Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijack This log.

Anoniem
powermachine's
12 antwoorden
  • Hallo,


    De laatste tijd krijg ik vaak een virusmelding.
    onder andere deze: Trojan Horse Generic10.WGD

    Deze wordt dan met AVG Free edition weergegeven.
    En dat gebeurt tijdens het computeren zelf, maar ook als ik even weg ben en later weer terug kom.


    Zou iemand daarom mijn Hijack this log willen bekijken.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:03:51, on 19-2-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schakelklasse.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Microsoft Update Machine] hbxrqs.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] hbxrqs.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] hbxrqs.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230718940844&h=d4410c7ea18b0f7008d15f3cba36b74b/&filename=jinstall-6u11-windows-i586-jc.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe


    End of file - 8541 bytes




    Ik stel het erg op prijs als iemand mij zou willen helpen.

    Mvg Guido.

  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:ae2f091bc5]O4 - HKLM\..\Run: [Microsoft Update Machine] hbxrqs.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] hbxrqs.exe
    O4 - HKCU\..\Run: [Microsoft Update Machine] hbxrqs.exe
    [/b:ae2f091bc5]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download [b:ae2f091bc5] en sla het op je bureaublad op.
    Dubbelklik op [b:ae2f091bc5]mbam-setup.exe[/b:ae2f091bc5] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:ae2f091bc5]
    [*:ae2f091bc5]Update MalwareBytes' Anti-Malware
    [*:ae2f091bc5]Start MalwareBytes' Anti-Malware
    [/list:u:ae2f091bc5]Klik daarna op "[b:ae2f091bc5]Voltooien[/b:ae2f091bc5]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:ae2f091bc5]
    [*:ae2f091bc5]Zodra het programma gestart is, ga dan naar het tabblad "[b:ae2f091bc5]Instellingen[/b:ae2f091bc5]".
    [*:ae2f091bc5]Vink hier aan: "[b:ae2f091bc5]Sluit Internet Explorer tijdens verwijdering van malware[/b:ae2f091bc5]".
    [*:ae2f091bc5]Ga daarna naar het tabblad "[b:ae2f091bc5]Scanner[/b:ae2f091bc5]", kies hier voor "[b:ae2f091bc5]Snelle Scan[/b:ae2f091bc5]".
    [*:ae2f091bc5]Druk vervolgens op "[b:ae2f091bc5]Scannen[/b:ae2f091bc5]" om de scan te starten.
    [*:ae2f091bc5]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:ae2f091bc5]Wanneer de scan voltooid is, klik op [b:ae2f091bc5]OK[/b:ae2f091bc5], daarna "[b:ae2f091bc5]Bekijk Resultaten[/b:ae2f091bc5]" om de resultaten te zien.
    [*:ae2f091bc5]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:ae2f091bc5]Verwijder geselecteerde[/b:ae2f091bc5]".
    [*:ae2f091bc5]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:ae2f091bc5]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:ae2f091bc5]Logs[/b:ae2f091bc5]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis



    Download [b:ae2f091bc5] naar je Bureaublad en gebruik het volgens deze handleiding.
    [i:ae2f091bc5]
  • Heee,


    Dit is het logje van Malwarebytes' Anti-Malware:

    Malwarebytes' Anti-Malware 1.34
    Database versie: 1780
    Windows 5.1.2600 Service Pack 2

    20-2-2009 13:24:18
    mbam-log-2009-02-20 (13-24-18 ).txt

    Scan type: Snelle Scan
    Objecten gescand: 65057
    Verstreken tijd: 2 minute(s), 9 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)




    En dit is het nieuwe logje van Hijack This:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:27:17, on 20-2-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schakelklasse.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230718940844&h=d4410c7ea18b0f7008d15f3cba36b74b/&filename=jinstall-6u11-windows-i586-jc.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe


    End of file - 8180 bytes




    Als er nog meer dingen zijn wat niet goed is, dan hoor ik het graag.
    Bedankt dat u me wil helpen. :D


    Groetjes Guido.

  • Graag gedaan,zou je de 3e stap ook op willen volgen?
  • Hallo,

    Ja sorry, Maar ik heb Combofix gedownload zoals het er staat.

