adriaan102

Dankjewel, ik heb het uitgevoerd! Hartstikke bedankt voor de geboden hulp, het was heel duidelijk en efficiënt! Weten jullie misschien de oorzaak waarom ik dit probleem heb ondervonden? Dan kan ik er in de toekomst rekening mee houden. Gr Adriaan

ComboFix 12-05-31.01 - Eigenaar 31-05-2012 14:13:08.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.301 [GMT 2:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Bureaublad\CFScript.txt * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\system32\drivers\a178y.sys" "c:\windows\system32\drivers\aoqbhrg.sys" "c:\windows\system32\drivers\is-DHR67.tmp" "c:\windows\system32\drivers\is-OL7S8.tmp" "c:\windows\system32\drivers\is-Q662L.tmp" "c:\windows\system32\drivers\is-V5A9F.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\is-DHR67.tmp c:\windows\system32\drivers\is-OL7S8.tmp c:\windows\system32\drivers\is-Q662L.tmp c:\windows\system32\drivers\is-V5A9F.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_A178Y.SYS -------\Service_a178y.sys -------\Service_tqibqwdn . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))) . . 2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-28 12:03 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-24 23:59 . 2012-05-24 23:59 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2012-05-24 23:59 . 2012-05-24 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-05-24 14:30 . 2012-05-24 14:30 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-24 14:30 . 2012-05-24 14:30 -------- d-----w- c:\program files\Trend Micro 2012-05-21 18:00 . 2012-05-23 14:21 -------- d-----w- c:\documents and settings\Administrator 2012-05-21 16:53 . 2012-05-21 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2012-05-21 16:52 . 2012-05-21 16:52 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\IObit 2012-05-21 13:43 . 2011-09-29 10:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2012-05-21 13:43 . 2011-12-19 10:44 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys 2012-05-21 13:43 . 2012-05-21 13:43 -------- d-----w- c:\windows\system32\drivers\VDD 2012-05-21 13:43 . 2012-05-21 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2012-05-21 13:43 . 2012-05-21 13:57 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\adawarebp 2012-05-21 13:43 . 2012-05-21 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection 2012-05-21 13:43 . 2012-05-21 13:43 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\adawaretb 2012-05-21 13:42 . 2012-05-21 13:59 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Ad-Aware Antivirus 2012-05-21 13:27 . 2012-05-21 13:27 -------- d-----w- c:\windows\system32\GroupPolicy 2012-05-02 20:10 . 2012-05-02 20:10 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\DDMSettings . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-11 13:55 . 2004-08-04 00:58 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-08-04 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:55 . 2004-08-04 12:00 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-05-29_14.34.10 ))))))))))))))))))))))))))))))))))))))))) . + 2012-05-31 12:22 . 2012-05-31 12:22 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160] "Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304] "Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-06 296056] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-11-20 528384] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2010-2-19 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop . R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [17-11-2006 14:37 61184] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [21-5-2012 15:43 335224] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [17-11-2006 14:37 31104] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [?] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [21-7-2010 23:16 548864] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1078145449-839522115-1003Core.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-10 18:57] . 2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1078145449-839522115-1003UA.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-10 18:57] . 2012-05-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1078145449-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1078145449-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-05-31 c:\windows\Tasks\User_Feed_Synchronization-{81E97EAC-FD0C-4488-9AF8-832045990F18}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-05-31 14:23 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-789336058-1078145449-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:5e,9a,4c,ed,2a,84,75,b3,2e,4b,dd,57,42,02,1f,5c,d3,4f,57,82,c0,33,c2, d8,aa,7c,83,f5,ef,bd,b0,34,35,51,84,42,bf,d6,5f,f7,0a,5c,5a,e3,fd,4c,8c,f5,\ "??"=hex:9c,51,91,26,1b,0b,ff,49,aa,b6,38,35,64,52,48,93 . [HKEY_USERS\S-1-5-21-789336058-1078145449-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:b1,a0,dd,92,9d,fb,e3,2f,7c,0c,d3,99,d4,d4,be,51,12,50,8b,e3,5b, 9a,af,0d,96,42,19,7a,8a,62,cf,5f,62,a9,36,7e,d7,3f,9f,1b,5c,fd,c3,95,e3,f9,\ "rkeysecu"=hex:cc,51,48,be,7f,40,9d,9c,8f,54,d5,d0,99,84,a1,9b . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(912) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3196) c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE c:\program files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe c:\program files\Logitech\G-series Software\Applets\LCDClock.exe . ************************************************************************** . Voltooingstijd: 2012-05-31 14:26:46 - machine werd herstart ComboFix-quarantined-files.txt 2012-05-31 12:26 ComboFix2.txt 2012-05-29 14:38 . Pre-Run: 127.691.714.560 bytes beschikbaar Post-Run: 127.676.526.592 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 5A223AC58BCECB793E917F655806F9E7

