Vraag & Antwoord

Beveiliging & privacy

Hijack This log.

Anoniem
powermachine's
12 antwoorden
 • Heee,

  Oke!

  Bedankt :D :D

  Tot nu toe nergens meer last van gehad!


  Super bedankt 8)  Groeten Guido.
 • Hallo,


  De laatste tijd krijg ik vaak een virusmelding.
  onder andere deze: Trojan Horse Generic10.WGD

  Deze wordt dan met AVG Free edition weergegeven.
  En dat gebeurt tijdens het computeren zelf, maar ook als ik even weg ben en later weer terug kom.


  Zou iemand daarom mijn Hijack this log willen bekijken.  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 16:03:51, on 19-2-2009
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16791)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\RTHDCPL.EXE
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\WINDOWS\system32\PnkBstrB.exe
  C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\PROGRA~1\AVG\AVG8\avgemc.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\WINDOWS\System32\alg.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
  C:\Program Files\Windows Live\Messenger\usnsvc.exe
  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  C:\WINDOWS\system32\wbem\wmiprvse.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schakelklasse.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
  O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [Microsoft Update Machine] hbxrqs.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\RunServices: [Microsoft Update Machine] hbxrqs.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Microsoft Update Machine] hbxrqs.exe
  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230718940844&h=d4410c7ea18b0f7008d15f3cba36b74b/&filename=jinstall-6u11-windows-i586-jc.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
  O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
  O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe


  End of file - 8541 bytes
  Ik stel het erg op prijs als iemand mij zou willen helpen.

  Mvg Guido.
 • Start hijackthis en kies voor 'do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:

  [b:ae2f091bc5]O4 - HKLM\..\Run: [Microsoft Update Machine] hbxrqs.exe
  O4 - HKLM\..\RunServices: [Microsoft Update Machine] hbxrqs.exe
  O4 - HKCU\..\Run: [Microsoft Update Machine] hbxrqs.exe
  [/b:ae2f091bc5]

  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.  Download [b:ae2f091bc5] en sla het op je bureaublad op.
  Dubbelklik op [b:ae2f091bc5]mbam-setup.exe[/b:ae2f091bc5] om het programma te installeren.

  Zorg dat er na de installatie een vinkje is geplaatst bij:[list:ae2f091bc5]
  [*:ae2f091bc5]Update MalwareBytes' Anti-Malware
  [*:ae2f091bc5]Start MalwareBytes' Anti-Malware
  [/list:u:ae2f091bc5]Klik daarna op "[b:ae2f091bc5]Voltooien[/b:ae2f091bc5]".
  Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:ae2f091bc5]
  [*:ae2f091bc5]Zodra het programma gestart is, ga dan naar het tabblad "[b:ae2f091bc5]Instellingen[/b:ae2f091bc5]".
  [*:ae2f091bc5]Vink hier aan: "[b:ae2f091bc5]Sluit Internet Explorer tijdens verwijdering van malware[/b:ae2f091bc5]".
  [*:ae2f091bc5]Ga daarna naar het tabblad "[b:ae2f091bc5]Scanner[/b:ae2f091bc5]", kies hier voor "[b:ae2f091bc5]Snelle Scan[/b:ae2f091bc5]".
  [*:ae2f091bc5]Druk vervolgens op "[b:ae2f091bc5]Scannen[/b:ae2f091bc5]" om de scan te starten.
  [*:ae2f091bc5]Het scannen kan een tijdje duren, dus wees geduldig.

  [*:ae2f091bc5]Wanneer de scan voltooid is, klik op [b:ae2f091bc5]OK[/b:ae2f091bc5], daarna "[b:ae2f091bc5]Bekijk Resultaten[/b:ae2f091bc5]" om de resultaten te zien.
  [*:ae2f091bc5]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:ae2f091bc5]Verwijder geselecteerde[/b:ae2f091bc5]".
  [*:ae2f091bc5]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  [/list:u:ae2f091bc5]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:ae2f091bc5]Logs[/b:ae2f091bc5]" tab te klikken in het programma.

