joyouri

@kape nee alles is weer in orde ik zal nu dit topic als opgelost doen Bedankt voor de moeite. Grtz Youri

Bedankt voor de reacties. Hier mijn logje: ComboFix 12-06-25.05 - youri 26-06-2012 12:02:23.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.3327.1963 [GMT 2:00] Gestart vanuit: c:\users\youri\Downloads\ComboFix.exe AV: Norman Security Suite *Disabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661} SP: Norman Security Suite *Disabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\windows c:\programdata\windows\dumd.dat c:\programdata\Windows\wsse.dll c:\programdata\Windows\xdor.dat c:\users\youri\AppData\Local\assembly\tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))) . . 2012-06-26 10:10 . 2012-06-26 10:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-26 10:10 . 2012-06-26 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-26 10:09 . 2012-06-26 10:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E515B695-843A-4285-B045-8F1F6A219744}\offreg.dll 2012-06-25 17:51 . 2012-06-25 17:51 388096 ----a-r- c:\users\youri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-25 17:51 . 2012-06-25 17:51 -------- d-----w- c:\program files\Trend Micro 2012-06-25 17:07 . 2012-06-25 17:07 -------- d-----w- c:\users\youri\AppData\Roaming\Malwarebytes 2012-06-25 17:06 . 2012-06-25 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-25 17:06 . 2012-06-25 17:06 -------- d-----w- c:\programdata\Malwarebytes 2012-06-25 17:06 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-23 01:46 . 2012-06-23 01:46 -------- d-----w- c:\program files\Futuremark 2012-06-23 01:24 . 2012-06-23 01:24 -------- d-----w- c:\users\youri\AppData\Roaming\Ubisoft 2012-06-23 01:24 . 2012-06-23 01:24 -------- d-----w- c:\programdata\Ubisoft 2012-06-22 16:09 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E515B695-843A-4285-B045-8F1F6A219744}\mpengine.dll 2012-06-21 18:05 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 18:05 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 18:05 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 18:05 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 18:05 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 18:05 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 18:05 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 18:05 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 18:05 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 16:29 . 2012-06-25 17:07 -------- d-----w- c:\users\youri\AppData\Roaming\Xfire 2012-06-20 16:29 . 2012-06-20 16:33 -------- d-----w- c:\programdata\Xfire 2012-06-20 15:02 . 2012-06-20 15:02 -------- d-----w- C:\Riot Games 2012-06-20 15:00 . 2012-06-20 15:00 -------- d-----w- c:\users\youri\AppData\Local\Macromedia 2012-06-20 13:29 . 2012-06-20 13:30 -------- d-----w- c:\users\youri\AppData\Roaming\.minecraft 2012-06-18 10:19 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-18 10:19 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-18 10:19 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-18 10:19 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-18 10:19 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-18 10:19 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-18 10:19 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-18 10:19 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-18 10:19 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-18 10:19 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-16 00:17 . 2012-06-16 00:17 42432 ----a-w- c:\windows\system32\xfcodec.dll 2012-06-05 14:44 . 2012-04-18 17:08 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-06-05 14:44 . 2012-04-18 17:08 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-06-05 14:44 . 2012-05-15 10:26 883008 ----a-w- c:\windows\system32\nvgenco32.dll 2012-06-05 14:44 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-06-05 14:44 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-06-05 14:44 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-06-05 14:44 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-06-05 14:44 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-06-05 14:44 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-06-05 14:44 . 2012-05-15 10:26 1000768 ----a-w- c:\windows\system32\nvdispco32.dll 2012-06-04 20:16 . 2012-06-04 20:16 -------- d-----w- c:\users\youri\AppData\Roaming\TeamViewer 2012-05-31 13:48 . 2012-05-21 14:21 49128 ----a-w- c:\windows\system32\drivers\nvcv32mf.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-25 13:47 . 2012-04-11 17:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-25 13:47 . 2011-10-14 17:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-22 16:47 . 2011-10-30 23:14 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-06-22 16:47 . 2011-10-30 23:39 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-06-22 16:47 . 2011-10-30 23:13 268952 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-06-09 13:43 . 2011-10-30 23:13 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0 2012-05-15 10:26 . 2011-10-14 12:22 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-05-15 10:26 . 2011-10-14 12:22 2368832 ----a-w- c:\windows\system32\nvapi.dll 2012-05-15 10:26 . 2010-08-08 21:33 61248 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:26 . 2010-08-08 21:33 15322432 ----a-w- c:\windows\system32\nvd3dum.dll 2012-05-15 09:28 . 2012-05-20 20:39 2561344 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-15 09:28 . 2012-05-20 20:39 62272 ----a-w- c:\windows\system32\nvshext.dll 2012-05-15 09:28 . 2010-08-08 21:07 645440 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-15 09:28 . 2010-08-08 21:07 108352 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-15 09:28 . 2010-08-08 21:07 3931456 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-15 09:27 . 2010-08-08 21:07 2759488 ----a-w- c:\windows\system32\nvsvc.dll 2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe 2012-04-18 17:08 . 2012-05-20 20:38 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2012-04-13 23:31 . 2012-04-13 23:31 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-03-31 04:39 . 2012-05-10 16:30 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-10 16:30 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23 . 2012-05-10 16:30 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-06-14 22:19 . 2012-06-25 19:56 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\Steam\steam.exe" [2011-10-14 1242448] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\youri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2012-1-8 0] Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-6-16 3553216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-14 136176] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 250056] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-05-14 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120] R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-10-05 564800] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1343400] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-13 242240] S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2011-07-12 26744] S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2011-11-11 91136] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2010-12-09 22880] S2 NHS;Norman Hash Server;c:\program files\Norman\Nvc\bin\nhs.exe [2012-05-10 793520] S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2011-11-14 231216] S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2011-09-30 90144] S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [2011-11-11 61496] S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2011-10-19 100936] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2011-03-08 288072] S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2012-05-21 49128] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2012-05-03 286760] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-04-18 148800] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2011-04-11 99312] . . Inhoud van de 'Gedeelde Taken' map . 2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 13:47] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-14 20:12] . 2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-14 20:12] . . ------- Bijkomende Scan ------- . IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 FF - ProfilePath - c:\users\youri\AppData\Roaming\Mozilla\Firefox\Profiles\fg7q8meq.default\ . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1885139299-1516118041-1528374305-1000\Software\SecuROM\License information*] "datasecu"=hex:a2,5b,14,4e,87,8f,7e,ee,60,93,d2,f4,f6,54,01,ad,d9,bf,f0,e9,56, 36,05,3a,40,8f,a1,d8,3d,a7,21,23,e2,23,94,28,1b,47,91,7f,57,06,56,55,10,27,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-06-26 12:17:47 ComboFix-quarantined-files.txt 2012-06-26 10:17 ComboFix2.txt 2011-05-27 15:35 . Pre-Run: 626.609.414.144 bytes beschikbaar Post-Run: 626.616.836.096 bytes beschikbaar . - - End Of File - - 638B42360A3112B4D40B6044C4682B37