    Alleen toen gaf hij aan dat AVG draaide dus die heb ik uitgezet.
    toen opnieuw Combofix gedownload.

    En toen gaf hij nog steeds aan dat AVG draait. Alleen als ik in mijn processen AVG beeindig dan komt hij gewoon weer terug.

    Nu heb ik zonet geprobeerd om op te starten zonder AVG die opstart.
    Maar dan laad AVG zich alsnog in mijn processen.


    Kan ik nu wel of niet door gaan met Combofix??



    Groetjes Guido.
  • Probeer maar door te gaan.
  • Heee,


    Dit is het logje van Combofix:

    ComboFix 09-02-19.01 - Guido 2009-02-20 14:09:44.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.2046.1553 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Guido\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Guido\Application Data\inst.exe
    c:\windows\OPTIONS\CABS\_desktop.ini

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))
    .

    2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\documents and settings\Guido\Application Data\Malwarebytes
    2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-20 13:10 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-20 13:10 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-20 12:42 . 2009-02-20 12:42 <DIR> dr-h—– c:\documents and settings\Guido\Onlangs geopend
    2009-02-19 19:45 . 2009-02-19 19:45 268 –ah—– C:\sqmdata15.sqm
    2009-02-19 19:45 . 2009-02-19 19:45 244 –ah—– C:\sqmnoopt15.sqm
    2009-02-19 16:04 . 2009-02-19 16:04 244 –ah—– C:\sqmnoopt14.sqm
    2009-02-19 16:04 . 2009-02-19 16:04 232 –ah—– C:\sqmdata14.sqm
    2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\program files\SUPERAntiSpyware
    2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\documents and settings\Guido\Application Data\SUPERAntiSpyware.com
    2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-02-19 15:28 . 2009-02-19 15:28 <DIR> d——– c:\program files\Trend Micro
    2009-02-19 15:28 . 2009-02-19 15:31 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
    2009-02-13 16:54 . 2004-03-09 00:00 260,880 –a—— c:\windows\system32\MSFLXGRD.OCX
    2009-02-13 16:54 . 2004-03-09 00:00 124,688 –a—— c:\windows\system32\MSWINSCK.OCX
    2009-02-13 16:54 . 2000-07-15 00:00 101,888 –a—— c:\windows\system32\VB6STKIT.DLL
    2009-02-13 16:54 . 2004-12-22 21:30 53,248 –a—— c:\windows\system32\SpamItBack Screensaver.scr
    2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d——– c:\program files\Trapcode
    2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d——– C:\Presets
    2009-02-08 19:08 . 2009-02-08 19:08 36,868 –a—— c:\program files\uninst-Particular.exe
    2009-02-04 19:52 . 2009-02-04 19:52 244 –ah—– C:\sqmnoopt13.sqm
    2009-02-04 19:52 . 2009-02-04 19:52 232 –ah—– C:\sqmdata13.sqm
    2009-02-04 19:10 . 2009-02-04 19:10 244 –ah—– C:\sqmnoopt12.sqm
    2009-02-04 19:10 . 2009-02-04 19:10 232 –ah—– C:\sqmdata12.sqm
    2009-02-04 19:08 . 2009-02-04 19:08 268 –ah—– C:\sqmdata11.sqm
    2009-02-04 19:08 . 2009-02-04 19:08 244 –ah—– C:\sqmnoopt11.sqm
    2009-02-02 19:38 . 2009-02-09 19:31 <DIR> d——– c:\documents and settings\Guido\CmapToolsLogs
    2009-02-02 19:38 . 2009-02-09 20:12 <DIR> d——– c:\documents and settings\Guido\Application Data\CmapTools
    2009-02-02 19:33 . 2009-02-02 19:33 <DIR> d–h—– c:\program files\Zero G Registry
    2009-02-02 19:33 . 2009-02-02 19:38 <DIR> d——– c:\program files\IHMC CmapTools
    2009-02-02 19:32 . 2009-02-02 19:32 <DIR> d–h—– c:\documents and settings\Guido\InstallAnywhere
    2009-01-31 16:33 . 2009-01-31 16:33 <DIR> d——– c:\program files\Cycore FX 1.0.1
    2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\program files\QuickTime
    2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-22 16:35 . 2009-01-22 16:41 <DIR> d——– c:\program files\Diskeeper Corporation
    2009-01-21 16:51 . 2009-01-21 16:51 268 –ah—– C:\sqmdata10.sqm
    2009-01-21 16:51 . 2009-01-21 16:51 244 –ah—– C:\sqmnoopt10.sqm
    2009-01-21 16:46 . 2009-01-21 16:46 244 –ah—– C:\sqmnoopt09.sqm
    2009-01-21 16:46 . 2009-01-21 16:46 232 –ah—– C:\sqmdata09.sqm
    2009-01-21 16:36 . 2009-01-21 16:36 244 –ah—– C:\sqmnoopt08.sqm
    2009-01-21 16:36 . 2009-01-21 16:36 232 –ah—– C:\sqmdata08.sqm
    2009-01-21 16:17 . 2009-01-21 16:17 244 –ah—– C:\sqmnoopt07.sqm
    2009-01-21 16:17 . 2009-01-21 16:17 232 –ah—– C:\sqmdata07.sqm
    2009-01-21 16:12 . 2009-01-21 16:12 268 –ah—– C:\sqmdata06.sqm
    2009-01-21 16:12 . 2009-01-21 16:12 244 –ah—– C:\sqmnoopt06.sqm

