Sinds vandaag heb ik het probleem op onderstaande afbeelding.
Het doet zich bij me voor op de Minatica website :damn:, en gooit regelmatig ongevraagde reclame open.
Ik heb Adaware 2007 zojuist een scan laten uitvoeren, en heb alle gevonden malware verwijderd. Probleem blijft echter hetzelfde.

http://img156.imageshack.us/img156/9296/probleempjeng5.jpg

Hebben jullie hier een nieuwe sponsor in huis gehaald, of heb ik hier malware binnengekregen.

Dringende interventie gevraagd :bow:

Hieronder alvast een Hijackthis-logje

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:34, on 28/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\TomTom HOME 2\HOMERunner.exe
D:\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BM8b674013] Rundll32.exe "C:\WINDOWS\system32\gvhnudcd.dll",s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACB013C-021D-4476-85BC-ABD19092C6F3}: NameServer = 212.71.8.10 212.71.0.33
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 7490 bytes

Hoi,

je hebt de vundo infectie te pakken!!

Download MBAM (Malwarebytes' Anti-Malware) via hier (http://www.besttechie.net/tools/mbam-setup.exe) of hier (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html).
Dubbelklik op mbam-setup.exe om het programma te installeren.
Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

* Bezoek volgende pagina met de instructies voor het downloaden en gebruiken van Combofix.

http://www.bleepingcomputer.com/combofix/n...ruikt-te-worden (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden)

Voer dus de instructies op die pagina uit, dus inclusief het installeren van de XP Recovery Console.
(Indien je geen XP hebt, mag je deze stap ivm de Recovery Console overslaan)

Daarna post je de log van Combofix in je volgende post samen met de log van MBAM.

Hoi Rosty.
Bedankt voor de bereidwillige hulp.

Ik heb zojuist al het voorgestelde uitgevoerd.
Hieronder vind je de drie Logjes terug (Mbam- Combofix- & HijackThis)

MBAM-Logje:

Malwarebytes' Anti-Malware 1.09
Database versie: 567
Scan type: Snelle Scan
Objecten gescand: 32230
Verstreken tijd: 3 minute(s), 16 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 2
Registersleutels geïnfecteerd: 7
Registerwaarden geïnfecteerd: 2
Registerdata bestanden geïnfecteerd: 1
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 5
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
C:\WINDOWS\system32\cbXPHyWQ.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\fccbXpop.dll (Trojan.Vundo) -> Unloaded module successfully.
Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0d28735b-8570-4f1e-820c-d8b55d62a061} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0d28735b-8570-4f1e-820c-d8b55d62a061} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbxpop (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BM8b674013 (Trojan.Agent) -> Quarantined and deleted successfully.
Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxphywq.dll -> Quarantined and deleted successfully.
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
C:\WINDOWS\system32\cbXPHyWQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\QWyHPXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\QWyHPXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbXpop.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uyefxshh.dll (Trojan.Agent) -> Delete on reboot.


ComboFix-Logje:

ComboFix 08-03-29.1 - Frakke 2008-03-29 21:54:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.625 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Frakke\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM8b674013.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gvhnudcd.dll
C:\WINDOWS\system32\whpfnxjf.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))
.
2008-03-29 21:22 . 2008-03-29 21:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 21:22 . 2008-03-29 21:22 <DIR> d-------- C:\Documents and Settings\Frakke\Application Data\Malwarebytes
2008-03-29 21:22 . 2008-03-29 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-28 23:14 . 2008-03-28 23:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 22:26 . 2008-03-29 21:30 <DIR> dr-h----- C:\Documents and Settings\Frakke\Onlangs geopend
2008-03-28 17:36 . 2008-03-28 17:37 <DIR> d-------- C:\Program Files\ConcOrdinateur
2008-03-27 17:42 . 2008-03-27 17:42 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-26 11:11 . 2008-03-28 21:33 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-26 11:11 . 2008-03-26 11:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-26 11:11 . 2008-03-28 21:33 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-26 11:00 . 2008-03-26 11:00 <DIR> d-------- C:\Documents and Settings\Frakke Jr\Application Data\InstallShield
2008-03-23 16:16 . 2008-03-23 16:16 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Ahead
2008-03-23 13:48 . 2008-03-23 13:48 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\Apple Computer
2008-03-22 19:05 . 2008-03-22 19:05 <DIR> d-------- C:\PSFONTS
2008-03-19 21:52 . 2008-03-19 21:52 <DIR> d-------- C:\Documents and Settings\Frakke\CINEMA 4D
2008-03-19 21:51 . 2008-03-19 21:51 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-03-19 21:51 . 2008-03-19 21:51 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-03-19 21:51 . 2008-03-19 21:51 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-03-19 21:51 . 2007-09-07 14:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-03-19 21:51 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-03-19 21:51 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-03-19 21:51 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-03-19 21:35 . 2008-03-19 21:35 <DIR> d-------- C:\Program Files\iPod
2008-03-19 21:35 . 2008-03-19 21:35 <DIR> d-------- C:\Documents and Settings\Frakke\Application Data\Apple Computer
2008-03-19 21:35 . 2008-03-29 21:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-19 21:35 . 2008-03-19 21:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-19 21:34 . 2008-03-19 21:34 <DIR> d-------- C:\Program Files\QuickTime
2008-03-19 21:34 . 2008-03-19 21:35 <DIR> d-------- C:\Program Files\iTunes
2008-03-19 21:34 . 2008-03-19 21:34 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-19 21:34 . 2008-03-19 21:34 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-19 21:34 . 2008-03-19 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-19 21:34 . 2008-03-19 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-19 13:40 . 2008-03-19 13:40 <DIR> d-------- C:\Documents and Settings\Sarah\Nieuwe map
2008-03-15 10:11 . 2008-03-15 10:11 <DIR> d-------- C:\Program Files\ROUTE66
2008-03-14 21:11 . 2008-03-14 21:11 <DIR> d-------- C:\Documents and Settings\Frakke Jr\Application Data\Winamp
2008-03-06 19:19 . 2008-03-06 19:19 305 --a------ C:\WINDOWS\game.ini
2008-03-06 19:04 . 2008-03-06 19:04 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-05 21:20 . 2008-03-05 21:20 <DIR> d-------- C:\Documents and Settings\Frakke Jr\Application Data\Atari
2008-03-05 21:18 . 2008-03-05 21:18 <DIR> d-------- C:\Documents and Settings\Frakke Jr\Application Data\Leadertech
2008-03-05 21:17 . 2008-03-05 21:17 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-03-05 21:17 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-03-05 20:55 . 2008-03-05 20:55 632 --a------ C:\WINDOWS\CoD.INI
2008-03-02 15:18 . 2008-03-02 15:18 <DIR> d-------- C:\Documents and Settings\Sarah\Incomplete
2008-03-02 15:17 . 2008-03-29 19:58 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\LimeWire
2008-03-01 21:10 . 2008-03-29 21:01 <DIR> d-------- C:\temp
2008-03-01 21:10 . 2008-03-01 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs
2008-03-01 19:44 . 2008-03-09 13:09 12,094 --a------ C:\WINDOWS\EPISMD00.SWB
2008-03-01 16:25 . 2008-03-14 21:09 <DIR> d-------- C:\Documents and Settings\Frakke Jr\Application Data\AVG7
2008-03-01 11:36 . 2008-03-29 18:53 <DIR> d-------- C:\Documents and Settings\Sarah\Application Data\AVG7
2008-02-29 18:52 . 2008-02-29 18:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-29 18:52 . 2008-03-23 15:16 <DIR> d-------- C:\Documents and Settings\Frakke\Application Data\AVG7
2008-02-29 18:52 . 2008-02-29 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-29 18:52 . 2008-03-01 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-29 18:52 . 2008-02-29 18:52 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-29 18:47 . 2008-02-29 18:47 <DIR> d-------- C:\Program Files\Alcatel
2008-02-29 18:47 . 2001-10-03 10:09 589,776 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-02-29 18:47 . 2001-10-03 10:10 53,920 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-02-29 18:47 . 2001-10-03 10:10 5,600 --a------ C:\WINDOWS\system32\stci.dll
2008-02-29 18:47 . 2001-10-03 10:09 5,440 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-02-29 18:47 . 2001-10-03 10:09 4,000 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-27 22:04 --------- d-----w C:\Program Files\Java
2008-03-27 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 21:31 --------- d-----w C:\Documents and Settings\Frakke\Application Data\Vso
2008-03-22 18:30 --------- d-----w C:\Documents and Settings\Frakke\Application Data\LimeWire
2008-03-07 21:17 --------- d-----w C:\Documents and Settings\Sarah\Application Data\Winamp
2008-02-29 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-02-26 21:24 --------- d-----w C:\Program Files\IZArc
2008-02-23 12:07 --------- d-----w C:\Program Files\InterActual
2008-02-23 12:07 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-23 11:58 --------- d-----w C:\Documents and Settings\Frakke\Application Data\Ahead
2008-02-23 11:56 --------- d-----w C:\Documents and Settings\Frakke\Application Data\Winamp