Nou ook mijn ie blijft soms hangen :S maar met firefox (gebruik ik toch altijd) als ik dan hier bijvoorbeeld f5 druk om te kijken of er al een reactie is op mijn bericht dan zegt die: firefox reageert niet en dan moet ik een paar seconden wachten voordat die weer reageert. en dat altijd als ik de pagina vernieuw terwijl dit eerst niet zo was.

Beste mensen van pc-helpforum.be Ik denk dat mijn pc niet helemaal veilig meer is. als ik naar firefox ga sluit die in een keer af of zegt hij dat het programma firefox niet meer werkt. ook mijn andere browsers reageren raar :S ook heb ik verschillende waarschuwingen van mijn antivirus (norman) gekregen dit zijn ze: Bestandsnaam: Diagnose: Exception.dll Vundo.gen214.gen config.bin.vid conf.O Deze bestanden staan nu in de quarantaine btw. ik heb hier mijn hijackthis logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:59:51, on 25-6-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Norman\Npm\Bin\zlh.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Norman\Npm\Bin\nbrowser.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1885139299-1516118041-1528374305-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1885139299-1516118041-1528374305-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: CurseClientStartup.ccip O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\elogsvc.exe O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norman Hash Server (NHS) - Unknown owner - C:\Program Files\Norman\Nvc\bin\nhs.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 9049 bytes Ik hoop dat jullie mij kunnen helpen Grtz youri p.s ik heb ook meteen maar een scan full system scan gedaan met mbam hier is dat logje alvast: Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.06.25.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 youri :: YOURI-PC [administrator] 25-6-2012 19:07:24 mbam-log-2012-06-25 (19-07-24).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 316324 Verstreken tijd: 1 uur/uren, 15 minuut/minuten, 46 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) [TABLE=class: _c listgrid quarantine] [TR=class: row0 row1 even] [TD=class: col2][/TD] [TD=class: col3][/TD] [TD=class: hidden][/TD] [TD=class: hidden][/TD] [TD=class: hidden][/TD] [TD=class: col7][/TD] [/TR] [TR=class: row1 row2 odd] [TD=class: col0][/TD] [TD=class: col2][/TD] [TD=class: col3][/TD] [/TR] [/TABLE]

Oke ik heb alles gedaan, moet ik daarna het systeem herstel wel weer inschakelen? Grtz Youri En bedankt!

