Hanna

Hallo Kape, Het probleem is opgelost en de computer is een stuk sneller geworden ook nog. Heerlijk dat we nu weer gewoon kunnen computeren. Ik wil je dan ook hartelijk bedanken voor je tijd, geduld en al je aanwijzingen. Ik ben erg blij dat ik via Google jullie site heb gevonden en dat we samen dat nare System Security 2009 gebeuren hebben kunnen verwijderen. Nogmaals mijn hartelijke dank! Met hartelijke groet van Hanna

Hallo Kape, Daar ben ik weer:D, je kunt wel het heen en weer van mij krijgen. Ik ben uitgebreid aan het zoeken geweest naar het dat-bestand in window/system32 maar moet je denken dat ik het bestandje kan vinden. Ik heb alle zoekfuncties van Windows er op losgelaten. Strange terwijl het wel in het log staat. Kan ik nu verder gaan met het verwijderen van Combofix? gr. Hanna

Hallo Kape, Hierbij stuur ik je de log van Combofix. Ik ben heel benieuwd of alles nu weer helemaal goed is? Het lijkt wel zo maar ik wacht nog even je reaktie af. ComboFix 09-07-14.08 - Huub de Boer 17-07-2009 12:58.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.447.164 [GMT 2:00] Gestart vanuit: d:\documents and settings\Huub de Boer\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\companion wizard c:\program files\Common Files\companion wizard\CompWiz.xml c:\recycler\S-1-5-21-2565142251-1425685723-606381188-1003 c:\windows\Installer\WMEncoder.msi c:\windows\system32\av.cpl d:\documents and settings\All Users\Application Data\16522034 d:\documents and settings\All Users\Application Data\16522034\16522034 d:\documents and settings\All Users\Application Data\16522034\16522034.exe d:\documents and settings\Annemarie\err.log d:\documents and settings\Annemarie\ResErrors.log d:\documents and settings\Huub de Boer\err.log d:\documents and settings\Huub de Boer\ResErrors.log d:\documents and settings\martijn\err.log d:\documents and settings\martijn\ResErrors.log d:\documents and settings\sander\ResErrors.log d:\documents and settings\tim\err.log d:\documents and settings\tim\ResErrors.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN (((((((((((((((((((( Bestanden Gemaakt van 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))) . 2009-07-16 13:14 . 2009-07-16 13:14 -------- d-----w- d:\documents and settings\Huub de Boer\Application Data\Malwarebytes 2009-07-16 07:08 . 2009-07-16 07:08 -------- d-----w- c:\program files\Trend Micro 2009-07-14 17:12 . 2009-07-14 17:12 -------- d-----w- d:\documents and settings\Administrator\Application Data\Malwarebytes 2009-07-14 17:12 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-14 17:12 . 2009-07-16 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-14 17:12 . 2009-07-14 17:12 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-14 17:12 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-12 18:04 . 2009-06-27 07:42 327688 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-07-12 18:04 . 2009-06-27 07:42 2052376 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-07-12 18:04 . 2009-06-27 07:42 493336 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgtbapi.dll 2009-07-12 18:04 . 2009-06-27 07:42 906520 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe 2009-07-12 18:04 . 2009-06-27 07:42 2167576 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll 2009-07-12 18:04 . 2009-06-27 07:42 3402008 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe 2009-07-12 18:04 . 2009-06-27 07:42 1204504 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll 2009-07-12 18:04 . 2009-06-27 07:42 337176 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll 2009-07-12 18:04 . 2009-06-27 07:42 829208 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll 2009-07-12 18:04 . 2009-06-27 07:42 3298072 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe 2009-07-12 18:02 . 2009-06-27 07:41 1085208 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-07-12 18:02 . 2009-06-27 07:41 1454360 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-07-12 17:58 . 2009-07-17 08:41 -------- d--h--r- d:\documents and settings\Huub de Boer\Onlangs geopend 2009-06-27 16:24 . 2009-06-14 14:07 1004800 ----a-w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-06-27 07:43 . 2009-06-27 07:42 832144 ----a-w- d:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe 2009-06-27 07:43 . 2009-07-02 14:09 -------- d-----w- d:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-06-27 07:43 . 2009-06-27 07:43 -------- d-----w- d:\documents and settings\LocalService\Menu Start 2009-06-27 07:43 . 2009-06-27 07:43 -------- d-----w- d:\documents and settings\LocalService\Application Data\AVGTOOLBAR . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-17 11:07 . 2007-09-20 20:03 12 ----a-w- c:\windows\bthservsdp.dat 2009-07-16 12:53 . 2006-08-28 18:59 63272 ----a-w- d:\documents and settings\Annemarie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-15 10:37 . 