haantje

k heb nu Malwarebytes uitgevinkt bij 'automatisch opstarten'. Nu heb ik geen melding meer van opstartproblemen. Ik denk dat er nog wel dingen tussenstaan die ik mag uitvinken. Kan ik daar ook een logje van maken? grt en slaapwel

Logje combofix: ComboFix 11-06-17.04 - Karine 18/06/2011 22:15:23.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.1791.997 [GMT 1:00] Gestart vanuit: c:\users\Karine\Desktop\ComboFix.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))) . . 2011-06-18 21:21 . 2011-06-18 21:21 -------- d-----w- c:\users\Karine\AppData\Local\temp 2011-06-18 21:21 . 2011-06-18 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-18 12:46 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-18 12:46 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-18 12:46 . 2011-06-18 12:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-18 11:38 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-06-17 21:03 . 2011-06-18 21:14 -------- d-----w- C:\32788R22FWJFW 2011-06-17 18:34 . 2011-06-17 18:34 -------- d-----w- c:\users\Karine\AppData\Roaming\Malwarebytes 2011-06-17 18:34 . 2011-06-17 18:34 -------- d-----w- c:\programdata\Malwarebytes 2011-06-17 15:55 . 2011-06-17 15:55 388096 ----a-r- c:\users\Karine\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-17 15:55 . 2011-06-17 15:55 -------- d-----w- c:\program files\Trend Micro 2011-06-17 15:19 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32C64C58-9530-4B78-B698-C64D43EC4810}\mpengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 14:43 . 2011-02-06 18:26 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-05-24 18:14 . 2009-10-02 14:07 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-10 12:10 . 2011-02-06 18:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-02-06 18:59 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-02-06 19:00 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-02-06 19:00 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 11:59 . 2011-02-06 19:00 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-02-06 19:00 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-05-10 11:59 . 2011-02-06 19:00 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-09 11:08 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2011-05-09 11:08 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-07 1232896] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-09-12 561152] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . c:\users\Karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176] R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-08-23 61440] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176] R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-06-07 17480] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456] . . Inhoud van de 'Gedeelde Taken' map . 2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 19:17] . 2011-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 19:17] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 195.130.131.130 195.130.130.2 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-18 22:21 Windows 6.0.6000 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Voltooingstijd: 2011-06-18 22:23:53 ComboFix-quarantined-files.txt 2011-06-18 21:23 ComboFix2.txt 2011-06-17 21:13 ComboFix3.txt 2011-06-17 20:22 . Pre-Run: 104.778.649.600 bytes beschikbaar Post-Run: 104.760.545.280 bytes beschikbaar . - - End Of File - - 07D3D9842418AD81ED0164264AA6BC83 Ik zal nu nog eens heropstarten om te kijken of hetprobleem zich nog voordoet. Bedenking:ik gebruik windows defender. Die kan toch niet conflicteren met malwarebytes en dat daardoor dit laatste bokkeert bij het opstarten? Ik zal nu eens opstarten zonder windows defender (want uitgeschakeld voor combofix). ---------- Post toegevoegd om 21:34 ---------- Vorige post was om 21:26 ---------- Heropgestart en het probleem opstartprogramma's blijft. Windows defender en avast zijn nog steeds uitgeschakeld. Dus, Malwarebytes start niet automatisch op.

Kape, opnieuw COMBOFIX? Heb dit gisteren al 2 keer gestart (2e keer om restanten registry boot weg te krijgen). grt

Malwarebytes verwijderd en opnieuw geïnstalleerd. Ik heb wel volgende link gebruikt: http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe Deze werd door Kweezie Wabbit gepost ergens. De link op pagina 1 van dit topic kan ik niet openen. De melding blijft. Ze verschijnt even op het scherm bij het opstarten van Windows. De volledige melding is ongeveer zo: Bepaalde opstartprogramma's zijn geblokkeerd waarvoor uw toestemming vereist is. En bij malwarebytes is inderdaad toestemming vereist.

Hallo Ik kan erin kijken en het is Malwarebytes. Grt

Alles lijkt goed te werken. Ik krijg bij het opstarten wel de melding dat er geblokkeerde opstartprogramma's zijn. Antivirus en antispyware heb ik intussen opnieuw ingeschakeld. grt zus van Haantje

Done: ComboFix 11-06-17.04 - Karine 17/06/2011 22:05:24.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.1791.901 [GMT 1:00] Gestart vanuit: c:\users\Karine\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Karine\Desktop\CFScript.txt . FILE :: "c:\windows\system32\ConduitEngine.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Uniblue\RegistryBooster c:\program files\Uniblue\RegistryBooster\cache.dll c:\program files\Uniblue\RegistryBooster\rbmonitor.exe c:\users\Karine\AppData\Local\Conduit c:\users\Karine\AppData\Local\Conduit\CT2088433\ToggleDUAutoUpdaterHelper.exe c:\windows\system32\ConduitEngine.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))) . . 2011-06-17 21:10 . 2011-06-17 21:10 -------- d-----w- c:\users\Karine\AppData\Local\temp 2011-06-17 21:10 . 2011-06-17 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-17 21:03 . 2011-06-17 21:04 -------- d-----w- C:\32788R22FWJFW 2011-06-17 18:34 . 2011-06-17 18:34 -------- d-----w- c:\users\Karine\AppData\Roaming\Malwarebytes 2011-06-17 18:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-17 18:34 . 2011-06-17 18:34 -------- d-----w- c:\programdata\Malwarebytes 2011-06-17 18:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-17 18:34 . 2011-06-17 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-17 15:55 . 2011-06-17 15:55 388096 ----a-r- c:\users\Karine\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-17 15:55 . 2011-06-17 15:55 -------- d-----w- c:\program files\Trend Micro 2011-06-17 15:19 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32C64C58-9530-4B78-B698-C64D43EC4810}\mpengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 14:43 . 2011-02-06 18:26 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-05-24 18:14 . 2009-10-02 14:07 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-09 11:08 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2011-05-09 11:08 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-07 1232896] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-09-12 561152] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\users\Karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176] R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-08-23 61440] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176] R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-06-07 17480] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456] . . Inhoud van de 'Gedeelde Taken' map . 2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 19:17] . 2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 19:17] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 195.130.131.130 195.130.130.2 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-17 22:10 Windows 6.0.6000 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Voltooingstijd: 2011-06-17 22:13:11 ComboFix-quarantined-files.txt 2011-06-17 21:13 ComboFix2.txt 2011-06-17 20:22 . Pre-Run: 100.124.721.152 bytes beschikbaar Post-Run: 100.097.474.560 bytes beschikbaar . - - End Of File - - 2ECBF978DCC3560CC8DE12022C3A1214