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-19 14:42 ——— d—–w c:\program files\BearShare
    2009-02-19 14:31 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-02-19 11:49 ——— d—–w c:\documents and settings\Guido\Application Data\uTorrent
    2009-02-19 11:34 ——— d—–w c:\program files\Euro Truck Simulator
    2009-02-18 21:04 ——— d—–w c:\documents and settings\Guido\Application Data\Vso
    2009-02-16 21:34 ——— d—–w c:\documents and settings\Guido\Application Data\U3
    2009-02-12 21:03 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-11 18:40 ——— d—–w c:\documents and settings\Guido\Application Data\Image Zone Express
    2009-02-10 07:09 ——— d—–w c:\documents and settings\Guido\Application Data\Nero
    2009-01-31 20:24 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-01-31 20:24 107,272 —-a-w c:\windows\system32\drivers\avgtdix.sys
    2009-01-31 20:24 10,520 —-a-w c:\windows\system32\avgrsstx.dll
    2009-01-31 20:24 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
    2009-01-23 13:53 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-08 19:41 ——— d—–w c:\documents and settings\Guido\Application Data\SuperNZB
    2009-01-08 19:22 ——— d—–w c:\documents and settings\Guido\Application Data\GrabIt
    2009-01-08 18:59 ——— d—–w c:\documents and settings\Guido\Application Data\NewzToolz-EZ
    2009-01-08 16:20 ——— d—–w c:\documents and settings\Guido\Application Data\ProtectDisc
    2009-01-07 18:52 ——— d—–w c:\documents and settings\Guido\Application Data\VanDale
    2009-01-04 11:53 107,888 —-a-w c:\windows\system32\CmdLineExt.dll
    2009-01-04 11:53 ——— d–h–r c:\documents and settings\Guido\Application Data\SecuROM
    2009-01-03 21:13 ——— d—–w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
    2009-01-02 20:12 ——— d—–w c:\program files\Common Files\InstallShield
    2009-01-02 20:12 ——— d—–w c:\program files\Atari
    2009-01-02 17:28 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
    2008-12-31 10:21 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-31 10:21 ——— d—–w c:\program files\Java
    2008-12-29 10:36 ——— d—–w c:\program files\Common Files\Adobe Systems Shared
    2008-12-29 10:36 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-25 18:30 ——— d—–w c:\program files\CCleaner
    2008-12-25 12:30 ——— d—–w c:\documents and settings\Guido\Application Data\BPFTP
    2008-12-23 11:24 ——— d—–w c:\documents and settings\Guido\Application Data\Canneverbe_Limited
    2008-12-23 10:09 ——— d—–w c:\documents and settings\Guido\Application Data\CoreFTP
    2008-12-20 23:03 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-12-06 15:53 183,112 —-a-w c:\windows\system32\PnkBstrB.exe
    2008-11-25 15:55 66,872 —-a-w c:\windows\system32\PnkBstrA.exe
    2008-11-23 17:34 696,836 —-a-w c:\windows\system32\unins000.exe
    2008-11-23 17:14 47,360 —-a-w c:\documents and settings\Guido\Application Data\pcouffin.sys
    2008-11-23 15:13 315,392 —-a-w c:\windows\HideWin.exe
    2008-11-23 15:12 15,600 —-a-w c:\windows\gdrv.sys
    2006-05-03 10:06 163,328 –sh–r c:\windows\system32\flvDX.dll
    2007-02-21 11:47 31,232 –sh–r c:\windows\system32\msfDX.dll
    2007-12-17 13:43 27,648 –sh–w c:\windows\system32\Smab0.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
    "36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32
    wiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Guido\Menu Start\Programma's\Opstarten\
    Diskeeper 10 Professional Edition Registration.lnk - c:\program files\Diskeeper Corporation\Diskeeper\ESIRegister.exe [2006-03-02 818176]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-01-31 21:24 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.avis"= ff_acm.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
    "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 325128]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 107272]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-23 903960]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 298264]
    R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
    R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [2008-11-23 178913]
    S3 ntportio;ntportio;\??\c:\documents and settings\Guido\Mijn documenten\SemcTool_v8.7\SemcTool v8.7
    tportio.sys –> c:\documents and settings\Guido\Mijn documenten\SemcTool_v8.7\SemcTool v8.7
    tportio.sys [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18e76409-db42-11dd-9486-001a4d545aa5}]
    \Shell\AutoRun\command - N:\LaunchU3.exe -a
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.schakelklasse.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-20 14:10:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    @DACL=(02 0000)
    "Installed"="1"
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    @DACL=(02 0000)
    "NoChange"="1"
    "Installed"="1"
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    @DACL=(02 0000)
    "Installed"="1"
    @=""
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(800)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    Voltooingstijd: 2009-02-20 14:11:31
    ComboFix-quarantined-files.txt 2009-02-20 13:11:29