2007-09-24 17:56 63272 ----a-w- d:\documents and settings\sander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-15 10:18 . 2009-01-31 10:46 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater 2009-07-12 18:03 . 2008-06-20 08:21 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-10 19:11 . 2008-11-03 18:44 -------- d-----w- d:\documents and settings\Huub de Boer\Application Data\LimeWire 2009-07-09 15:38 . 2008-09-24 17:17 -------- d-----w- d:\documents and settings\Huub de Boer\Application Data\BearShare 2009-06-27 07:42 . 2008-06-20 08:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-27 07:42 . 2006-12-11 20:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-05 16:40 . 2008-07-13 10:12 -------- d-----w- d:\documents and settings\tim\Application Data\AVGTOOLBAR 2009-05-22 13:00 . 2008-01-18 18:08 -------- d-----w- c:\program files\Norton Security Scan 2009-05-07 15:34 . 2004-09-10 16:23 347136 ----a-w- c:\windows\system32\localspl.dll 2009-05-06 09:48 . 2008-06-20 08:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-04-29 04:46 . 2004-09-10 16:23 669696 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:46 . 2004-09-10 16:23 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-19 19:51 . 2004-09-10 16:23 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-19 12:06 . 2009-04-19 12:06 152576 ----a-w- d:\documents and settings\Huub de Boer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2008-10-30 13:00 . 2008-10-30 12:58 109 --sha-w- c:\windows\system32\680045961.dat . ------- Sigcheck ------- [-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-08-04 13:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys [-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys [-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-31 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-30 98304] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-30 180269] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248] "VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-11 147456] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-3-30 282624] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Snelstart HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-3-30 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-27 07:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\APPS\\skype\\phone\\Skype.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20-6-2008 10:21 335752] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20-6-2008 10:21 108552] R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [30-10-2008 16:39 160792] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4-7-2008 10:45 907032] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4-7-2008 10:45 298776] S2 gupdate1c983915bfaec3c;Google Update Service (gupdate1c983915bfaec3c);c:\program files\Google\Update\GoogleUpdate.exe [31-1-2009 12:47 133104] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21-7-2008 13:43 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21-7-2008 13:43 8320] . Inhoud van de 'Gedeelde Taken' map 2009-07-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-31 14:57] 2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 10:47] 2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 10:47] 2006-01-22 c:\windows\Tasks\Herinnering voor registratie 1.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] 2006-01-29 c:\windows\Tasks\Herinnering voor registratie 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] 2006-02-05 c:\windows\Tasks\Herinnering voor registratie 3.job - c:\windows\system32\OOBE\oobebaln.exe [2004-09-10 17:03] 2009-05-22 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42] . - - - - ORPHANS VERWIJDERD - - - - HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe HKLM-Run-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe SafeBoot-svcWRSSSDK . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyServer = proxy:8080 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2009-07-17 13:10 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'lsass.exe'(524) c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll - - - - - - - > 'explorer.exe'(1440) c:\windows\system32\btmmhook.dll c:\progra~1\WINDOW~2\wmpband.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\apps\HIDSERVICE\HidService.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\rundll32.exe c:\apps\ABOARD\AOSD.EXE c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe . ************************************************************************** . Voltooingstijd: 2009-07-17 13:17 - machine werd herstart ComboFix-quarantined-files.txt 2009-07-17 11:17 Pre-Run: 19.127.586.816 bytes beschikbaar Post-Run: 19.017.187.328 bytes beschikbaar 248 --- E O F --- 2009-06-11 17:47 Groet van Hanna

