kurt5

Heb er toch terug avg antivirus x64 kunnen opzetten, ga morgen met het hulpmiddel van avg de free editie eraf doen (hopelijk deze keer volledig) en proberen een hijackthislog en combofixlog te posten. ---------- Post toegevoegd om 23:29 ---------- Vorige post was om 23:19 ---------- Verdorie te vroeg victorie gekraaid, alles is bij het oude gebleven. Nu weet ik helemaal niet meer. Iemand?

hij blijft zeggen dat avg moet gewist worden er is nergens een spoor van avg behalve een icoontje dichtbij het horloge. Niets lukt alles wat ik probeer op te starten zoals combofix of hijack sluit vanzelf af zonder ee spoor na te laten. Ik ga een logje meeleveren van avg rescue CD voor usb, hij heeft de pc gescand bij het opstarten, misschien heb je er iets aan. avgremover.log

Toch weer niets, halverwege de download zegt de pc dat er een msi-fout is. Back to nothing dus. Andere ideeën?

Ik heb die map manueel verwijderd maar kon combofix nog niet niet laten draaien, maar nu kan ik de volledige versie van AVG downloaden en hopelijk installeren. Ik hou jullie op de hoogte.

[TABLE=class: top left] [TR] [TD=colspan: 2]Dit bestand is al eerder gescand. De resultaten van deze scan worden hieronder getoond. [/TD] [/TR] [TR] [TD] [/TD] [TD] [/TD] [/TR] [TR] [TD=colspan: 2] [/TD] [/TR] [TR] [TD]Bestandsnaam:[/TD] [TD=width: *]EXCEL.EXE[/TD] [/TR] [TR] [TD]Status:[/TD] [TD]Scan voltooid. 1 uit 20 scanners vonden malware. [/TD] [/TR] [TR] [TD]Scan genomen op: [/TD] [TD]di 5 jul 2011 14:37:52 (CET) Permalink[/TD] [/TR] [TR] [TD][/TD] [TD][/TD] [/TR] [/TABLE] [TABLE=class: scannertable, width: 464] [TR] [TD]Bestandsgrootte:[/TD] [TD]18363240 bytes[/TD] [/TR] [TR] [TD=width: 100]Bestandstype:[/TD] [TD]PE32 executable for MS Windows (GUI) Intel 80386 32-bit[/TD] [/TR] [TR] [TD]MD5:[/TD] [TD]4e4531335a7ea2f2050288545e1d310f[/TD] [/TR] [TR] [TD]SHA1:[/TD] [TD]1b97fdd17fa27e8114f99b55aac0411a6ab3668d[/TD] [/TR] [/TABLE] [TABLE=class: scannertable] [TR] [TD][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-04 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 W32.Virut.Gen.D-163 [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-04 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-04 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-05 Niets gevonden [/TD] [/TR] [TR] [/TR] [/TABLE] [TABLE=class: top left] [TR] [TD]Bestandsnaam:[/TD] [TD=width: *]excelcnv.exe[/TD] [/TR] [TR] [TD]Status:[/TD] [TD]Scan voltooid. 1 uit 20 scanners vonden malware. [/TD] [/TR] [TR] [TD]Scan genomen op: [/TD] [TD]ma 11 jul 2011 12:35:41 (CET) Permalink[/TD] [/TR] [TR] [TD][/TD] [TD][/TD] [/TR] [/TABLE] [TABLE=class: scannertable, width: 464] [TR] [TD]Bestandsgrootte:[/TD] [TD]15144296 bytes[/TD] [/TR] [TR] [TD=width: 100]Bestandstype:[/TD] [TD]PE32 executable for MS Windows (GUI) Intel 80386 32-bit[/TD] [/TR] [TR] [TD]MD5:[/TD] [TD]29d256069dbcca1d9c88c2493eda9fb9[/TD] [/TR] [TR] [TD]SHA1:[/TD] [TD]0871c55698b8b00c02e4a05d968e3c1a2e8601[/TD] [/TR] [/TABLE] [TABLE=class: scannertable, width: 948] [TR] [TD][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-10 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 W32.Virut.Gen.D-163 [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-10 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-11 Niets gevonden [/TD] [/TR] [TR] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-10 Niets gevonden [/TD] [TD=width: 85][/TD] [TD=class: vcentre]2011-07-10 Niets gevonden [/TD] [/TR] [TR] [/TR] [/TABLE]