  Plaats dit logje samen met een nieuw logje van HijackThis  Download [b:ae2f091bc5] naar je Bureaublad en gebruik het volgens deze handleiding.
  [i:ae2f091bc5]
 • Heee,


  Dit is het logje van Malwarebytes' Anti-Malware:

  Malwarebytes' Anti-Malware 1.34
  Database versie: 1780
  Windows 5.1.2600 Service Pack 2

  20-2-2009 13:24:18
  mbam-log-2009-02-20 (13-24-18 ).txt

  Scan type: Snelle Scan
  Objecten gescand: 65057
  Verstreken tijd: 2 minute(s), 9 second(s)

  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 0

  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)

  Bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)
  En dit is het nieuwe logje van Hijack This:


  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 13:27:17, on 20-2-2009
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16791)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\RTHDCPL.EXE
  C:\PROGRA~1\AVG\AVG8\avgtray.exe
  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
  C:\WINDOWS\system32\RUNDLL32.EXE
  C:\Program Files\Java\jre6\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
  C:\Program Files\Java\jre6\bin\jqs.exe
  C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
  C:\WINDOWS\system32\nvsvc32.exe
  C:\PROGRA~1\AVG\AVG8\avgrsx.exe
  C:\WINDOWS\system32\HPZipm12.exe
  C:\PROGRA~1\AVG\AVG8\avgnsx.exe
  C:\WINDOWS\system32\PnkBstrB.exe
  C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
  C:\WINDOWS\system32\svchost.exe
  C:\PROGRA~1\AVG\AVG8\avgemc.exe
  C:\Program Files\AVG\AVG8\avgcsrvx.exe
  C:\WINDOWS\system32\wbem\wmiapsrv.exe
  C:\Program Files\Windows Live\Messenger\usnsvc.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.schakelklasse.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
  O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
  O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
  O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
  O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230718940844&h=d4410c7ea18b0f7008d15f3cba36b74b/&filename=jinstall-6u11-windows-i586-jc.cab
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
  O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
  O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
  O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
  O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe


  End of file - 8180 bytes
  Als er nog meer dingen zijn wat niet goed is, dan hoor ik het graag.
  Bedankt dat u me wil helpen. :D


  Groetjes Guido.
 • Graag gedaan,zou je de 3e stap ook op willen volgen?
 • Hallo,

  Ja sorry, Maar ik heb Combofix gedownload zoals het er staat.

  Alleen toen gaf hij aan dat AVG draaide dus die heb ik uitgezet.
  toen opnieuw Combofix gedownload.

  En toen gaf hij nog steeds aan dat AVG draait. Alleen als ik in mijn processen AVG beeindig dan komt hij gewoon weer terug.

  Nu heb ik zonet geprobeerd om op te starten zonder AVG die opstart.
  Maar dan laad AVG zich alsnog in mijn processen.


  Kan ik nu wel of niet door gaan met Combofix??  Groetjes Guido.
 • Probeer maar door te gaan.
 • Heee,


  Dit is het logje van Combofix:

  ComboFix 09-02-19.01 - Guido 2009-02-20 14:09:44.1 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.2046.1553 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\Guido\Bureaublad\ComboFix.exe
  AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  c:\documents and settings\Guido\Application Data\inst.exe
  c:\windows\OPTIONS\CABS\_desktop.ini

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))
  .