    Pre-Run: 49.958.576.128 bytes beschikbaar
    Post-Run: 50,009,194,496 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    235 — E O F — 2009-02-13 21:49:53




    Wat moet ik nu doen?

    Groetjes Guido.




  • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
    Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
    Dubbelklik op Flash_Disinfector.exe om de tool te starten.
    Als de tool klaar is, zal de computer opnieuw starten.



    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • Hallo,



    Dit is het logje:

    ComboFix 09-02-19.01 - Guido 2009-02-20 14:44:33.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.2046.1539 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Guido\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Guido\Bureaublad\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    * Nieuw herstelpunt werd aangemaakt

    FILE ::
    C:\sqmdata06.sqm
    C:\sqmdata07.sqm
    C:\sqmdata08.sqm
    C:\sqmdata09.sqm
    C:\sqmdata10.sqm
    C:\sqmdata11.sqm
    C:\sqmdata12.sqm
    C:\sqmdata13.sqm
    C:\sqmdata14.sqm
    C:\sqmdata15.sqm
    C:\sqmnoopt06.sqm
    C:\sqmnoopt07.sqm
    C:\sqmnoopt08.sqm
    C:\sqmnoopt09.sqm
    C:\sqmnoopt10.sqm
    C:\sqmnoopt11.sqm
    C:\sqmnoopt12.sqm
    C:\sqmnoopt13.sqm
    C:\sqmnoopt14.sqm
    C:\sqmnoopt15.sqm
    c:\windows\gdrv.sys
    c:\windows\system32\flvDX.dll
    c:\windows\system32\Smab0.dll
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\sqmdata06.sqm
    C:\sqmdata07.sqm
    C:\sqmdata08.sqm
    C:\sqmdata09.sqm
    C:\sqmdata10.sqm
    C:\sqmdata11.sqm
    C:\sqmdata12.sqm
    C:\sqmdata13.sqm
    C:\sqmdata14.sqm
    C:\sqmdata15.sqm
    C:\sqmnoopt06.sqm
    C:\sqmnoopt07.sqm
    C:\sqmnoopt08.sqm
    C:\sqmnoopt09.sqm
    C:\sqmnoopt10.sqm
    C:\sqmnoopt11.sqm
    C:\sqmnoopt12.sqm
    C:\sqmnoopt13.sqm
    C:\sqmnoopt14.sqm
    C:\sqmnoopt15.sqm
    c:\windows\gdrv.sys
    c:\windows\system32\flvDX.dll
    c:\windows\system32\Smab0.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))
    .