Sorry voor de late reactie. Hier het logje . ESETSmartInstaller@High as CAB hook log: OnlineScannerUninstaller.exe - copy file error :Toegang geweigerd. OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6522 # api_version=3.0.2 # EOSSerial=fc7de1db6baf944c8db3b11cac0894c6 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-06-01 07:28:00 # local_time=2011-06-01 09:28:00 (+0100, West-Europa (zomertijd)) # country="Netherlands" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 558333 558333 0 0 # compatibility_mode=5378 16777213 100 97 834 142233827 0 0 # compatibility_mode=5893 16776573 100 94 2686 58582026 0 0 # compatibility_mode=8192 67108863 100 0 108 108 0 0 # scanned=149846 # found=13 # cleaned=13 # scan_time=5646 C:\Qoobox\Quarantine\[4]-Submit_2011-05-27_16.05.04.zip a variant of Win32/Kryptik.OCB trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\GEROINSSVSE\GEROINSSVSE.exe.vir a variant of Win32/Kryptik.OEY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\temp\0.3063615552060275.exe a variant of Win32/Kryptik.OIY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\temp\jar_cache595617008168890716.tmp a variant of Win32/Injector.GPZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ziqogi.exe Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\home\AppData\Roaming\Vaybm\kuyxi.exe Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\home\DoctorWeb\Quarantine\eolmu.exe a variant of Win32/Kryptik.OCB trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\home\DoctorWeb\Quarantine\nolmm.exe a variant of Win32/Kryptik.OCB trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\home\DoctorWeb\Quarantine\nservm.exe a variant of Win32/Kryptik.OCB trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\home\DoctorWeb\Quarantine\pregeo.exe a variant of Win32/Kryptik.OCB trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\home\DoctorWeb\Quarantine\yteryx.exe a variant of Win32/Kryptik.OCB trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6IY1HCJ\worldorders1one_com[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C D:\HOMEPC\Backup Set 2011-01-09 195744\Backup Files 2011-01-09 195744\Backup files 3.zip Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C Grtz Youri

ik heb geen last meer van ask.com in ieder geval. En mbam doet het ook weer, maar hoe kan ik zeker weten dat hij weer virusvrij is? Grtz youri

Hij gaf bij de snelle scan geen fouten, maar wel 7 infecties geloof ik. Maar toen ik hem opnieuw deed gaf die geen infecties meer bij de snelle scan. Maar hij stond al 3 uur aan (de volledige scan en hij ging niet meer verder) Grtz youri

Oke dat zal ik doen, Ik heb op dit moment niet meer die redirect van ask.com, maar ik vind het nog steeds vreemd dat de scan niet verder gaat :s elke keer als er nu updates komen dan zal ik hem wel laten updaten Grtz Youri

Ik heb het programma een snelle scan laten doen en daarna de opties verandert als jij ze neergezet hebt, maar hij scant nu al 3 uur de volledige scan en hij gaat niet meer verder? terwijl die maar een heel klein stukje ver is :S ik heb hem al opnieuw opgestart (ook de pc) maar hij stopt de heletijd bij dezelfde file en als ik kijk dan is het een png (foto file) maar de snelle scan doet het wel. En ineenkeer heb ik weer windows updates dus ik heb weer sp1. Grtz youri

Aah ik dacht dat mijn pc virusvrij was, maar nee als ik op google iets intypte en ik clickte op een site dan kwamen er ineenkeer 10 sites in me adresbalk (wel gewoon in 1 adresbalk) En daarna kwam ik op ask.com. Terwijl die site helemaal niet naar ask.com zou moeten gaan :s Nu heb ik op youtube gezocht op ask.com redirect remove. en toen moest ik kijken naar hosts en daar dan alles onder 27.0.0.0 localhost weghalen. maar bij mij stond er niks. Toen moest ik tdsskiller.exe downloaden en uitvoeren dat heb ik gedaan. En nu heb ik al een tijdje geen redirect meer van ask.com Dus daar ben ik nu vanaf denk ik. En toen wou ik antimalware bytes laten scannen dus ik druk dubbel op MBAM, maar hij start niet op:( Hij komt ook niet in processen te staan en als ik als admin uitvoeren doe doet die ook niks. Dus ik deinstalleer MBAM en zoek op google naar antimalware bytes download. En toen sloot ineenkeer mijn webbroser (opera, maar ik heb het ook geprobeerd met google chrome) af en nu elke keer als ik malware bytes intyp op google dan sluit ineenkeer mijn webbrowser af :S Terwijl ik wel op deze site kan en hotmail enz. kan iemand mij helpen a.u.b want volgens mij heb ik tog nog wat kwaadaardigs in me pc Grtz youri Bedankt alvast

Als ik op naar updates zoeken druk dan krijg ik deze fout: http://imageshack.us/photo/my-images/42/naamloosux.png/ Ik kan dus helemaal niet naar updates zoeken :S