Hey Kape, de computer doet het (zonder bovenstaande) alweer 2 dagen goed (zonder vastlopen). Zal ik je bovenstaand bericht toch gewoon uitvoeren?

Hey Kape, ik heb het via veilige modus (zonder netwerkverbinding) moeten doen, anders werkte het niet. Dus ik heb geen recovery console kunnen installeren, aangezien daar een internetverbinding voor nodig was. Hieronder de logfile: ComboFix 12-05-28.05 - Eigenaar 29-05-2012 16:23:44.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.269 [GMT 2:00] Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !! . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\windows\system32\dllcache\6to4svc.dll.new c:\windows\system32\dllcache\dlimport.exe . . \\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected . \\.\PhysicalDrive0 - Bootkit Sinowal was found and disinfected . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip . . (((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-29 )))))))))))))))))))))))))))))) . . 2012-05-28 12:15 . 2012-05-28 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-28 12:03 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-28 12:00 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\is-OL7S8.tmp 2012-05-28 11:45 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\is-Q662L.tmp 2012-05-25 11:16 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\is-DHR67.tmp 2012-05-25 00:35 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\is-V5A9F.tmp 2012-05-24 23:59 . 2012-05-24 23:59 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Malwarebytes 2012-05-24 23:59 . 2012-05-24 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-05-24 14:30 . 2012-05-24 14:30 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-24 14:30 . 2012-05-24 14:30 -------- d-----w- c:\program files\Trend Micro 2012-05-21 18:00 . 2012-05-23 14:21 -------- d-----w- c:\documents and settings\Administrator 2012-05-21 16:53 . 2012-05-21 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit 2012-05-21 16:52 . 2012-05-21 16:52 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\IObit 2012-05-21 13:43 . 2011-09-29 10:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2012-05-21 13:43 . 2011-12-19 10:44 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys 2012-05-21 13:43 . 2012-05-21 13:43 -------- d-----w- c:\windows\system32\drivers\VDD 2012-05-21 13:43 . 2012-05-21 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2012-05-21 13:43 . 2012-05-21 13:57 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\adawarebp 2012-05-21 13:43 . 2012-05-21 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection 2012-05-21 13:43 . 2012-05-21 13:43 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\adawaretb 2012-05-21 13:42 . 2012-05-21 13:59 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Ad-Aware Antivirus 2012-05-21 13:27 . 2012-05-21 13:27 -------- d-----w- c:\windows\system32\GroupPolicy 2012-05-02 20:10 . 2012-05-02 20:10 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\DDMSettings . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-11 13:55 . 2004-08-04 00:58 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2004-08-04 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:55 . 2004-08-04 12:00 2196992 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-01 11:00 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:00 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 11:00 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160] "Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304] "Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-06 296056] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-11-20 528384] VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2010-2-19 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTornado\\btdownloadgui.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop . R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [17-11-2006 14:37 61184] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [21-5-2012 15:43 335224] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [17-11-2006 14:37 31104] S0 tqibqwdn;tqibqwdn;c:\windows\system32\drivers\aoqbhrg.sys --> c:\windows\system32\drivers\aoqbhrg.sys [?] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe --> c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [?] S3 a178y.sys;a178y.sys;\??\c:\windows\system32\drivers\a178y.sys --> c:\windows\system32\drivers\a178y.sys [?] S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [21-7-2010 23:16 548864] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1078145449-839522115-1003Core.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-10 18:57] . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1078145449-839522115-1003UA.job - c:\documents and settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-10 18:57] . 2012-05-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-789336058-1078145449-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-05-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-1078145449-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 15:14] . 2012-05-29 c:\windows\Tasks\User_Feed_Synchronization-{81E97EAC-FD0C-4488-9AF8-832045990F18}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.startpagina.nl/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKCU-Run-Spotify - c:\documents and settings\Eigenaar\Application Data\Spotify\Spotify.exe AddRemove-Toolbar Cleaner - c:\program files\Toolbar Cleaner\uninstall.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-05-29 16:34 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-789336058-1078145449-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:5e,9a,4c,ed,2a,84,75,b3,2e,4b,dd,57,42,02,1f,5c,d3,4f,57,82,c0,33,c2, d8,aa,7c,83,f5,ef,bd,b0,34,35,51,84,42,bf,d6,5f,f7,0a,5c,5a,e3,fd,4c,8c,f5,\ "??"=hex:9c,51,91,26,1b,0b,ff,49,aa,b6,38,35,64,52,48,93 . [HKEY_USERS\S-1-5-21-789336058-1078145449-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:b1,a0,dd,92,9d,fb,e3,2f,7c,0c,d3,99,d4,d4,be,51,12,50,8b,e3,5b, 9a,af,0d,96,42,19,7a,8a,62,cf,5f,62,a9,36,7e,d7,3f,9f,1b,5c,fd,c3,95,e3,f9,\ "rkeysecu"=hex:cc,51,48,be,7f,40,9d,9c,8f,54,d5,d0,99,84,a1,9b . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(916) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3296) c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\webcheck.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\program files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe c:\program files\Logitech\G-series Software\Applets\LCDClock.exe c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE . ************************************************************************** . Voltooingstijd: 2012-05-29 16:38:32 - machine werd herstart ComboFix-quarantined-files.txt 2012-05-29 14:38 . Pre-Run: 126.498.963.456 bytes beschikbaar Post-Run: 126.910.197.760 bytes beschikbaar . - - End Of File - - 230A2B5C74EA85A206CF456C2E720607