    2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\documents and settings\Guido\Application Data\Malwarebytes
    2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-02-20 13:10 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-20 13:10 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
    2009-02-20 12:42 . 2009-02-20 14:43 <DIR> dr-h—– c:\documents and settings\Guido\Onlangs geopend
    2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\program files\SUPERAntiSpyware
    2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\documents and settings\Guido\Application Data\SUPERAntiSpyware.com
    2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-02-19 15:28 . 2009-02-19 15:28 <DIR> d——– c:\program files\Trend Micro
    2009-02-19 15:28 . 2009-02-19 15:31 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
    2009-02-13 16:54 . 2004-03-09 00:00 260,880 –a—— c:\windows\system32\MSFLXGRD.OCX
    2009-02-13 16:54 . 2004-03-09 00:00 124,688 –a—— c:\windows\system32\MSWINSCK.OCX
    2009-02-13 16:54 . 2000-07-15 00:00 101,888 –a—— c:\windows\system32\VB6STKIT.DLL
    2009-02-13 16:54 . 2004-12-22 21:30 53,248 –a—— c:\windows\system32\SpamItBack Screensaver.scr
    2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d——– c:\program files\Trapcode
    2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d——– C:\Presets
    2009-02-08 19:08 . 2009-02-08 19:08 36,868 –a—— c:\program files\uninst-Particular.exe
    2009-02-02 19:38 . 2009-02-09 19:31 <DIR> d——– c:\documents and settings\Guido\CmapToolsLogs
    2009-02-02 19:38 . 2009-02-09 20:12 <DIR> d——– c:\documents and settings\Guido\Application Data\CmapTools
    2009-02-02 19:33 . 2009-02-02 19:33 <DIR> d–h—– c:\program files\Zero G Registry
    2009-02-02 19:33 . 2009-02-02 19:38 <DIR> d——– c:\program files\IHMC CmapTools
    2009-02-02 19:32 . 2009-02-02 19:32 <DIR> d–h—– c:\documents and settings\Guido\InstallAnywhere
    2009-01-31 16:33 . 2009-01-31 16:33 <DIR> d——– c:\program files\Cycore FX 1.0.1
    2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\program files\QuickTime
    2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-22 16:35 . 2009-01-22 16:41 <DIR> d——– c:\program files\Diskeeper Corporation