Oke ik heb alles gedaan, bedankt! Grtz youri

Ik denk dat het is opgelost ik heb geen bluescreen meer gekregen de laatste tijd. En ook geen foutmelding meer over windows security center. Mocht er nog iets zijn dan houd ik je nog wel op de hoogte En nog iets met sp1? Dank je wel he! Grtz Youri

ComboFix 11-05-26.04 - home 27-05-2011 17:23:58.3.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1049.18.3327.2210 [GMT 2:00] Gestart vanuit: c:\users\home\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\home\Desktop\CFScript.txt AV: Norman Security Suite *Enabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661} SP: Norman Security Suite *Enabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Aanwezig AV is actief . . FILE :: "c:\windows\system32\dolmd.exe" "c:\windows\system32\jwinj.exe" "c:\windows\system32\jwinz.exe" "c:\windows\system32\oregeo.exe" "c:\windows\system32\yteryy.exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\temp\catchme.dll . ---- Voorgaande Run ------- . c:\programdata\cI28601GpAnC28601\cI28601GpAnC28601 c:\temp\catchme.dll c:\windows\system32\dolmd.exe c:\windows\system32\jwinj.exe c:\windows\system32\jwinz.exe c:\windows\system32\oregeo.exe c:\windows\system32\yteryy.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_jwinz . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))) . . 2011-05-27 15:31 . 2011-05-27 15:31 -------- d-----w- c:\users\home\AppData\Local\temp 2011-05-27 15:31 . 2011-05-27 15:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-27 14:13 . 2011-05-27 14:13 62976 ----a-w- c:\windows\system32\kcodk.exe 2011-05-27 10:13 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D7B4057-F440-4114-BE90-25170C0600C2}\mpengine.dll 2011-05-26 06:48 . 2011-05-26 06:48 388096 ----a-r- c:\users\home\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-26 06:48 . 2011-05-26 06:48 -------- d-----w- c:\program files\Trend Micro 2011-05-24 19:33 . 2011-05-24 19:33 102912 --sha-r- c:\windows\system32\DWrite5.dll 2011-05-22 19:48 . 2011-05-22 19:48 -------- d-----w- c:\program files\Common Files\Java 2011-05-22 19:46 . 2011-05-22 19:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-16 11:40 . 2011-05-26 06:54 -------- d-----w- c:\programdata\Skype Extras 2011-05-16 11:40 . 2011-05-16 11:40 -------- d-----w- c:\program files\Common Files\Skype 2011-05-12 17:50 . 2011-05-12 17:50 -------- d-----w- c:\users\home\AppData\Roaming\Malwarebytes 2011-05-12 17:50 . 2011-05-12 17:50 -------- d-----w- c:\programdata\Malwarebytes 2011-05-12 17:50 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-12 17:50 . 2011-05-12 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-12 17:50 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-11 19:38 . 2011-05-11 19:38 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-04-27 20:54 . 2011-04-27 21:02 235 ----a-w- c:\windows\system32\nxEuUninstall.bat 2011-04-27 20:39 . 2011-04-27 20:39 -------- d-----w- c:\program files\NEXON 2011-04-27 17:08 . 2011-05-16 13:20 -------- d-----w- C:\Nexon 2011-04-27 15:44 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-04-27 15:44 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys 2011-04-27 15:44 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys 2011-04-27 15:44 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys 2011-04-27 15:44 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys 2011-04-27 15:44 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2011-04-27 15:44 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys 2011-04-27 15:44 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys 2011-04-27 15:44 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll 2011-04-27 15:44 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe 2011-04-27 15:43 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-27 15:43 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-24 17:14 . 2010-12-31 07:07 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\system32\xfcodec.dll 2011-04-07 17:47 . 2011-04-12 14:22 4350944 ----a-w- c:\windows\system32\GameMon.des 2011-03-28 19:45 . 2011-02-08 13:47 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-03-28 19:45 . 2011-02-08 13:47 22328 ----a-w- c:\users\home\AppData\Roaming\PnkBstrK.sys 2011-03-28 19:45 . 2011-02-08 13:46 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-03-28 19:45 . 2011-02-08 13:46 107832 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-03-28 19:45 . 2011-03-28 19:45 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2011-03-13 18:11 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-11 05:40 . 2011-04-14 04:56 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 05:40 . 2011-04-14 04:56 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-03-08 05:38 . 2011-04-14 04:56 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-03 05:29 . 2011-04-14 04:57 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-03-03 05:27 . 2011-04-14 04:57 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-03-03 03:31 . 2011-04-14 04:56 2331136 ----a-w- c:\windows\system32\win32k.sys 2010-12-31 15:43 . 2010-12-31 15:42 120832 ----a-w- c:\program files\WolfET.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-01-10 3046808] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Steam"="c:\program files\Steam\Steam.exe" [2011-03-07 1242448] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824] "VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-13 717296] R2 kcodk;Windows Autenthification Service;c:\windows\system32\kcodk.exe [2011-05-27 62976] R2 khmvobcc;Microsoft USB Open Host Controller Miniport Monitor;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 CFcatchme;CFcatchme;c:\temp\CFcatchme.sys [x] R3 netr73;??????? USB-???????? ???????????? ????? ??? ?? Vista USB Wireless 802.11 b/g;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2074480] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-30 218688] S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-01-04 26744] S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2010-11-10 74144] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2009-10-09 22880] S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2010-11-10 223000] S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2010-11-10 90656] S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [2010-11-10 40384] S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2010-11-08 100336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2010-12-17 288072] S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2010-11-11 24688] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2010-11-08 198168] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2010-11-08 99312] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mchInjDrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs khmvobcc . Inhoud van de 'Gedeelde Taken' map . 2011-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516504458-2386010419-3943784325-1000Core.job - c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-31 07:35] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516504458-2386010419-3943784325-1000UA.job - c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-31 07:35] . . ------- Bijkomende Scan ------- . uStart Page = my.daemon-search.com uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,41,78,57,b9,f1,81,4b,ac,12,87,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,41,78,57,b9,f1,81,4b,ac,12,87,\ . [HKEY_USERS\S-1-5-21-3516504458-2386010419-3943784325-1000\Software\SecuROM\License information*] "datasecu"=hex:e1,41,76,2b,96,78,1c,52,05,af,3c,af,bc,6f,a1,6b,39,bd,15,14,ac, 16,53,46,4e,3f,14,e4,0b,fa,49,c0,c3,0a,72,d7,c3,62,ac,8c,7f,77,28,9d,7d,e3,\ "rkeysecu"=hex:a5,a6,85,b2,7b,26,47,ec,91,d2,b0,a8,b8,8e,24,8b . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-05-27 17:34:20 ComboFix-quarantined-files.txt 2011-05-27 15:34 ComboFix2.txt 2011-05-27 09:54 . Pre-Run: 692.753.321.984 bytes beschikbaar Post-Run: 692.695.613.440 bytes beschikbaar . - - End Of File - - A1B78E26C4956EC531D4C46331019535 Upload was successvol