In bijlage zie je wat er gebeurt als ik AVG remover gebruik, op een bepaald moment stopt hij en zie je dit. Het logje van ClamWin steek ik er ook bij. Log ClamWin Memory scan Scan Started Sun Jul 10 22:23:02 2011 ------------------------------------------------------------------------------- *** Scanning Programs in Computer Memory *** *** Memory Scan: using ToolHelp *** WARNING: Can't open file C:\PROGRA~1\AVG\AVG10\avgchsvx.exe, Permission denied WARNING: Can't open file C:\PROGRA~1\AVG\AVG10\avgrsx.exe, Permission denied -------------------------------------- Completed -------------------------------------- Log ClanWin Disk C/D Scan Started Sun Jul 10 11:25:19 2011 ------------------------------------------------------------------------------- C:\Documents and Settings\Administrator\Bureaublad\Bedrockplace • Toon onderwerp - RockIt DJ Pro 4_20_1620 (rs)NIEUWE CODE!!!.mht: no action performed on a mailbox WARNING: Can't open file C:\Documents and Settings\Administrator\Local Settings\temp\nse52.tmp: Permission denied WARNING: Can't open file C:\Documents and Settings\Administrator\Local Settings\temp\OnlineScanner\Anti-Virus\fssm32.exe: Permission denied WARNING: Can't open file C:\Documents and Settings\Administrator\Mijn documenten\Downloads\HijackThis.exe: Permission denied WARNING: Can't open file C:\hiberfil.sys: Permission denied WARNING: Can't open file C:\pagefile.sys: Permission denied WARNING: Can't open file C:\Program Files\AVG\AVG10\avgchsvx.exe: Permission denied WARNING: Can't open file C:\Program Files\AVG\AVG10\avgcsrvx.exe: Permission denied WARNING: Can't open file C:\Program Files\AVG\AVG10\avgmfapx.exe: Permission denied WARNING: Can't open file C:\Program Files\AVG\AVG10\avgnsx.exe: Permission denied WARNING: Can't open file C:\Program Files\AVG\AVG10\avgrsx.exe: Permission denied WARNING: Can't open file C:\Program Files\AVG\AVG10\avgwdsvc.exe: Permission denied WARNING: Can't open file C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe: Permission denied WARNING: Can't open file C:\Program Files\Bonjour\mDNSResponder.exe: Permission denied WARNING: Can't open file C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe: Permission denied WARNING: Can't open file C:\Program Files\Common Files\LightScribe\LSSrvc.exe: Permission denied WARNING: Can't open file C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe: Permission denied WARNING: Can't open file C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe: Permission denied WARNING: Can't open file C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe: Permission denied WARNING: Can't open file C:\Program Files\Internet Explorer\iexplore.exe: Permission denied WARNING: Can't open file C:\Program Files\Java\jre6\bin\jqs.exe: Permission denied WARNING: Can't open file C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe: Permission denied WARNING: Can't open file C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe: Permission denied WARNING: Can't open file C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe: Permission denied WARNING: Can't open file C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe: Permission denied WARNING: Can't open file C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe: Permission denied WARNING: Can't open file C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe: Permission denied WARNING: Can't open file C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini: Permission denied WARNING: Can't open file C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\default: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\SAM: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\SECURITY: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\software: Permission denied WARNING: Can't open file C:\WINDOWS\system32\config\system: Permission denied WARNING: Can't open file C:\WINDOWS\system32\drivers\1258051470.sys: Permission denied WARNING: Can't open file C:\WINDOWS\system32\IoctlSvc.exe: Permission denied WARNING: Can't open file C:\WINDOWS\system32\Tablet.exe: Permission denied WARNING: Can't open file C:\WINDOWS\system32\wuauclt.exe: Permission denied WARNING: Can't open file C:\WINDOWS\TempFile: Permission denied C:\Documents and Settings\Administrator\Bureaublad\Bedrockplace • Toon onderwerp - RockIt DJ Pro 4_20_1620 (rs)NIEUWE CODE!!!.mht: Heuristics.Phishing.Email.SpoofedDomain FOUND ----------- SCAN SUMMARY ----------- Known viruses: 989346 Engine version: 0.97.1 Scanned directories: 13301 Scanned files: 183272 Infected files: 1 Data scanned: 32556.53 MB Data read: 71215.95 MB (ratio 0.46:1) Time: 9992.750 sec (166 m 32 s) The following files are Digitally Signed by Microsoft Corporation and may have been incorrectly detected as viruses: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE: [W32.Virut.Gen.D-163] FALSE POSITIVE FOUND C:\Program Files\Microsoft Office\Office12\excelcnv.exe: [W32.Virut.Gen.D-163] FALSE POSITIVE FOUND c:\docume~1\admini~1\locals~1\temp\clamav-9ecb88ebc1682636265b0483357e9ce4.00000784.clamtmp: [W32.Virut.Gen.D-163] FALSE POSITIVE FOUND c:\docume~1\admini~1\locals~1\temp\clamav-bf8859db33730881ed5d9147757df313.00000784.clamtmp: [W32.Virut.Gen.D-163] FALSE POSITIVE FOUND Please do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at http://www.clamav.net/sendvirus/ -------------------------------------- Completed -------------------------------------- Virus.doc