  2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
  2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\documents and settings\Guido\Application Data\Malwarebytes
  2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
  2009-02-20 13:10 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
  2009-02-20 13:10 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
  2009-02-20 12:42 . 2009-02-20 12:42 <DIR> dr-h—– c:\documents and settings\Guido\Onlangs geopend
  2009-02-19 19:45 . 2009-02-19 19:45 268 –ah—– C:\sqmdata15.sqm
  2009-02-19 19:45 . 2009-02-19 19:45 244 –ah—– C:\sqmnoopt15.sqm
  2009-02-19 16:04 . 2009-02-19 16:04 244 –ah—– C:\sqmnoopt14.sqm
  2009-02-19 16:04 . 2009-02-19 16:04 232 –ah—– C:\sqmdata14.sqm
  2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\program files\SUPERAntiSpyware
  2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\documents and settings\Guido\Application Data\SUPERAntiSpyware.com
  2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
  2009-02-19 15:28 . 2009-02-19 15:28 <DIR> d——– c:\program files\Trend Micro
  2009-02-19 15:28 . 2009-02-19 15:31 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
  2009-02-13 16:54 . 2004-03-09 00:00 260,880 –a—— c:\windows\system32\MSFLXGRD.OCX
  2009-02-13 16:54 . 2004-03-09 00:00 124,688 –a—— c:\windows\system32\MSWINSCK.OCX
  2009-02-13 16:54 . 2000-07-15 00:00 101,888 –a—— c:\windows\system32\VB6STKIT.DLL
  2009-02-13 16:54 . 2004-12-22 21:30 53,248 –a—— c:\windows\system32\SpamItBack Screensaver.scr
  2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d——– c:\program files\Trapcode
  2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d——– C:\Presets
  2009-02-08 19:08 . 2009-02-08 19:08 36,868 –a—— c:\program files\uninst-Particular.exe
  2009-02-04 19:52 . 2009-02-04 19:52 244 –ah—– C:\sqmnoopt13.sqm
  2009-02-04 19:52 . 2009-02-04 19:52 232 –ah—– C:\sqmdata13.sqm
  2009-02-04 19:10 . 2009-02-04 19:10 244 –ah—– C:\sqmnoopt12.sqm
  2009-02-04 19:10 . 2009-02-04 19:10 232 –ah—– C:\sqmdata12.sqm
  2009-02-04 19:08 . 2009-02-04 19:08 268 –ah—– C:\sqmdata11.sqm
  2009-02-04 19:08 . 2009-02-04 19:08 244 –ah—– C:\sqmnoopt11.sqm
  2009-02-02 19:38 . 2009-02-09 19:31 <DIR> d——– c:\documents and settings\Guido\CmapToolsLogs
  2009-02-02 19:38 . 2009-02-09 20:12 <DIR> d——– c:\documents and settings\Guido\Application Data\CmapTools
  2009-02-02 19:33 . 2009-02-02 19:33 <DIR> d–h—– c:\program files\Zero G Registry
  2009-02-02 19:33 . 2009-02-02 19:38 <DIR> d——– c:\program files\IHMC CmapTools
  2009-02-02 19:32 . 2009-02-02 19:32 <DIR> d–h—– c:\documents and settings\Guido\InstallAnywhere
  2009-01-31 16:33 . 2009-01-31 16:33 <DIR> d——– c:\program files\Cycore FX 1.0.1
  2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\program files\QuickTime
  2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple Computer
  2009-01-22 16:35 . 2009-01-22 16:41 <DIR> d——– c:\program files\Diskeeper Corporation
  2009-01-21 16:51 . 2009-01-21 16:51 268 –ah—– C:\sqmdata10.sqm
  2009-01-21 16:51 . 2009-01-21 16:51 244 –ah—– C:\sqmnoopt10.sqm
  2009-01-21 16:46 . 2009-01-21 16:46 244 –ah—– C:\sqmnoopt09.sqm
  2009-01-21 16:46 . 2009-01-21 16:46 232 –ah—– C:\sqmdata09.sqm
  2009-01-21 16:36 . 2009-01-21 16:36 244 –ah—– C:\sqmnoopt08.sqm
  2009-01-21 16:36 . 2009-01-21 16:36 232 –ah—– C:\sqmdata08.sqm
  2009-01-21 16:17 . 2009-01-21 16:17 244 –ah—– C:\sqmnoopt07.sqm
  2009-01-21 16:17 . 2009-01-21 16:17 232 –ah—– C:\sqmdata07.sqm
  2009-01-21 16:12 . 2009-01-21 16:12 268 –ah—– C:\sqmdata06.sqm
  2009-01-21 16:12 . 2009-01-21 16:12 244 –ah—– C:\sqmnoopt06.sqm