Hier het combofix logje. Ik heb norman antivirus als virus scanner en die stond niet op het rijtje en ik had nog gezocht hoe ik hem kon uitzetten, maar dat lukte helaas niet. ComboFix 11-05-26.02 - home 27-05-2011 11:42:50.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1049.18.3327.1985 [GMT 2:00] Gestart vanuit: c:\users\home\Desktop\ComboFix.exe AV: Norman Security Suite *Enabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661} SP: Norman Security Suite *Enabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Aanwezig AV is actief . . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\GEROINSSVSE c:\geroinssvse\config.bin c:\geroinssvse\GEROINSSVSE.exe c:\temp\catchme.dll c:\users\home\AppData\Roaming\Adobe\plugs c:\users\home\AppData\Roaming\Adobe\shed c:\users\home\videos\SporeApp.exe c:\windows\system32\tmp.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))) . . 2011-05-27 09:51 . 2011-05-27 09:51 -------- d-----w- c:\users\home\AppData\Local\temp 2011-05-27 09:51 . 2011-05-27 09:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-26 19:19 . 2011-05-26 19:19 62976 ----a-w- c:\windows\system32\jwinz.exe 2011-05-26 19:19 . 2011-05-26 19:19 62976 ----a-w- c:\windows\system32\yteryy.exe 2011-05-26 14:12 . 2011-05-26 14:12 62976 ----a-w- c:\windows\system32\dolmd.exe 2011-05-26 13:55 . 2011-05-26 13:55 62976 ----a-w- c:\windows\system32\oregeo.exe 2011-05-26 13:00 . 2011-05-26 13:00 62976 ----a-w- c:\windows\system32\jwinj.exe 2011-05-26 12:36 . 2011-05-26 12:36 -------- d-----w- c:\users\home\AppData\Local\{3C54EFD3-AB4F-4275-9243-7AC240113C5B} 2011-05-26 06:48 . 2011-05-26 06:48 388096 ----a-r- c:\users\home\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-05-26 06:48 . 2011-05-26 06:48 -------- d-----w- c:\program files\Trend Micro 2011-05-25 17:38 . 2011-05-25 20:37 -------- d-----w- c:\users\home\AppData\Roaming\Coosah 2011-05-25 17:38 . 2011-05-25 17:55 -------- d-----w- c:\users\home\AppData\Roaming\Ozyhu 2011-05-24 20:01 . 2011-05-25 20:37 -------- d-----w- c:\programdata\cI28601GpAnC28601 2011-05-24 19:33 . 2011-05-24 19:33 102912 --sha-r- c:\windows\system32\DWrite5.dll 2011-05-22 19:48 . 2011-05-22 19:48 -------- d-----w- c:\program files\Common Files\Java 2011-05-22 19:46 . 2011-05-22 19:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-16 11:40 . 2011-05-26 06:54 -------- d-----w- c:\programdata\Skype Extras 2011-05-16 11:40 . 2011-05-16 11:40 -------- d-----w- c:\program files\Common Files\Skype 2011-05-12 17:50 . 2011-05-12 17:50 -------- d-----w- c:\users\home\AppData\Roaming\Malwarebytes 2011-05-12 17:50 . 2011-05-12 17:50 -------- d-----w- c:\programdata\Malwarebytes 2011-05-12 17:50 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-12 17:50 . 2011-05-12 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-12 17:50 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-12 09:47 . 2011-05-12 09:47 -------- d-----w- c:\users\home\AppData\Local\{76F46A66-CAF5-4E52-B5D2-05829892440F} 2011-05-12 09:00 . 2011-05-12 09:00 -------- d-----w- c:\users\home\AppData\Local\{93755268-1005-42CE-8C55-46977E57588D} 2011-05-11 19:38 . 2011-05-11 19:38 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-05-11 18:40 . 2011-05-11 18:40 -------- d-----w- c:\users\home\AppData\Local\{A21A203D-301F-46B7-9E5E-2A885523F29A} 2011-05-09 20:30 . 2011-05-11 18:46 -------- d-----w- c:\users\home\AppData\Roaming\A8BF907BA68ACF2C7855B3C714DDFC0B 2011-05-09 08:24 . 2011-05-09 08:24 -------- d-----w- c:\users\home\AppData\Local\{17F08733-947D-43B7-85A5-0FA2AB9F7E5F} 2011-05-06 09:06 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12E11261-742C-4998-A5BF-34917C9F520F}\mpengine.dll 2011-05-06 09:02 . 2011-05-06 09:03 -------- d-----w- c:\users\home\AppData\Local\{84FFF996-72DE-452F-89E9-2A25A170BF0A} 2011-05-05 10:33 . 2011-05-05 10:34 -------- d-----w- c:\users\home\AppData\Local\{5004ECA6-1C7B-4FD2-BFED-E175DABB279B} 2011-05-04 08:53 . 2011-05-04 08:53 -------- d-----w- c:\users\home\AppData\Local\{24A1ABFB-E346-4813-ABEF-7DCAAE3D6D7D} 2011-05-03 09:13 . 2011-05-03 09:13 -------- d-----w- c:\users\home\AppData\Local\{D573CA32-381D-464C-9F96-6800B0A079AC} 2011-05-02 17:30 . 2011-05-02 17:30 -------- d-----w- c:\users\home\AppData\Local\{3295AB48-C6C0-47CD-BFB9-4C7D24297156} 2011-05-01 20:17 . 2011-05-01 20:18 -------- d-----w- c:\users\home\AppData\Local\{3BBF784B-F6F1-4FD2-8DB4-FD4231DB68D2} 2011-05-01 08:17 . 2011-05-01 08:17 -------- d-----w- c:\users\home\AppData\Local\{AA047845-AF49-44CE-8665-39D12ABC7262} 2011-04-30 08:35 . 2011-04-30 08:36 -------- d-----w- c:\users\home\AppData\Local\{0F6ED8F0-AD2C-4DCE-BBDE-AFB3421D2926} 2011-04-29 17:56 . 2011-04-29 17:56 -------- d-----w- c:\users\home\AppData\Local\{BA4161E8-5931-463F-9F1E-698646F556D6} 2011-04-29 05:55 . 2011-04-29 05:55 -------- d-----w- c:\users\home\AppData\Local\{3B23C407-F125-4B41-8A70-247F362A8629} 2011-04-28 17:42 . 2011-04-28 17:43 -------- d-----w- c:\users\home\AppData\Local\{89F5729E-D75A-4B47-BD1C-5949D6400E76} 2011-04-28 05:42 . 2011-04-28 05:42 -------- d-----w- c:\users\home\AppData\Local\{A6F093A2-FAF1-40EC-AB6D-A7ED746CF6E3} 2011-04-27 20:54 . 2011-04-27 21:02 235 ----a-w- c:\windows\system32\nxEuUninstall.bat 2011-04-27 20:39 . 2011-04-27 20:39 -------- d-----w- c:\program files\NEXON 2011-04-27 17:08 . 