Wanneer ik combofx wil starten zegt het prog. dat ik avg moet verwijderen omdat het anders niet veilig is om door te gaan en sluit af. Avg kan ik niet meer verwijderen aangezien het zogezegd niet meer op de pc staat (maar het icoontje staat nog altijd rechtsonder). Wanneer ik op het icoontje van AVG dubbelklik komt het venster open zoals normaal maar er is geen enkel component actief en daarom kan ik ook AVG niet tijdelijk uitschakelen. Ik heb wel 1 antivirusprogje kunnen laten draaien vanop mijn USB-stick en dat is ClamWin een open source code antivirus die een vriend mij aanraadde. Dit is nu aan het lopen en als dit gedaan is laat ik weten wat hij gevonden heeft en of het mogelijk is om een logje te posten. Ik heb wel ondervonden dat er meer en meer aplicaties uitvallen, soms gaat het startmenu niet meer en nu kan ik geen enkele snelkoppeling van het bureaublad meer openen.

Hetzelfde, hij begint te scannen en sluit af voor je iets anders kunt doen. Het is mij ook opgevallen dat ik meer en meer applicaties niet meer kan openen.

Scant en sluit direct af zonder dat ik een logje kan maken. Sorry

Sorry, no can do. PC zegt geen toegang te krijgen tot het opstartbestand,maar alles is juist ingevuld.

Wil niet lukken, hij start de eerste maal goed op, scant alles, maar na de scan sluit HijackThis af en kan ik het niet meer opstarten. Heb je nog een alternatief aub.

Deze week heb ik een betalende antivirus gekocht ipv een gratis te gebruiken, maar geloof het of niet ik zit met een virus voor ik avg er kunnen afsmijten heb. Geen enkele anti-virus die ik er probeer op te zetten om mij voorlopig te helpen draait. Alles loopt vast. Ik heb al geprobeerd om met AVG removal tool de gratis versie te verwijderen enzo dan de aangekochte erop te zetten, maar niets lukt. Kan ik een gratis anti-virus op een usb-stick zetten en zo mijn pc laten scannen of gaat dit niet. Ik zoek dus hulp via deze weg. Dank u wel

Oké, bedankt

Ik heb alles gedaan zoals gezegd en het werkt beter, bedankt.

Heb alles gedaan zoals je vroeg maar wist niet hoe ik html moest bijvoegen daarom heb ik er een pdf van gemaakt. [ATTACH]10822[/ATTACH]Sorry Starter.pdf

Ik heb nu een paar keer opgestart en alles ziet er al veel beter uit. Toch duurt het nog langer om op te starten en af te sluiten. Is er nog een manier om betere prestaties uit mijn pc te krijgen want als ik met mijn CAD-programma werk stopt hij soms om 30sec. later weer verder te doen en vroeger had ik dit niet en wat moet ik doen met Hijack, Mbam en Combofix, moet ik dit wissen of mag dat blijven staan. Om Combofix zijn werk te laten doen heb ik AVG 9 moeten deïnstalleren, mag ik deze terug installeren of heb je een beter alternatief?