2008-02-20 21:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-20 20:59 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-20 20:58 --------- d-----w C:\Program Files\MSBuild
2008-02-20 20:56 --------- d-----w C:\Program Files\Reference Assemblies
2008-02-20 20:55 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-20 05:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-18 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-02-18 19:21 --------- d-----w C:\Documents and Settings\Frakke\Application Data\TomTom
2008-02-18 18:19 --------- d-----w C:\Program Files\F-Secure
2008-02-17 20:03 --------- d-----w C:\Documents and Settings\Frakke Jr\Application Data\Media Player Classic
2008-02-17 20:03 --------- d-----w C:\Documents and Settings\Frakke Jr\Application Data\DivX
2008-02-17 12:07 --------- d-----w C:\Documents and Settings\Frakke\Application Data\InstallShield
2008-02-17 10:50 --------- d-----w C:\Documents and Settings\Sarah\Application Data\Media Player Classic
2008-02-17 10:50 --------- d-----w C:\Documents and Settings\Sarah\Application Data\DivX
2008-02-16 20:23 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-16 18:55 --------- d-----w C:\Program Files\Google
2008-02-16 18:36 --------- d-----w C:\Program Files\EPSON
2008-02-16 18:26 --------- d-----w C:\Program Files\Windows Live
2008-02-16 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-16 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2008-02-16 17:00 --------- d-----w C:\Documents and Settings\Frakke\Application Data\Media Player Classic
2008-02-16 16:55 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-16 16:54 --------- d-----w C:\Program Files\Microsoft Works
2008-02-16 16:46 --------- d-----w C:\Documents and Settings\Frakke\Application Data\InterVideo
2008-02-16 16:44 --------- d-----w C:\Program Files\Creative
2008-02-16 16:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-16 16:41 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-16 16:41 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-16 16:21 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2008-02-16 16:08 --------- d-----w C:\Program Files\Common Files\Java
2008-02-16 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-16 15:46 87,608 ----a-w C:\Documents and Settings\Frakke\Application Data\inst.exe
2008-02-16 15:46 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-16 15:46 47,360 ----a-w C:\Documents and Settings\Frakke\Application Data\pcouffin.sys
2008-02-16 15:46 --------- d-----w C:\Program Files\vso
2008-02-16 15:44 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2008-02-16 15:37 --------- d-----w C:\Program Files\Nero
2008-02-16 15:37 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-16 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-16 15:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-16 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 15:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 13:20 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-02-16 13:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-16 13:16 --------- d-----w C:\Documents and Settings\Frakke\Application Data\F-Secure
2008-02-16 12:49 --------- d-----w C:\Program Files\ASUSTeK
2008-02-16 12:44 --------- d-----w C:\Program Files\AMD
2008-02-16 12:43 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-02-16 12:43 --------- d-----w C:\Program Files\Realtek AC97
2008-02-16 12:43 --------- d-----w C:\Program Files\AvRack
2008-02-16 12:41 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-02-16 12:32 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-02-20 19:27 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19 5728112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"TomTomHOME.exe"="D:\TomTom HOME 2\HOMERunner.exe" [2008-01-29 12:20 361832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"EPSON Stylus D68 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AE.exe" [2005-01-25 05:00 98304]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2001-10-03 10:09 4247552]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-29 18:52 579072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-29 18:52 219136]
C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
InterVideo WinCinema Manager.lnk - D:\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-02-16 17:44:07 278528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
D:\TomTom HOME\TomTomHOME.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\TrackMania Sunrise\\TmSunrise.exe"=
"D:\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"F:\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"F:\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"D:\\LimeWire\\LimeWire.exe"=
"F:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{62e73c43-dd4e-11dc-8c50-001731b46294}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 21:56:49
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
D:\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Voltooingstijd: 2008-03-29 21:58:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 20:58:06
Pre-Run: 39,611,965,440 bytes beschikbaar
Post-Run: 39,571,050,496 bytes beschikbaar
.
2008-03-20 20:35:22 --- E O F ---


HijackThis Logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:08, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AE.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\TomTom HOME 2\HOMERunner.exe
D:\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 7817 bytes

Hoi,

dat ziet er goed uit.(y)
Hoe werkt alles nu?

Hoi,

dat ziet er goed uit.(y)
Hoe werkt alles nu?

Ik ondervind momenteel geen problemen meer :good:.

Enorm bedankt

Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.

Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak Combofix /U klik op OK of toets Enter.

http://hicheckthis.gethost.nl/images/Uninstall_combofix.JPG

Dit zal Combofix verwijderen+gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.

Groet,

Rosty.

OK, uitgevoerd ;).

Rosty,, many many thanks :bow: :bow:.

(Ik zal u wel eens een "extra" tip geven in de IQ-Kriebels hé ;))

Graag gedaan hoor. Aangezien dit opgelost is gaat er een slotje op. Wil je het terug geopend stuur dan iemand van het team of mij een PM met de link van dit topic.