2011-05-16 13:20 -------- d-----w- C:\Nexon 2011-04-27 15:44 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-04-27 15:44 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys 2011-04-27 15:44 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys 2011-04-27 15:44 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys 2011-04-27 15:44 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys 2011-04-27 15:44 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2011-04-27 15:44 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys 2011-04-27 15:44 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys 2011-04-27 15:44 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll 2011-04-27 15:44 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe 2011-04-27 15:43 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-27 15:43 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe 2011-04-27 15:39 . 2011-04-27 15:40 -------- d-----w- c:\users\home\AppData\Local\{B1483736-7837-4BF0-B3F3-545C8289F4FB} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\system32\xfcodec.dll 2011-04-07 17:47 . 2011-04-12 14:22 4350944 ----a-w- c:\windows\system32\GameMon.des 2011-03-28 19:45 . 2011-02-08 13:47 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-03-28 19:45 . 2011-02-08 13:47 22328 ----a-w- c:\users\home\AppData\Roaming\PnkBstrK.sys 2011-03-28 19:45 . 2011-02-08 13:46 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-03-28 19:45 . 2011-02-08 13:46 107832 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-03-28 19:45 . 2011-03-28 19:45 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2011-03-13 18:11 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-11 05:40 . 2011-04-14 04:56 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 05:40 . 2011-04-14 04:56 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-03-08 05:38 . 2011-04-14 04:56 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-03 05:29 . 2011-04-14 04:57 132608 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-03-03 05:27 . 2011-04-14 04:57 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-03-03 03:31 . 2011-04-14 04:56 2331136 ----a-w- c:\windows\system32\win32k.sys 2010-12-31 15:43 . 2010-12-31 15:42 120832 ----a-w- c:\program files\WolfET.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-01-10 3046808] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Steam"="c:\program files\Steam\Steam.exe" [2011-03-07 1242448] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288] "Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824] "VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-13 717296] R2 jwinz;Windows Autenthification Service;c:\windows\system32\jwinz.exe [2011-05-26 62976] R2 khmvobcc;Microsoft USB Open Host Controller Miniport Monitor;c:\windows\System32\svchost.exe [2009-07-14 20992] R3 netr73;??????? USB-???????? ???????????? ????? ??? ?? Vista USB Wireless 802.11 b/g;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2010-05-20 2074480] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-30 218688] S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-01-04 26744] S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2010-11-10 74144] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2009-10-09 22880] S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2010-11-10 223000] S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2010-11-10 90656] S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [2010-11-10 40384] S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2010-11-08 100336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2010-12-17 288072] S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2010-11-11 24688] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2010-11-08 198168] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2010-11-08 99312] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mchInjDrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs khmvobcc . Inhoud van de 'Gedeelde Taken' map . 2011-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516504458-2386010419-3943784325-1000Core.job - c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-31 07:35] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516504458-2386010419-3943784325-1000UA.job - c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-31 07:35] . . ------- Bijkomende Scan ------- . uStart Page = my.daemon-search.com uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-8Z5B7GZG2V5HXF8APYFGLGTWE - c:\geroinssvse\GEROINSSVSE.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,41,78,57,b9,f1,81,4b,ac,12,87,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,41,78,57,b9,f1,81,4b,ac,12,87,\ . [HKEY_USERS\S-1-5-21-3516504458-2386010419-3943784325-1000\Software\SecuROM\License information*] "datasecu"=hex:e1,41,76,2b,96,78,1c,52,05,af,3c,af,bc,6f,a1,6b,39,bd,15,14,ac, 16,53,46,4e,3f,14,e4,0b,fa,49,c0,c3,0a,72,d7,c3,62,ac,8c,7f,77,28,9d,7d,e3,\ "rkeysecu"=hex:a5,a6,85,b2,7b,26,47,ec,91,d2,b0,a8,b8,8e,24,8b . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-05-27 11:54:38 ComboFix-quarantined-files.txt 2011-05-27 09:54 . Pre-Run: 692.685.176.832 bytes beschikbaar Post-Run: 693.092.913.152 bytes beschikbaar . - - End Of File - - 12A3E5FE96E1E066D51402100CE75675