ComboFix 11-05-14.01 - Administrator 15/05/2011 13:54:05.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.664 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Mijn documenten\Downloads\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\windows\AutoRun.ini D:\Autorun.inf . . \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))) . . 2011-05-15 09:15 . 2011-05-15 11:52 118784 ----a-w- c:\windows\system32\chg.exe 2011-05-12 20:00 . 2011-05-12 20:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2011-05-12 19:59 . 2011-05-12 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-12 19:59 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-12 19:59 . 2011-05-12 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-12 19:59 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-11 21:03 . 2011-05-11 21:03 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-11 21:03 . 2011-05-11 21:03 -------- d-----w- c:\program files\Trend Micro 2011-05-03 18:36 . 2011-05-03 18:36 -------- d-----w- c:\program files\GOG.com 2011-04-29 20:08 . 2011-05-11 21:09 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend 2011-04-29 17:14 . 1998-02-06 20:36 302592 ----a-w- c:\windows\unin0413.exe 2011-04-29 15:59 . 2011-04-29 16:41 -------- d-----w- c:\program files\Dynamische Symbolen WTB v1.0 2011-04-28 17:59 . 2011-04-29 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic 2011-04-28 17:57 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm 2011-04-28 17:57 . 2011-04-28 17:57 -------- d-----w- c:\program files\XP Codec Pack 2011-04-28 17:54 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll 2011-04-28 17:54 . 2011-04-28 17:55 -------- d-----w- c:\program files\K-Lite Codec Pack 2011-04-28 17:49 . 2010-03-17 20:53 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-04-28 17:49 . 2010-03-17 20:53 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-04-28 17:49 . 2010-03-17 20:53 180224 ----a-w- c:\windows\system32\QTCF.dll 2011-04-28 17:49 . 2011-04-28 17:49 -------- d-----w- c:\program files\QuickTime Alternative 2011-04-28 17:46 . 2011-04-28 17:46 -------- d-----w- c:\program files\Real Alternative . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2004-08-04 08:03 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:36 . 2004-08-04 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2004-08-04 07:56 1858048 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:07 . 2004-08-04 08:03 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 23:07 . 2004-08-04 08:03 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:07 . 2004-08-04 08:03 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 11:43 . 2004-08-04 07:55 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2004-08-04 06:15 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-04 06:14 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56 . 2004-08-04 08:01 290432 ----a-w- c:\windows\system32\atmfd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-06-10 11:29 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-25 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-25 114688] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-25 94208] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-09-21 127036] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-11-17 106496] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programma's^Opstarten^Sonic INSTALLit! Setup.lnk] path=c:\documents and settings\Administrator\Menu Start\Programma's\Opstarten\Sonic INSTALLit! Setup.lnk backup=c:\windows\pss\Sonic INSTALLit! Setup.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaPCInternetAccess . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2006-10-22 22:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2008-06-10 11:29 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2008-06-24 15:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2008-06-08 08:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-06-19 08:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] 2010-11-30 20:18 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2008-06-10 11:29 2049320 ----a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:RealVNC "56684:TCP"= 56684:TCP:Pando Media Booster "56684:UDP"= 56684:UDP:Pando Media Booster . R2 KeyP;KeyP;c:\windows\system32\drivers\KEYP.SYS [24/11/2009 20:47 19456] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [10/06/2008 13:29 53032] R3 ovt530;Webcam Deluxe;c:\windows\system32\drivers\ov530vid.sys [12/11/2009 20:27 161792] S1 DK12DRV;DK12 WindowsNT Driver;c:\windows\system32\DRIVERS\DK12DRV.SYS --> c:\windows\system32\DRIVERS\DK12DRV.SYS [?] S2 DK2DRV;DK2 WindowsNT Driver;\??\c:\windows\system32\Drivers\DK2DRV.SYS --> c:\windows\system32\Drivers\DK2DRV.SYS [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 21:58 136176] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/06/2010 21:58 136176] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - GTNDIS5 . Inhoud van de 'Gedeelde Taken' map . 2011-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 19:57] . 2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-15 19:57] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: bnpparibasfortis.be\www Trusted Zone: dexia.be\directnet Trusted Zone: google.be\www Trusted Zone: google.com\earth DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB . . ------- Bestandsassociaties ------- . .scr=AutoCADScriptFile . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe MSConfigStartUp-PDF Complete - c:\program files\PDF Complete\pdfsty.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-05-15 14:00 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,91,f3,ef,6b,ef,23,4d,8f,eb,74,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,91,f3,ef,6b,ef,23,4d,8f,eb,74,\ . [HKEY_USERS\S-1-5-21-1532317299-4141702635-3741651046-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,77,ca,57,0c,7b,65,46,90,1f,65,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,14,71,e1,eb,1a,d3,48,90,c6,bd,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(888) c:\windows\system32\GTGina.dll . Voltooingstijd: 2011-05-15 14:02:31 ComboFix-quarantined-files.txt 2011-05-15 12:02 . Pre-Run: 64.314.859.520 bytes beschikbaar Post-Run: 64.434.581.504 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - CA5FFAC11B692BBD0383BBCC7BB545A8