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2009-02-19 14:42 ——— d—–w c:\program files\BearShare
  2009-02-19 14:31 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
  2009-02-19 11:49 ——— d—–w c:\documents and settings\Guido\Application Data\uTorrent
  2009-02-19 11:34 ——— d—–w c:\program files\Euro Truck Simulator
  2009-02-18 21:04 ——— d—–w c:\documents and settings\Guido\Application Data\Vso
  2009-02-16 21:34 ——— d—–w c:\documents and settings\Guido\Application Data\U3
  2009-02-12 21:03 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
  2009-02-11 18:40 ——— d—–w c:\documents and settings\Guido\Application Data\Image Zone Express
  2009-02-10 07:09 ——— d—–w c:\documents and settings\Guido\Application Data\Nero
  2009-01-31 20:24 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
  2009-01-31 20:24 107,272 —-a-w c:\windows\system32\drivers\avgtdix.sys
  2009-01-31 20:24 10,520 —-a-w c:\windows\system32\avgrsstx.dll
  2009-01-31 20:24 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
  2009-01-23 13:53 ——— d–h–w c:\program files\InstallShield Installation Information
  2009-01-08 19:41 ——— d—–w c:\documents and settings\Guido\Application Data\SuperNZB
  2009-01-08 19:22 ——— d—–w c:\documents and settings\Guido\Application Data\GrabIt
  2009-01-08 18:59 ——— d—–w c:\documents and settings\Guido\Application Data\NewzToolz-EZ
  2009-01-08 16:20 ——— d—–w c:\documents and settings\Guido\Application Data\ProtectDisc
  2009-01-07 18:52 ——— d—–w c:\documents and settings\Guido\Application Data\VanDale
  2009-01-04 11:53 107,888 —-a-w c:\windows\system32\CmdLineExt.dll
  2009-01-04 11:53 ——— d–h–r c:\documents and settings\Guido\Application Data\SecuROM
  2009-01-03 21:13 ——— d—–w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
  2009-01-02 20:12 ——— d—–w c:\program files\Common Files\InstallShield
  2009-01-02 20:12 ——— d—–w c:\program files\Atari
  2009-01-02 17:28 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
  2008-12-31 10:21 410,984 —-a-w c:\windows\system32\deploytk.dll
  2008-12-31 10:21 ——— d—–w c:\program files\Java
  2008-12-29 10:36 ——— d—–w c:\program files\Common Files\Adobe Systems Shared
  2008-12-29 10:36 ——— d—–w c:\program files\Common Files\Adobe
  2008-12-25 18:30 ——— d—–w c:\program files\CCleaner
  2008-12-25 12:30 ——— d—–w c:\documents and settings\Guido\Application Data\BPFTP
  2008-12-23 11:24 ——— d—–w c:\documents and settings\Guido\Application Data\Canneverbe_Limited
  2008-12-23 10:09 ——— d—–w c:\documents and settings\Guido\Application Data\CoreFTP
  2008-12-20 23:03 826,368 —-a-w c:\windows\system32\wininet.dll
  2008-12-06 15:53 183,112 —-a-w c:\windows\system32\PnkBstrB.exe
  2008-11-25 15:55 66,872 —-a-w c:\windows\system32\PnkBstrA.exe
  2008-11-23 17:34 696,836 —-a-w c:\windows\system32\unins000.exe
  2008-11-23 17:14 47,360 —-a-w c:\documents and settings\Guido\Application Data\pcouffin.sys
  2008-11-23 15:13 315,392 —-a-w c:\windows\HideWin.exe
  2008-11-23 15:12 15,600 —-a-w c:\windows\gdrv.sys
  2006-05-03 10:06 163,328 –sh–r c:\windows\system32\flvDX.dll
  2007-02-21 11:47 31,232 –sh–r c:\windows\system32\msfDX.dll
  2007-12-17 13:43 27,648 –sh–w c:\windows\system32\Smab0.dll
  .