ik heb het in veilige modus opgestart en gedaan wat je had geschreven. zie hier mijn logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:56:28, on 26-5-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\elogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nnf.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\KBD\KbdStub.exe C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Windows\vVX6000.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Steam\Steam.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\svchost.exe C:\Program Files\Xfire\Xfire.exe C:\Windows\system32\svchost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Xfire\Xfire.exe C:\Windows\system32\DllHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Opera\opera.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = (je had gezegt dat ik deze en customize search moest verwijderen, maar als ik dat doe en ik scan opnieuw staan ze er weer :S) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://192.168.1.6:5555/activex/RACtrl.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\elogsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Windows Autenthification Service (jwinj) - Lsirkikvc Software - C:\Windows\system32\jwinj.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 8759 bytes

hier mijn 2de log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:00:28, on 26-5-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\elogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nnf.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Windows\vVX6000.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Xfire\Xfire.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Windows\system32\DllHost.exe C:\Program Files\Xfire\Xfire.exe C:\Program Files\Hewlett-Packard\KBD\kbd.exe C:\Program Files\Opera\opera.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.25\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.47\deploy\LolClient.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://192.168.1.6:5555/activex/RACtrl.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Windows Autenthification Service (cnixc) - Lsirkikvc Software - C:\Windows\system32\cnixc.exe O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\elogsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: qqmsavjmuyixsb - Unknown owner - c:\temp\DAT1BCD.tmp.exe (file missing) O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 9099 bytes en hier het malware bytes log: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 6676 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26-5-2011 15:00:44 mbam-log-2011-05-26 (15-00-44).txt Scantype: Volledige scan (C:\|D:\|) Objecten gescand: 272233 Verstreken tijd: 57 minuut/minuten, 4 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 9 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\awina (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\Windows\System32\awina.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\System32\cnixc.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\System32\snixc.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\System32\uolme.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\System32\uolmt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\System32\xteryh.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\temp\0.35578137101007.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. bedankt alvast voor je hulp grtz Youri