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-20 13:39 ——— d—–w c:\documents and settings\Guido\Application Data\uTorrent
    2009-02-19 14:42 ——— d—–w c:\program files\BearShare
    2009-02-19 14:31 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
    2009-02-19 11:34 ——— d—–w c:\program files\Euro Truck Simulator
    2009-02-18 21:04 ——— d—–w c:\documents and settings\Guido\Application Data\Vso
    2009-02-16 21:34 ——— d—–w c:\documents and settings\Guido\Application Data\U3
    2009-02-12 21:03 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-02-11 18:40 ——— d—–w c:\documents and settings\Guido\Application Data\Image Zone Express
    2009-02-10 07:09 ——— d—–w c:\documents and settings\Guido\Application Data\Nero
    2009-01-31 20:24 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
    2009-01-31 20:24 107,272 —-a-w c:\windows\system32\drivers\avgtdix.sys
    2009-01-31 20:24 10,520 —-a-w c:\windows\system32\avgrsstx.dll
    2009-01-31 20:24 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
    2009-01-23 13:53 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-08 19:41 ——— d—–w c:\documents and settings\Guido\Application Data\SuperNZB
    2009-01-08 19:22 ——— d—–w c:\documents and settings\Guido\Application Data\GrabIt
    2009-01-08 18:59 ——— d—–w c:\documents and settings\Guido\Application Data\NewzToolz-EZ
    2009-01-08 16:20 ——— d—–w c:\documents and settings\Guido\Application Data\ProtectDisc
    2009-01-07 18:52 ——— d—–w c:\documents and settings\Guido\Application Data\VanDale
    2009-01-04 11:53 107,888 —-a-w c:\windows\system32\CmdLineExt.dll
    2009-01-04 11:53 ——— d–h–r c:\documents and settings\Guido\Application Data\SecuROM
    2009-01-03 21:13 ——— d—–w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
    2009-01-02 20:12 ——— d—–w c:\program files\Common Files\InstallShield
    2009-01-02 20:12 ——— d—–w c:\program files\Atari
    2009-01-02 17:28 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
    2008-12-31 10:21 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-12-31 10:21 ——— d—–w c:\program files\Java
    2008-12-29 10:36 ——— d—–w c:\program files\Common Files\Adobe Systems Shared
    2008-12-29 10:36 ——— d—–w c:\program files\Common Files\Adobe
    2008-12-25 18:30 ——— d—–w c:\program files\CCleaner
    2008-12-25 12:30 ——— d—–w c:\documents and settings\Guido\Application Data\BPFTP
    2008-12-23 11:24 ——— d—–w c:\documents and settings\Guido\Application Data\Canneverbe_Limited
    2008-12-23 10:09 ——— d—–w c:\documents and settings\Guido\Application Data\CoreFTP
    2008-12-20 23:03 826,368 —-a-w c:\windows\system32\wininet.dll
    2008-12-06 15:53 183,112 —-a-w c:\windows\system32\PnkBstrB.exe
    2008-11-25 15:55 66,872 —-a-w c:\windows\system32\PnkBstrA.exe
    2008-11-23 17:34 696,836 —-a-w c:\windows\system32\unins000.exe
    2008-11-23 17:14 47,360 —-a-w c:\documents and settings\Guido\Application Data\pcouffin.sys
    2008-11-23 15:13 315,392 —-a-w c:\windows\HideWin.exe
    2007-02-21 11:47 31,232 –sh–r c:\windows\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-02-20_14.11.03,00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-02-20 13:42:28 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_208.dat
    + 2009-02-20 13:42:29 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_2f4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
    "36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32
    wiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\Guido\Menu Start\Programma's\Opstarten\
    Diskeeper 10 Professional Edition Registration.lnk - c:\program files\Diskeeper Corporation\Diskeeper\ESIRegister.exe [2006-03-02 818176]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\avgrsstarter]
    2009-01-31 21:24 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.avis"= ff_acm.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
    "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 325128]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 107272]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-23 903960]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 298264]
    R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
    R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [2008-11-23 178913]
    S3 ntportio;ntportio;\??\c:\documents and settings\Guido\Mijn documenten\SemcTool_v8.7\SemcTool v8.7
    tportio.sys –> c:\documents and settings\Guido\Mijn documenten\SemcTool_v8.7\SemcTool v8.7
    tportio.sys [?]
    .
    Inhoud van de 'Gedeelde Taken' map

    2009-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.schakelklasse.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-20 14:45:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    @DACL=(02 0000)
    "Installed"="1"
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    @DACL=(02 0000)
    "NoChange"="1"
    "Installed"="1"
    @=""

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    @DACL=(02 0000)
    "Installed"="1"
    @=""
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'winlogon.exe'(800)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    Voltooingstijd: 2009-02-20 14:46:33
    ComboFix-quarantined-files.txt 2009-02-20 13:46:31
    ComboFix2.txt 2009-02-20 13:11:32

    Pre-Run: 49.983.115.264 bytes beschikbaar
    Post-Run: 49,989,599,232 bytes beschikbaar

    257 — E O F — 2009-02-13 21:49:53




    Ik heb nog wel een vraagje.
    Als ik opstart en na het scherm dat hij de DMI Pool Data aan het veryvieren is.

    Krijg ik de keuze om op te starten vanuit WINDOWS XP of WINDOWS RECOVER CONSOLE

    Is dit goed, en moet dit zo blijven of kan dit ook weg?



    Groetjes Guido.




  • Het is handiger dat dat met de recovery console zo blijft.

    Zijn er verder nog problemen?
  • Heee,

    Oke!

    Bedankt :D :D

    Tot nu toe nergens meer last van gehad!


    Super bedankt 8)



    Groeten Guido.
  • Graag gedaan,


    Doe nog even dit:


    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:2c70f6b4ca]ComboFix /U[/b:2c70f6b4ca] typen en op enter drukken!!)


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.