  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
  "36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
  "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
  "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
  "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
  "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
  "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
  "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
  "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

  c:\documents and settings\Guido\Menu Start\Programma's\Opstarten\
  Diskeeper 10 Professional Edition Registration.lnk - c:\program files\Diskeeper Corporation\Diskeeper\ESIRegister.exe [2006-03-02 818176]

  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
  "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
  2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
  2009-01-31 21:24 10520 c:\windows\system32\avgrsstx.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "VIDC.I420"= i420vfw.dll
  "msacm.ac3filter"= ac3filter.acm
  "msacm.avis"= ff_acm.acm

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
  "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
  "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
  "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
  "c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
  "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
  "c:\\WINDOWS\\system32\\java.exe"=
  "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
  "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

  R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 325128]
  R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 107272]
  R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
  R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
  R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-23 903960]
  R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 298264]
  R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
  R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [2008-11-23 178913]
  S3 ntportio;ntportio;\??\c:\documents and settings\Guido\Mijn documenten\SemcTool_v8.7\SemcTool v8.7\ntportio.sys –> c:\documents and settings\Guido\Mijn documenten\SemcTool_v8.7\SemcTool v8.7\ntportio.sys [?]
  S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18e76409-db42-11dd-9486-001a4d545aa5}]
  \Shell\AutoRun\command - N:\LaunchU3.exe -a
  .
  Inhoud van de 'Gedeelde Taken' map

  2009-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
  - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://www.schakelklasse.nl/
  uInternet Settings,ProxyOverride = *.local
  IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  .

  **************************************************************************

  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-02-20 14:10:44
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
  "AB141C35E9F4BF344B9FC010BB17F68A"=""

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
  @DACL=(02 0000)
  "Installed"="1"
  @=""

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
  @DACL=(02 0000)
  "NoChange"="1"
  "Installed"="1"
  @=""

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
  @DACL=(02 0000)
  "Installed"="1"
  @=""
  .
  ——————— DLLs Geladen Onder Lopende Processen ———————

  - - - - - - - > 'winlogon.exe'(800)
  c:\program files\SUPERAntiSpyware\SASWINLO.dll
  .
  Voltooingstijd: 2009-02-20 14:11:31
  ComboFix-quarantined-files.txt 2009-02-20 13:11:29

  Pre-Run: 49.958.576.128 bytes beschikbaar
  Post-Run: 50,009,194,496 bytes beschikbaar

  WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
  [boot loader]
  timeout=2
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

  235 — E O F — 2009-02-13 21:49:53
  Wat moet ik nu doen?

  Groetjes Guido.
 • Download Flash_Disinfector.exe en plaats hem op je bureaublad: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
  Zorg dat de flasdrives / usbsticks / externe harde schijven ook ingestoken zijn.
  Dubbelklik op Flash_Disinfector.exe om de tool te starten.
  Als de tool klaar is, zal de computer opnieuw starten.  Open een kladblokbestand.
  Kopieer de onderstaande code, en plak deze in het kladblokbestand.

 • Hallo,  Dit is het logje:

  ComboFix 09-02-19.01 - Guido 2009-02-20 14:44:33.2 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.2046.1539 [GMT 1:00]
  Gestart vanuit: c:\documents and settings\Guido\Bureaublad\ComboFix.exe
  gebruikte Opdracht switches :: c:\documents and settings\Guido\Bureaublad\CFScript.txt
  AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
  * Nieuw herstelpunt werd aangemaakt

  FILE ::
  C:\sqmdata06.sqm
  C:\sqmdata07.sqm
  C:\sqmdata08.sqm
  C:\sqmdata09.sqm
  C:\sqmdata10.sqm
  C:\sqmdata11.sqm
  C:\sqmdata12.sqm
  C:\sqmdata13.sqm
  C:\sqmdata14.sqm
  C:\sqmdata15.sqm
  C:\sqmnoopt06.sqm
  C:\sqmnoopt07.sqm
  C:\sqmnoopt08.sqm
  C:\sqmnoopt09.sqm
  C:\sqmnoopt10.sqm
  C:\sqmnoopt11.sqm
  C:\sqmnoopt12.sqm
  C:\sqmnoopt13.sqm
  C:\sqmnoopt14.sqm
  C:\sqmnoopt15.sqm
  c:\windows\gdrv.sys
  c:\windows\system32\flvDX.dll
  c:\windows\system32\Smab0.dll
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\sqmdata06.sqm
  C:\sqmdata07.sqm
  C:\sqmdata08.sqm
  C:\sqmdata09.sqm
  C:\sqmdata10.sqm
  C:\sqmdata11.sqm
  C:\sqmdata12.sqm
  C:\sqmdata13.sqm
  C:\sqmdata14.sqm
  C:\sqmdata15.sqm
  C:\sqmnoopt06.sqm
  C:\sqmnoopt07.sqm
  C:\sqmnoopt08.sqm
  C:\sqmnoopt09.sqm
  C:\sqmnoopt10.sqm
  C:\sqmnoopt11.sqm
  C:\sqmnoopt12.sqm
  C:\sqmnoopt13.sqm
  C:\sqmnoopt14.sqm
  C:\sqmnoopt15.sqm
  c:\windows\gdrv.sys
  c:\windows\system32\flvDX.dll
  c:\windows\system32\Smab0.dll

