- c:\windows\system32\winlogon.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-21 15:49 . 2009-11-28 14:21 ——– d—–w- c:\programdata\NVIDIA
    2010-02-20 12:20 . 2009-08-26 08:52 691490 —-a-w- c:\windows\system32\perfh013.dat
    2010-02-20 12:20 . 2009-08-26 08:52 130026 —-a-w- c:\windows\system32\perfc013.dat
    2010-02-20 12:16 . 2009-11-27 22:08 ——– d—–w- c:\users\Tim\AppData\Roaming\uTorrent
    2010-02-19 16:29 . 2009-11-27 15:58 ——– d—–w- c:\program files\Common Files\Wise Installation Wizard
    2010-02-18 12:25 . 2010-01-27 22:59 ——– d—–w- c:\program files\Common Files\eBay
    2010-02-16 19:03 . 2009-11-28 18:40 142504 —ha-w- c:\windows\system32\mlfcache.dat
    2010-02-14 20:07 . 2009-12-02 18:48 ——– d—–w- c:\programdata\DVD Shrink
    2010-02-14 12:13 . 2009-11-27 22:31 ——– d–h–w- c:\program files\InstallShield Installation Information
    2010-02-14 12:11 . 2009-11-28 16:01 ——– d—–w- c:\programdata\CyberLink
    2010-02-14 12:07 . 2009-11-27 23:05 ——– d—–w- c:\program files\Teach2000
    2010-02-14 12:06 . 2009-11-28 15:57 53319 —-a-w- c:\programdata\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
    2010-02-12 15:21 . 2009-11-28 15:37 319280 —-a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\uTorrent.exe
    2010-02-10 10:39 . 2009-11-28 15:19 ——– d—–w- c:\programdata\Microsoft Help
    2010-02-04 15:10 . 2009-11-27 23:02 ——– d—–w- c:\program files\Google
    2010-02-02 19:07 . 2009-11-27 15:55 ——– d—–w- c:\program files\Common Files\Apple
    2010-02-01 11:10 . 2009-11-27 22:17 ——– d—–w- c:\users\Tim\AppData\Roaming\LimeWire
    2010-01-27 23:23 . 2010-01-27 23:13 ——– d—–w- c:\users\Tim\AppData\Roaming\HP
    2010-01-27 23:14 . 2010-01-27 22:43 250099 —-a-w- c:\windows\hpwins23.dat
    2010-01-27 23:14 . 2010-01-27 23:14 ——– d—–w- c:\programdata\WEBREG
    2010-01-27 22:59 . 2010-01-27 22:59 ——– d—–w- c:\program files\VDOWNLOADER
    2010-01-27 22:51 . 2009-11-27 15:19 110768 —-a-w- c:\users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-01-27 22:48 . 2010-01-27 22:44 ——– d—–w- c:\program files\HP
    2010-01-27 22:47 . 2010-01-27 22:47 ——– d—–w- c:\programdata\HP Product Assistant
    2010-01-27 22:45 . 2010-01-27 22:45 ——– d—–w- c:\program files\Common Files\HP
    2010-01-27 22:45 . 2010-01-27 22:45 ——– d—–w- c:\program files\Common Files\Hewlett-Packard
    2010-01-27 20:14 . 2009-11-27 15:43 ——– d—–w- c:\program files\Microsoft
    2010-01-21 09:18 . 2009-11-27 15:44 ——– d—–w- c:\program files\Microsoft Silverlight
    2010-01-18 23:29 . 2010-02-10 09:09 365568 —-a-w- c:\windows\system32\secproc_isv.dll
    2010-01-18 23:29 . 2010-02-10 09:09 369152 —-a-w- c:\windows\system32\secproc.dll
    2010-01-18 11:05 . 2009-12-23 15:35 ——– d—–w- c:\users\Tim\AppData\Roaming\BSplayer
    2010-01-18 11:04 . 2009-12-23 15:35 ——– d—–w- c:\program files\BSplayer
    2010-01-14 10:12 . 2009-11-27 15:20 181120 ——w- c:\windows\system32\MpSigStub.exe
    2010-01-08 03:18 . 2010-02-10 09:09 221184 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-01-08 03:17 . 2010-02-10 09:09 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-12-29 21:36 . 2009-12-01 16:16 ——– d—–w- c:\program files\LimeWire
    2009-12-25 19:02 . 2009-11-27 15:41 923456 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2009-12-08 11:40 . 2010-02-10 09:09 3955288 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2009-12-08 11:40 . 2010-02-10 09:09 3899464 —-a-w- c:\windows\system32
    toskrnl.exe
    2009-12-08 11:32 . 2010-02-10 09:09 292864 —-a-w- c:\windows\system32\apphelp.dll
    2009-12-08 08:05 . 2010-02-10 09:09 310784 —-a-w- c:\windows\system32\drivers\srv.sys
    2009-12-08 08:05 . 2010-02-10 09:09 113664 —-a-w- c:\windows\system32\drivers\srvnet.sys
    2009-12-07 17:42 . 2009-11-27 15:33 56816 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-12-04 17:26 . 2009-12-23 16:59 297376 —-a-w- c:\windows\system32\FMAPO.dll
    2009-12-04 14:43 . 2009-12-23 16:59 132368 —-a-w- c:\windows\system32\MaxxAudioAPO.dll
    2009-12-01 18:02 . 2009-12-01 18:02 10134 —-a-r- c:\users\Tim\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
    2009-11-28 16:19 . 2009-11-28 16:20 53319 —-a-w- c:\programdata\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
    2009-11-28 15:56 . 2009-11-28 15:58 29480 —-a-w- c:\windows\system32\msxml3a.dll
    2009-11-28 15:56 . 2009-11-28 15:58 505128 —-a-w- c:\windows\system32\msvcp71.dll
    2009-11-28 15:56 . 2009-11-28 15:58 353576 —-a-w- c:\windows\system32\msvcr71.dll
    2009-11-28 13:03 . 2009-11-28 13:03 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
    2009-11-27 15:42 . 2009-11-27 15:42 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2009-11-24 16:40 . 2009-12-23 16:59 838176 —-a-w- c:\windows\RtlExUpd.dll
    2009-11-24 08:55 . 2009-12-23 16:59 345328 —-a-w- c:\windows\system32\SRSTSXT.dll
    2009-11-24 08:55 . 2009-12-23 16:59 185584 —-a-w- c:\windows\system32\SRSTSHD.dll
    2009-11-24 08:55 . 2009-12-23 16:59 173296 —-a-w- c:\windows\system32\SRSHP360.dll
    2009-11-24 08:55 . 2009-12-23 16:59 140528 —-a-w- c:\windows\system32\SRSWOW.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-10 8120864]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