Geen vorderingen, nog steeds hetzelfde. Het enige wat ik nu (makkelijker) wel kan doen is grotere mappen verwijderen. Voor deze scans kon ik alleen bestand voor bestand (dus ook elke keer per sub-map) verwijderen. Maar nu kan ik 20 bestanden tegelijk verwijderen. In windows veilige modus (zonder netwerkverbindgen) doet hij het overigens wel gewoon. Alleen is de computer dan wel vrij traag. Dat is ook de enige modus waarin ik mijn computer uit kan schakelen via start/uitschakelen. Windows veilige modus + netwerkverbindingen heeft dezelfde problemen (grotendeels) als normaal windows opstarten. Voor de rest heb ik nog steeds dezelfde problemen: - hotmail/youtube e.d. lopen vast - kan geen mp3 e.d. bestanden openen (sowieso bijna geen bestanden) - Word is een van de weinige programma's die het zonder problemen doet. - kan de computer niet uitschakelen via de normale manier (dus moet handmatig door de knop ingedrukt te houden) - bij de internet problemen krijg ik overigens de volgende meldingen: Hotmail/youtube -> "De volgende plug-in reageert niet meer: Shockwave Flash. Wilt u deze beëindigen?" www.vi.nl -> "De volgende plug-in reageert niet meer: onbekend. Wilt u deze beëindigen?"