  .
  (((((((((((((((((((( Bestanden Gemaakt van 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))
  .

  2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
  2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\documents and settings\Guido\Application Data\Malwarebytes
  2009-02-20 13:10 . 2009-02-20 13:10 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
  2009-02-20 13:10 . 2009-02-11 10:19 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys
  2009-02-20 13:10 . 2009-02-11 10:19 15,504 –a—— c:\windows\system32\drivers\mbam.sys
  2009-02-20 12:42 . 2009-02-20 14:43 <DIR> dr-h—– c:\documents and settings\Guido\Onlangs geopend
  2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\program files\SUPERAntiSpyware
  2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\documents and settings\Guido\Application Data\SUPERAntiSpyware.com
  2009-02-19 15:32 . 2009-02-19 15:32 <DIR> d——– c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
  2009-02-19 15:28 . 2009-02-19 15:28 <DIR> d——– c:\program files\Trend Micro
  2009-02-19 15:28 . 2009-02-19 15:31 <DIR> d-a—— c:\documents and settings\All Users\Application Data\TEMP
  2009-02-13 16:54 . 2004-03-09 00:00 260,880 –a—— c:\windows\system32\MSFLXGRD.OCX
  2009-02-13 16:54 . 2004-03-09 00:00 124,688 –a—— c:\windows\system32\MSWINSCK.OCX
  2009-02-13 16:54 . 2000-07-15 00:00 101,888 –a—— c:\windows\system32\VB6STKIT.DLL
  2009-02-13 16:54 . 2004-12-22 21:30 53,248 –a—— c:\windows\system32\SpamItBack Screensaver.scr
  2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d——– c:\program files\Trapcode
  2009-02-08 19:08 . 2009-02-08 19:08 <DIR> d——– C:\Presets
  2009-02-08 19:08 . 2009-02-08 19:08 36,868 –a—— c:\program files\uninst-Particular.exe
  2009-02-02 19:38 . 2009-02-09 19:31 <DIR> d——– c:\documents and settings\Guido\CmapToolsLogs
  2009-02-02 19:38 . 2009-02-09 20:12 <DIR> d——– c:\documents and settings\Guido\Application Data\CmapTools
  2009-02-02 19:33 . 2009-02-02 19:33 <DIR> d–h—– c:\program files\Zero G Registry
  2009-02-02 19:33 . 2009-02-02 19:38 <DIR> d——– c:\program files\IHMC CmapTools
  2009-02-02 19:32 . 2009-02-02 19:32 <DIR> d–h—– c:\documents and settings\Guido\InstallAnywhere
  2009-01-31 16:33 . 2009-01-31 16:33 <DIR> d——– c:\program files\Cycore FX 1.0.1
  2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\program files\QuickTime
  2009-01-28 17:09 . 2009-01-28 17:09 <DIR> d——– c:\documents and settings\All Users\Application Data\Apple Computer
  2009-01-22 16:35 . 2009-01-22 16:41 <DIR> d——– c:\program files\Diskeeper Corporation