    c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-27 813584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "LocalAccountTokenFilterPolicy"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\LBTWlgn]
    2009-07-20 11:28 72208 —-a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [27-11-2009 16:33 108289]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [20-11-2009 19:17 240232]
    R3 RTL85n86;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\System32\drivers\RTL85n86.sys [10-6-2009 22:18 311808]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28-9-2009 9:22 315392]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [28-11-2009 14:03 691696]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28-11-2009 0:02 135664]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-8-2008 5:46 284016]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [10-6-2009 22:18 48128]
    S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\System32\drivers\WSDPrint.sys [14-7-2009 1:18 17920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Inhoud van de 'Gedeelde Taken' map

    2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 23:02]

    2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-27 23:02]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.msn.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    Trusted Zone: han.nl
    .
    - - - - ORPHANS VERWIJDERD - - - -

    Toolbar-Locked - (no file)
    HKCU-Run-WindowsNT Service - WindowsNT Service.exe
    HKLM-Run-WindowsNT Service - WindowsNT Service.exe
    AddRemove-SystemRequirementsLab - c:\program files\SystemRequirementsLab\Uninstall.exe
    AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll


    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2010-02-21 17:00:05
    ComboFix-quarantined-files.txt 2010-02-21 16:00

    Pre-Run: 58.529.566.720 bytes beschikbaar
    Post-Run: 58.305.277.952 bytes beschikbaar

    - - End Of File - - C4E185E50D3BA4167B3948D59B806F15



  • Hallo Tim - Superantispyware heb je ook gedeïnstalleerd?
    Er is in ieder geval in C:\Program Files nog een map aanwezig!


    Nu Combofix zijn werk gedaan heeft, krijg je nu nog steeds de melding?
  • Ik krijg nu niet meer de melding. Die map waar jij het over hebt is voor mij niet zichtbaar ?, Wel heb ik een paar mappen erbij gekregen in C:\. Kan ik deze verwijderen?

    Maar bedankt voor het oplossen van mijn probleem, heel erg bedankt!
  • Die mappen behoren bij Combofix, die mag je verwijderen, ook wat op je bureaublad staat!

    maar fijn, dat je weer normaal met je PC verder kan en dat graag gedaan.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.