Oke alvast bedankt voor je reactie. bij deze mijn hjt log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:49:39, on 26-5-2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! NOTE ik heb zelf internet explorer disabled bij standaardonderdelen, omdat ik 5 keer in mijn taakbeheer iexplore.exe (dus geen iexplorer.exe) en ik gebruik tog geen ie. Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\elogsvc.exe C:\Program Files\Norman\Ngs\Bin\Nnf.exe C:\Program Files\Norman\Ngs\Bin\Nprosec.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Norman\Npm\Bin\Zanda.exe C:\Program Files\Norman\npm\bin\nvoy.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Norman\Npm\Bin\Zlh.exe C:\Windows\vVX6000.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Xfire\Xfire.exe C:\Windows\system32\svchost.exe C:\Program Files\Norman\Npm\Bin\scheduler.exe C:\Program Files\Norman\Npm\Bin\Njeeves.exe C:\Program Files\Norman\Nse\Bin\NSESVC.EXE C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Norman\Nvc\Bin\Nip.exe C:\Program Files\Norman\Nvc\Bin\nvcoas.exe C:\Program Files\Norman\Nvc\Bin\cclaw.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Opera\opera.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Hewlett-Packard\KBD\kbd.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\svchost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [wmupdater] "C:\Program Files\updater.exe" -update O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [4ECYTQ9SIC] c:\temp\Vbd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [4ECYTQ9SIC] c:\temp\Vbd.exe (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://192.168.1.6:5555/activex/RACtrl.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: mekomdo - C:\Windows\system32\config\systemprofile\AppData\Local\mekomdo.dll O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger Service (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\elogsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman Network Filtering service (NNFSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nnf.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\Bin\Njeeves.exe O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program Files\Norman\Ngs\Bin\Nprosec.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\Nse\Bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\Bin\nvcoas.exe O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: qqmsavjmuyixsb - Unknown owner - c:\temp\DAT1BCD.tmp.exe (file missing) O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\scheduler.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 9552 bytes

Beste mensen van het pc helpforum: Ik heb een aantal problemen met mijn computer nadat ik antimalware docter heb verwijdert. ik had het virus ineenkeer en toen heb ik na heel lang zoeken eindelijk gevonden hoe ik het kon verwijderen. Ik heb het verwijdert als volgt: ik ging naar taakbeheer en zocht daar naar iets met 70 in de naam (op een forum zeiden ze dat het virus iets met 70 is) Dus ik deed rechtermuisknop naar bestandslocatie gaan en zag daar inderdaad het mapje met anti malware docter. Dus ik selecteer ze bijde en verwijder ze definitief (dus ook uit de prullenbak) Daarna verwijder ik het proces in taakbeheer. Toen heb ik nog een scan gedaan met anti malware bytes, en toen dacht ik dat ik er nu helemaal vanaf zou zijn, maar nee nu enkele dagen later krijg ik heletijd vreemde fouten. ik zal de kenmerken even op een rijtje zetten. 1.als ik opstart met mijn accaunt (w7) kan het zijn dat me hele bureablad weg is (kan ook niet de windows knop+r doen dus geen explorer.exe intypen. 2.als ik op google een site zoek dan kom ik ineenkeer op een andere site. 3.soms als ik iets doe krijg ik ineenkeer een bluescreen 4.windows defender krijg ik niet meer ingeschakeld en hij geeft een foutmelding over windows security center-service die niet is ingeschakeld. ik heb al gekeken naar services en toen vertraagd opstarten, maar dit loste jammer genoeg niets op 5. met firefox heb ik vaak crashproblemen. Ik ben nog nooit naar een site gegaan om te proberen een probleem op te lossen en ik hoop dat iemand mij wil helpen dit probleem in nuchtere stappen helpen op te lossen (ik heb zelf maar een beetje ervaring met computers, ik snap meer van de hardware) ik hoop dat ik genoeg informatie in mijn post heb gezet alvast bedankt. Grtzz youri