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2009-02-20 13:39 ——— d—–w c:\documents and settings\Guido\Application Data\uTorrent
  2009-02-19 14:42 ——— d—–w c:\program files\BearShare
  2009-02-19 14:31 ——— d—–w c:\program files\Common Files\Wise Installation Wizard
  2009-02-19 11:34 ——— d—–w c:\program files\Euro Truck Simulator
  2009-02-18 21:04 ——— d—–w c:\documents and settings\Guido\Application Data\Vso
  2009-02-16 21:34 ——— d—–w c:\documents and settings\Guido\Application Data\U3
  2009-02-12 21:03 ——— d—–w c:\documents and settings\All Users\Application Data\Microsoft Help
  2009-02-11 18:40 ——— d—–w c:\documents and settings\Guido\Application Data\Image Zone Express
  2009-02-10 07:09 ——— d—–w c:\documents and settings\Guido\Application Data\Nero
  2009-01-31 20:24 325,128 —-a-w c:\windows\system32\drivers\avgldx86.sys
  2009-01-31 20:24 107,272 —-a-w c:\windows\system32\drivers\avgtdix.sys
  2009-01-31 20:24 10,520 —-a-w c:\windows\system32\avgrsstx.dll
  2009-01-31 20:24 ——— d—–w c:\documents and settings\All Users\Application Data\avg8
  2009-01-23 13:53 ——— d–h–w c:\program files\InstallShield Installation Information
  2009-01-08 19:41 ——— d—–w c:\documents and settings\Guido\Application Data\SuperNZB
  2009-01-08 19:22 ——— d—–w c:\documents and settings\Guido\Application Data\GrabIt
  2009-01-08 18:59 ——— d—–w c:\documents and settings\Guido\Application Data\NewzToolz-EZ
  2009-01-08 16:20 ——— d—–w c:\documents and settings\Guido\Application Data\ProtectDisc
  2009-01-07 18:52 ——— d—–w c:\documents and settings\Guido\Application Data\VanDale
  2009-01-04 11:53 107,888 —-a-w c:\windows\system32\CmdLineExt.dll
  2009-01-04 11:53 ——— d–h–r c:\documents and settings\Guido\Application Data\SecuROM
  2009-01-03 21:13 ——— d—–w c:\documents and settings\All Users\Application Data\Test Drive Unlimited
  2009-01-02 20:12 ——— d—–w c:\program files\Common Files\InstallShield
  2009-01-02 20:12 ——— d—–w c:\program files\Atari
  2009-01-02 17:28 ——— d—–w c:\documents and settings\All Users\Application Data\McAfee
  2008-12-31 10:21 410,984 —-a-w c:\windows\system32\deploytk.dll
  2008-12-31 10:21 ——— d—–w c:\program files\Java
  2008-12-29 10:36 ——— d—–w c:\program files\Common Files\Adobe Systems Shared
  2008-12-29 10:36 ——— d—–w c:\program files\Common Files\Adobe
  2008-12-25 18:30 ——— d—–w c:\program files\CCleaner
  2008-12-25 12:30 ——— d—–w c:\documents and settings\Guido\Application Data\BPFTP
  2008-12-23 11:24 ——— d—–w c:\documents and settings\Guido\Application Data\Canneverbe_Limited
  2008-12-23 10:09 ——— d—–w c:\documents and settings\Guido\Application Data\CoreFTP
  2008-12-20 23:03 826,368 —-a-w c:\windows\system32\wininet.dll
  2008-12-06 15:53 183,112 —-a-w c:\windows\system32\PnkBstrB.exe
  2008-11-25 15:55 66,872 —-a-w c:\windows\system32\PnkBstrA.exe
  2008-11-23 17:34 696,836 —-a-w c:\windows\system32\unins000.exe
  2008-11-23 17:14 47,360 —-a-w c:\documents and settings\Guido\Application Data\pcouffin.sys
  2008-11-23 15:13 315,392 —-a-w c:\windows\HideWin.exe
  2007-02-21 11:47 31,232 –sh–r c:\windows\system32\msfDX.dll
  .

  ((((((((((((((((((((((((((((( SnapShot@2009-02-20_14.11.03,00 )))))))))))))))))))))))))))))))))))))))))
  .
  + 2009-02-20 13:42:28 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_208.dat
  + 2009-02-20 13:42:29 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_2f4.dat
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
  "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
  "36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
  "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
  "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
  "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
  "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
  "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
  "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
  "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]
  "nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

  c:\documents and settings\Guido\Menu Start\Programma's\Opstarten\
  Diskeeper 10 Professional Edition Registration.lnk - c:\program files\Diskeeper Corporation\Diskeeper\ESIRegister.exe [2006-03-02 818176]