Ziezo - combofix logje: ComboFix 11-06-17.04 - Karine 17/06/2011 21:07:24.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.32.1043.18.1791.1063 [GMT 1:00] Gestart vanuit: c:\users\Karine\Desktop\ComboFix.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))) . . 2011-06-17 20:16 . 2011-06-17 20:16 -------- d-----w- c:\users\Karine\AppData\Local\temp 2011-06-17 18:34 . 2011-06-17 18:34 -------- d-----w- c:\users\Karine\AppData\Roaming\Malwarebytes 2011-06-17 18:34 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-17 18:34 . 2011-06-17 18:34 -------- d-----w- c:\programdata\Malwarebytes 2011-06-17 18:34 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-17 18:34 . 2011-06-17 18:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-17 15:55 . 2011-06-17 15:55 388096 ----a-r- c:\users\Karine\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-17 15:55 . 2011-06-17 15:55 -------- d-----w- c:\program files\Trend Micro 2011-06-17 15:19 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32C64C58-9530-4B78-B698-C64D43EC4810}\mpengine.dll 2011-05-25 08:01 . 2011-05-25 08:01 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-05-25 08:01 . 2011-05-25 08:01 -------- d-----w- c:\users\Karine\AppData\Local\Conduit . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-07 14:43 . 2011-02-06 18:26 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-05-24 18:14 . 2009-10-02 14:07 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-09 11:08 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2011-05-09 11:08 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-07 1232896] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-09-12 561152] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\users\Karine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176] R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [2007-08-23 61440] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 136176] R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-06-07 17480] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456] . Ik schakel dan nu mijn antivirus en antispyware opnieuw in. grt

Die RegistryBooster is nogal hardnekkig.Via configuratiescherm - software wil hij niet verwijderen. De map RegistryBooster verwijderen: 'u bent niet gemachtigd om deze bewerking uit te voeren'. Ik heb dan in de map RegistryBooster de bestanden proberen verwijderen en volgende 2 bestandjes krijg ik niet weg: cache.dll rbmonitor De rest heb ik weg gekregen. Dan is het nu tijd voor combofix! Tot straks... Grt

Oh ja C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Dit werd eens geïnstalleerd, maar nooit gebruikt. Raad je aan om dit te verwijderen of behouden? grt

Hier al het logje van MBAM:Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversie: 6888 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 17/06/2011 20:16:30 mbam-log-2011-06-17 (20-16-30).txt Scantype: Snelle scan Objecten gescand: 153713 Verstreken tijd: 9 minuut/minuten, 34 seconde(n) Geheugenprocessen geïnfecteerd: 1 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 1 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 4 Bestanden geïnfecteerd: 14 Geheugenprocessen geïnfecteerd: c:\Windows\Temp\spoolsv\spoolsv.exe (Trojan.Downloader) -> 3488 -> Unloaded process successfully. Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\svchost (Backdoor.Bot) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv (Trojan.Downloader) -> Value: spoolsv -> Quarantined and deleted successfully. Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\Windows\Temp\spoolsv (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\download (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\logs (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\sounds (Backdoor.Bot) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\Windows\Temp\spoolsv\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Karine\local settings\temporary internet files\Content.IE5\NWBU6RCT\facebook-pic000934519[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\a.reg (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\aliases.ini (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\com.mrc (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\control.ini (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\fullname.txt (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\ident.txt (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\mirc.ico (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\mirc.ini (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\remote.ini (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\run.bat (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\servers.ini (Backdoor.Bot) -> Quarantined and deleted successfully. c:\Windows\Temp\spoolsv\users.ini (Backdoor.Bot) -> Quarantined and deleted successfully. ---------- Post toegevoegd om 19:30 ---------- Vorige post was om 19:17 ---------- En het nieuwe Hijackthis logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:31:50, on 17/06/2011 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AuditVista] O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- End of file - 7689 bytes Wat kan ik verder nog doen? Grt Zus van Haantje

Hallo De laptop van mijn zus werkt heel traag. Hij is voortdurend aan't 'ratelen' en er draait vanalles op de achtergrond. Ik heb een logje gemaakt via hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:02:30, on 17/06/2011 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Windows\Temp\spoolsv\spoolsv.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Windows\system32\conime.exe C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\prxtbTog0.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O2 - BHO: ToggleDU - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\prxtbTog0.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ToggleDU Toolbar - {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - C:\Program Files\ToggleDU\prxtbTog0.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AuditVista] O4 - HKLM\..\Run: [spoolsv] "C:\Windows\temp\spoolsv\spoolsv.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: ZooskMessenger.lnk = C:\Program Files\ZooskMessenger\ZooskMessenger.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- End of file - 8442 bytes Kijken jullie even of we hem wat kunnen opkuisen aub? Alvast bedankt Zus van Haantje