Foutmelding : idlist,0:1440/documents

[Shylock]

Hallo,

Nadat ik mijn pc heb opgestart en het bureaublad verschijnt kan ik hier alles gebruiken behalve de mappen en de windows verkenner. Internet Explorer werkt probleemloos.

Als ik een map of de verkenner wil openen verdwijnt mijn bureaublad, dit krijg ik terug door ctrl alt delete -> nieuwe taak -> bureaublad.

Dan komt de bovenstaande foutmelding op het scherm waarvan de cijfers telkens verschillen.

Kent iemand dit probleem?

Alvast bedankt

[PSolutions]

download HijackThis een hier Spyware en laat deze eens scannen en post de log hier eens terug

[Shylock]

Hier is alvast de hijackthislog...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:34:12, on 5/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TPSrv.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsCtrls.EXE

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

c:\program files\panda software\panda titanium antivirus 2005\firewall\PSHOST.EXE

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\psimsvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\System32\sistray.EXE

C:\Program Files\RALINK\Common\RaUI.exe

c:\program files\panda software\panda titanium antivirus 2005\WebProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - :C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - :C:\Program Files\Windows Desktop Search\dsWebAllow.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - :C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - :C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [NeroFilterCheck] :C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] :"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] :"C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [PWRISOVM.EXE] :C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\RunServices: [TPSRV9x] :"C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TPSrv.exe"

O4 - HKCU\..\Run: [MSMSGS] :"C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-21-583907252-776561741-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Kenny')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe

O4 - Global Startup: ~Disabled

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2396F475-3C4C-4028-AD17-FAF37352EE82} (Activex Control) - http://www.poolgameonline.com/loadgame_et.cab

O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146247993046

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146248340171

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_35.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsCtrls.EXE

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda titanium antivirus 2005\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\psimsvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TPSrv.exe

--

End of file - 8727 bytes

[kape]

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - :C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - :C:\Program Files\Windows Desktop Search\dsWebAllow.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - :C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - :C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O4 - Global Startup: ~Disabled

O16 - DPF: {2396F475-3C4C-4028-AD17-FAF37352EE82} (Activex Control) - http://www.poolgameonline.com/loadgame_et.cab

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

Klik op 'Fix checked' om de items te verwijderen.

Download ATF cleaner

Dubbelklik op ATF cleaner om het programma te starten.

Op het tabblad "Main", plaats je een vinkje bij Select All.

Klik op de knop Empty Selected.

[Shylock]

Geen verandering, heb ook nog combofix gebruikt en als ik nu een map wil openen verdwijnt het bureaublad even en wordt daarna automatisch teruggezet dus er is wel iets verandert maar het helpt niet veel.

Misschien nog goed om te weten, de problemen zijn begonnen na het gebruik van de volgende cleaning en optimalisatie tools.

EasyCleaner 2.0.6

Macecraft Software jv 16 Power Tools 2007 1.7.0

RegSeeker 1.55

Regtick 0.23

X-Setup Pro 9.0

Mvg

Michel

[kape]

Hang dat logje van Combofix eens aan je volgende bericht. Kunnen we eens meekijken.

En 2 vraagjes : heb je PartyPoker bewust op je PC gezet ? En gebruik je dit ?

[Shylock]

Party Poker staat er al een jaartje op, is een online pokergame.

Kan hier niet echt iets mee te maken hebben denk ik.

Hierbij de combofix log

ComboFix 08-03-07.4 - Michel 2008-03-12 15:06:14.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.133 [GMT 1:00]

Gestart vanuit: C:\Documents and Settings\Michel\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))

.

2008-03-12 13:15 . 2008-03-12 13:15 3,913,108 --a------ C:\e713e788547d38eef5ef6dda37f274e8KRN_DATA

2008-03-05 16:45 . 2008-03-12 13:49 <DIR> dr-h----- C:\Documents and Settings\Michel\Onlangs geopend

2008-03-05 15:33 . 2008-03-05 15:33 <DIR> d-------- C:\Program Files\Trend Micro

2008-03-04 11:03 . 2008-03-04 11:03 <DIR> d-------- C:\Program Files\Xvid

2008-03-04 11:03 . 2008-03-04 11:03 <DIR> d-------- C:\Program Files\PartyGaming.Net

2008-03-04 11:03 . 2008-03-04 11:03 <DIR> d-------- C:\Program Files\Full Tilt Poker

2008-03-04 11:03 . 2008-03-04 11:03 <DIR> d-------- C:\Program Files\Free DVD MP3 Ripper

2008-03-04 11:03 . 2008-03-04 11:03 <DIR> d-------- C:\Program Files\Cool MP3 Splitter

2008-03-04 11:03 . 2008-03-04 11:03 <DIR> d-------- C:\Program Files\Common Files\Acronis

2008-03-04 11:03 . 2008-03-04 11:03 <DIR> d-------- C:\Program Files\3D MP3 Sound Recorder G2

2008-03-03 17:10 . 2008-03-03 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze

2008-03-03 16:13 . 2008-03-03 16:13 <DIR> d-------- C:\Program Files\Ashampoo

2008-03-03 16:13 . 2005-09-06 13:14 15,392 --a------ C:\WINDOWS\system32\pwrupic.icl

2008-03-03 15:12 . 2008-03-03 15:12 <DIR> d-------- C:\Program Files\ToniArts

2008-03-03 15:01 . 2008-03-03 15:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-03 15:01 . 2008-03-03 15:01 1,409 --a------ C:\WINDOWS\QTFont.for

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-12 13:18 140,888 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2008-03-12 13:18 140,888 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-03-12 13:18 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2008-03-12 13:18 1,204 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2008-03-03 14:12 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-01 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-02-02 19:29 --------- d-----w C:\Documents and Settings\Michel\Application Data\uTorrent

2008-02-02 19:29 --------- d-----w C:\Documents and Settings\Michel\Application Data\Azureus

2008-02-02 19:29 --------- d-----w C:\Documents and Settings\Kenny\Application Data\LimeWire

2008-02-02 19:11 --------- d-----w C:\Documents and Settings\Michel\Application Data\Franckey

2008-02-02 19:09 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner

2008-01-19 14:54 --------- d-----w C:\Documents and Settings\Michel\Application Data\Gamelab

2007-02-15 16:22 774,144 ----a-w C:\Program Files\RngInterstitial.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]

@={E4000AC4-5E5F-4956-807A-C5854405D64F}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=":C:\Program Files\Messenger\msmsgs.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"APVXDWIN"="C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.exe" [2007-09-21 10:33 329264]

"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 10:40 28672]

"SunJavaUpdateSched"=":C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]

"SiS Tray"="C:\WINDOWS\System32\sistray.EXE" [2002-11-17 09:36 303104]

"QuickTime Task"=":C:\Program Files\QuickTime\qttask.exe" [ ]

"PWRISOVM.EXE"=":C:\Program Files\PowerISO\PWRISOVM.EXE" [ ]

"NeroFilterCheck"=":C:\WINDOWS\system32\NeroCheck.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"TPSRV9x"=":C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\TPSrv.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-07-13 00:30:59 618496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-09-21 10:33 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"E:\\Limewire\\LimeWire.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\msncall.exe"=

"C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=

R1 APPFLT;App Filter Plugin;C:\WINDOWS\System32\Drivers\APPFLT.SYS [2007-09-21 10:33]

R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\System32\Drivers\DSAFLT.SYS [2007-09-21 10:33]

R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\System32\Drivers\fnetmon.SYS [2007-09-21 10:33]

R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\System32\Drivers\IDSFLT.SYS [2007-09-21 10:33]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\System32\Drivers\NETFLTDI.SYS [2007-09-21 10:33]

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-02 20:43]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-10-24 13:03]

R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\System32\Drivers\SMSFLT.SYS [2007-09-21 10:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\System32\Drivers\WNMFLT.SYS [2007-09-21 10:33]

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\drivers\cpoint.sys [2007-09-21 10:33]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-10-24 13:03]

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-10-24 13:03]

R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

.

Inhoud van de 'Gedeelde Taken' map

"2008-03-12 13:22:09 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-12 15:12:51

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scannen van verborgen processen ...

scannen van verborgen autostart items ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(??????w???w???????w ??w???[:???????d???r??[1??[???[d??????[?-?[???????w8h?[\2?[?1?[htinst.INI?[?u?[????d????????G?

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-03-12 15:15:30

ComboFix2.txt 2008-03-12 12:47:56

ComboFix3.txt 2008-03-08 15:07:11

ComboFix4.txt 2008-03-08 14:24:13

.

2008-02-13 15:33:29 --- E O F ---

[kape]

Verwijder volgende vetgedrukt bestand :

C:\WINDOWS\system32\pwrupic.icl

en kijk eens in deze map of daar iets zinvols in zit:

C:\e713e788547d38eef5ef6dda37f274e8KRN_DATA

anders mag je die ook deleten.

Probleem met die pokerprogramma's (Partygaming Party Poker en je hebt blijkbaar ook nog Full Tllt Poker) en natuurlijk ook met sommige P2P's die je ook hebt) is dat die vaak malware binnenlepelen op je PC.

[Shylock]

Probleem is dat ik in geen enkele map binnengeraak.

Is er een andere manier om deze files te verwijderen?

Volgens mij is het probleem nog steeds het cleanen en optimizen van mijn pc geweest.

Waarschijnlijk een bestand teveel verwijderd.

[aarondk1]

Als je de mappen niet verwijderd krijgt kan je best dit tooltje downloaden...

Je download het op je bureaublad, vervolgens dubbelklik je op killbox.exe.

Het programma opent zich...

Dan typ je in het vak dit: C:\WINDOWS\system32\pwrupic.icl

C:\e713e788547d38eef5ef6dda37f274e8KRN_DATA

Dan druk je op het rood kruis en de bestanden worden verwijderd..

Als er nog lopend procesen zijn dan worden die automatisch afgesloten....

Grtz