MBAM Log voor de herstellingen Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 6563 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/05/2011 22:09:07 mbam-log-2011-05-12 (22-09-07).txt Scantype: Snelle scan Objecten gescand: 152487 Verstreken tijd: 7 minuut/minuten, 26 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 5 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 6 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{A9722A0D-365F-47D2-B70B-37D046316D99} (Adware.EZlife) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\documents and settings\administrator\application data\ezLife (Adware.EzLife) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\smart-ads-solutions (Adware.SmartAds) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\smart-ads-solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. c:\program files\smart-ads-solutions (Adware.SmartAds) -> Quarantined and deleted successfully. c:\program files\smart-ads-solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully. c:\program files\smart-ads-solutions\SmartAds\1.1.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\program files\smart-ads-solutions\SmartAds\1.1.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully. MBAM Log na de herstellingen Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 6563 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/05/2011 22:23:33 mbam-log-2011-05-12 (22-23-33).txt Scantype: Snelle scan Objecten gescand: 152508 Verstreken tijd: 5 minuut/minuten, 4 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) HijackThis log na herstelling Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:29:22, on 12/05/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\WINDOWS\SMINST\Scheduler.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP® - Laptops, Desktops, Printers, Servers and more R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-1532317299-4141702635-3741651046-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - Windows Live OneCare O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/O2CPlayer.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -- End of file - 11923 bytes

Hier is het logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:09:36, on 11/05/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\SMINST\Scheduler.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b02e53bd000000000000001a70351b31&tlver=1.4.19.19&affID=17162 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP® - Laptops, Desktops, Printers, Servers and more R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: SmartAds browser enhancer lzeupcdk - {518EAF5F-EBA5-4A12-A294-A85CB9401FE4} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: ezLife browser enhancer scpfaggq - {BD839C5D-B1AB-48BC-AB83-4E513002F9DE} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-1532317299-4141702635-3741651046-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - Windows Live OneCare O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/O2CPlayer.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -- End of file - 12322 bytes

[ATTACH]10699[/ATTACH]Ik doe dit regelmatig, en er komt niets speciaal op. Sedert maandag heb ik een bijkomend probleem, mijn google chrome valt na 5 seconden uit en er komt een melding op mijn bureaublad. Dit heb ik in een word document geplakt, kijk ook naar mijn start-werkbalk, die verandert na een paar minuten naar een oudere versie. Ik denk met een virus te zitten maar AVG vind niets. Doc1.doc

Veiligheidsmodus heb ik nog niet geprobeerd omdat ik niet weet wat ik moet oplossen. De pc is een HP Compacq dx 2300 rM/E2160/160hnmq/1.0L/4f, 1.80Ghz, 1.0GB RAM, Intel 946GZ Express Chipset Family met Windows XP Professional SP3. Ik heb er de laatste maanden niets van software opgezet.

Ik heb dit al een maand of 5. Heb al systeemherstel geprobeerd, maar hielp niet

Regelmatig als ik de PC opstart gebeurt het dat hij blijft hangen bij de achtergrond van het bureaublad. Met Crtl+Alt Gr en Delete kan ik hem opnieuw doen opstarten, maar soms moet ik dit een paar keer doen vooraleer hij wel volledig opstart. Heeft iemand een oplossing voor dit probleem. Dank u

Sorry, had er niet aan gedacht. maar ondertussen zit ik wel met de gebakken peren en kan ik niets meer gebruiken. Ik ben er blijkbaar aan voor de moeite, toch bedankt voor de moeite.

Ik gebruik al enige tijd een Sandisk Cruzer 4 Gb die beveiligd is met een paswoord. Echter nu kan ik er niet meer in, ik ben zeker dat ik mijn paswoord juist invul. Het enigste wat ik nog kan doen is alles formateren en opnieuw beginnen. Is er een manier om in mijn stick te hacken zodat ik alles kan recupereren. Er staat werk op van 3 jaar en ik heb geen goesting om opnieuw te beginnen. Bedankt voor de tips.