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:02:12, on 28-5-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spotify] "C:\Documents and Settings\Eigenaar\Application Data\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - https://picasaweb.google.com/s/v/71.32/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183027916703 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9278 bytes

En hier mbamlog: Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.04.04.08 Windows XP Service Pack 3 x86 NTFS (Veilige modus) Internet Explorer 8.0.6001.18702 Eigenaar :: AD [administrator] 28-5-2012 14:15:49 mbam-log-2012-05-28 (14-15-49).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 217913 Verstreken tijd: 9 minuut/minuten, 30 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 27 HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\SpyHealer (Rogue.Spy.Heal) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SpyHealer.exe (Rogue.Spy.Heal) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ClickPotatoLiteSA (Adware.ClickPotato) -> Data: "C:\Program Files\ClickPotatoLite\bin\10.0.634.0\ClickPotatoLiteSA.exe" -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files\ClickPotatoLite\bin\10.0.634.0\firefox\extensions -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 3 C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\Eigenaar\Application Data\ClickPotatoLite (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 5 C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)

Ik kan in veilige modus met netwerkverbinding Malwarebytes niet opstarten, dus ik post ze even apart. Hier HiJackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:41:16, on 28-5-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Winamp Agent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [spyHealer] C:\Program Files\SpyHealer\SpyHealer.exe /h O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spotify] "C:\Documents and Settings\Eigenaar\Application Data\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing) O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - https://picasaweb.google.com/s/v/71.32/uploader2.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183027916703 O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9057 bytes

Mmm heb de eerste stap gedaan, maar MBAM wil hij niet openen bij me. Ik heb het geïnstalleerd en ik druk dan op voltooien, maar hij doet niets. Daarna ook geprobeerd om opnieuw op te starten en het te openen, maar hij opent het niet. Ik ben dit weekend weg, maar zal 't zondag/maandag nog even opnieuw proberen! Misschien tips? Veilige modus bijvoorbeeld?

Hallo, Alvast bedankt voor de hulp. Ik ben hier via google terecht gekomen en zag dat een ander persoon hetzelfde probleem had als ik (topic 21 mei): mijn programma's lopen bij het minst of geringste vast. Soms is het zo erg dat de hele computer bevriest. Ik kan niets fatsoenlijk openen, al mijn acties lopen vast en dan dien ik het programma weer te beëindigen met cltr/alt/delete. Soms start mijn computer ook helemaal niet meer op en moet ik 5 keer rebooten voordat ik wel windows kan openen. Mijn computer uitzetten via start lukt ook niet meer, dus ik houd telkens de knop 10 seconden vast om de computer uit te schakelen. Om een schets te geven wat er precies vastloopt: Alles loopt vast, behalve "eenvoudige" websites waar niet teveel geladen hoeft te worden. Hotmail is bijvoorbeeld al teveel. Vaak kan ik dan wel inloggen, maar een e-mail openen of versturen is dan al teveel gevraagd. Ik las in mijn lotgenoot's topic dat ik een HiJackThis log moet hebben, na 15 keer het proberen te installeren is het vandaag voor het eerst gelukt. (Het probleem speelt al een week, in deze (ernstige) vorm). Anti-virus/spyware programma's kan ik overigens ook niet openen, dus weet ook niet of het daar aan ligt. Hieronder de logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:42:40, on 24-5-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Winamp Agent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [spyHealer] C:\Program Files\SpyHealer\SpyHealer.exe /h O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [ClickPotatoLiteSA] "C:\Program Files\ClickPotatoLite\bin\10.0.634.0\ClickPotatoLiteSA.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eigenaar\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spotify] "C:\Documents and Settings\Eigenaar\Application Data\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing) O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\VCPOKE~1\client.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files\ClickPotatoLite\bin\10.0.634.0\ClickPotatoLiteSABHO.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - https://picasaweb.google.com/s/v/71.32/uploader2.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183027916703 O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 11509 bytes Alvast bedankt! Met vriendelijke groet, Adriaan Ps (toevoeging 18:38): ik kan ook niets fatsoenlijk verwijderen. Dus niet via configuratie/software maar ook het handmatig verwijderen gaat niet. Ik moet echt elke keer in elke sub map alles eerst verwijderen. In mijn prullenbak kan ik dan ook weer niet alles fatsoenlijk verwijderen, sommige bestanden weigert hij te verwijderen.