  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
  "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
  2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
  2009-01-31 21:24 10520 c:\windows\system32\avgrsstx.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "VIDC.I420"= i420vfw.dll
  "msacm.ac3filter"= ac3filter.acm
  "msacm.avis"= ff_acm.acm

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
  "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
  "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
  "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
  "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
  "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
  "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
  "c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
  "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
  "c:\\WINDOWS\\system32\\java.exe"=
  "c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
  "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

  R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 325128]
  R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 107272]
  R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
  R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
  R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-23 903960]
  R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 298264]
  R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
  R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
  R3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [2008-11-23 178913]
  S3 ntportio;ntportio;\??\c:\documents and settings\Guido\Mijn documenten\SemcTool_v8.7\SemcTool v8.7\ntportio.sys –> c:\documents and settings\Guido\Mijn documenten\SemcTool_v8.7\SemcTool v8.7\ntportio.sys [?]
  .
  Inhoud van de 'Gedeelde Taken' map

  2009-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
  - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
  .
  .
  ——- Bijkomende Scan ——-
  .
  uStart Page = hxxp://www.schakelklasse.nl/
  uInternet Settings,ProxyOverride = *.local
  IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  .

  **************************************************************************

  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-02-20 14:45:41
  Windows 5.1.2600 Service Pack 2 NTFS

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
  "AB141C35E9F4BF344B9FC010BB17F68A"=""

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
  @DACL=(02 0000)
  "Installed"="1"
  @=""

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
  @DACL=(02 0000)
  "NoChange"="1"
  "Installed"="1"
  @=""

  [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
  @DACL=(02 0000)
  "Installed"="1"
  @=""
  .
  ——————— DLLs Geladen Onder Lopende Processen ———————

  - - - - - - - > 'winlogon.exe'(800)
  c:\program files\SUPERAntiSpyware\SASWINLO.dll
  .
  Voltooingstijd: 2009-02-20 14:46:33
  ComboFix-quarantined-files.txt 2009-02-20 13:46:31
  ComboFix2.txt 2009-02-20 13:11:32

  Pre-Run: 49.983.115.264 bytes beschikbaar
  Post-Run: 49,989,599,232 bytes beschikbaar

  257 — E O F — 2009-02-13 21:49:53
  Ik heb nog wel een vraagje.
  Als ik opstart en na het scherm dat hij de DMI Pool Data aan het veryvieren is.

  Krijg ik de keuze om op te starten vanuit WINDOWS XP of WINDOWS RECOVER CONSOLE

  Is dit goed, en moet dit zo blijven of kan dit ook weg?  Groetjes Guido.
 • Het is handiger dat dat met de recovery console zo blijft.

  Zijn er verder nog problemen?
 • Graag gedaan,


  Doe nog even dit:


  Download ATF cleaner (mirror)(gemaakt door Atribune)

  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

  Dubbelklik op

  ATF cleaner om het programma te starten.
  Op het tabblad Main, plaats je een vinkje bij Select All.
  Klik op de knop Empty Selected.

  Het volgende doen als je ook FireFox als browser hebt:

  Klik op tabblad Firefox, plaats een vinkje bij Select All.
  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
  (dit haalt het vinkje weer weg bij Firefox saved passwords)
  Klik op de knop Empty Selected.

  Het volgende doen als je ook Opera als browser hebt:

  Klik op tabblad Opera, plaats een vinkje bij Select All.
  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
  Klik op de knop Empty Selected.
  Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.(Denk eraan Combofix verwijderen doormiddel van start->uitvoeren [b:2c70f6b4ca]ComboFix /U[/b:2c70f6b4ca] typen en op enter drukken!!)


  - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
  - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
  - Zet een vinkje voor "Systeemherstel uitschakelen".
  - Klik "Toepassen".
  - Windows vraagt of je dat zeker weet.
  - Klik "Ja".
  - Klik "OK".
  - Start de pc opnieuw op.
  - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
  - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
  - Klik "Ja".
  - Verwijder het vinkje voor "Systeemherstel uitschakelen".
  - Klik "Toepassen".
  - Klik "OK".
  - Start de pc opnieuw op
  - Er is nu een nieuw schoon herstel punt aangemaakt

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.