Hallo Kape, Combofix geeft inderdaad aan dat AVG ingeschakeld is en dat ik het moet afsluiten maar hoe doe ik dat? Ik ben aan het zoeken geweest in het beveiligingscentrum want daar staat de antivirus ingeschakeld. Ik weet niet hoe ik het programma daar moet uitschakelen? Zolang ik dat nog niet gedaan heb durf ik niet verder te gaan met Combofix. Kun jij me hier nog mee helpen? Groet van Hanna

Hallo Kape, Ik word al helemaal enthousiast want de computer start weer normaal op met het gewone bureaublad. Ik heb alles wat je gevraagd hebt gedaan en zal zo de logjes hier onder zetten. Het enige dat niet gebeurd is, is het updaten van het Malware programma omdat die computer momenteel niet met internet verbonden is. Maar gezien bovenstaand resultaat moet dat geen probleem zijn? Hier dan de logjes. Malwarebytes' Anti-Malware 1.39 Database versie: 2421 Windows 5.1.2600 Service Pack 3 16-7-2009 17:51:03 mbam-log-2009-07-16 (17-51-03).txt Scan type: Snelle Scan Objecten gescand: 139623 Verstreken tijd: 10 minute(s), 58 second(s) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 49 Registerwaarden geïnfecteerd: 7 Registerdata bestanden geïnfecteerd: 6 Mappen geïnfecteerd: 30 Bestanden geïnfecteerd: 206 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige items gevonden) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige items gevonden) Registersleutels geïnfecteerd: HKEY_CLASSES_ROOT\antiviruscom.avofficeprotect (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\antiviruscom.avofficeprotect.1 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\avexplorer.shellextension (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\avexplorer.shellextension.2 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\iefwbho.iefw (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\iefwbho.iefw.2 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\udcpchk.udcpchk (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\udcpchk.udcpchk.1 (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\uwap7.pcheck.1 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\winpgintegrator.ieintegrator (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\winpgintegrator.ieintegrator.1 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{459f4226-1aab-43b6-9dc1-b6313ef83749} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5954b2db-09a7-4023-847c-107539dc560d} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1ac5c88a-dea7-462b-a232-04af5ca42e7e} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2a5c2e6d-864b-4f2c-9542-8b272741d78b} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{943b96a4-9bf6-42fe-8d0b-4bca71c3632f} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{723d54c7-7483-4eb8-8eed-ce5b2aea534d} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{4f43b1f3-0ce8-493b-96d2-990cec05edbb} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{367a86a5-d048-4785-86be-4e2706aafdd9} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{6f520be0-9b54-4558-816f-224e67997df3} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{732b6533-7f78-4c47-9c01-2979ba0829b9} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{367a86a5-d048-4785-86be-4e2706aafdd9} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\drivecleaner free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\drivecleaner free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\winantivirus pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\WinPGI.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fopn (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56b38f40-4e70-11d4-a076-0080ad86ba2f} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{56b38f40-4e70-11d4-a076-0080ad86ba2f} (Trojan.BHO) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registerdata bestanden geïnfecteerd: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mappen geïnfecteerd: c:\program files\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\AWBase (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\AWBase\database (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\PGBase (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UpDate (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\res (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\common files\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. d:\documents and settings\all users\application data\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. d:\documents and settings\all users\application data\winantivirus pro 2007\Data (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\common files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\WinAntiVirus Pro 2007 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully. d:\documents and settings\all users\application data\salesmonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully. d:\documents and settings\annemarie\application data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\annemarie\application data\drivecleaner free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\huub de boer\application data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\huub de boer\application data\drivecleaner free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\sander\application data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\sander\application data\drivecleaner free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\tim\application data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\tim\application data\drivecleaner free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully. D:\Documents and Settings\Huub de Boer\Menu Start\Programma's\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Bestanden geïnfecteerd: c:\WINDOWS\lsass.exe (Trojan.Clicker) -> Quarantined and deleted successfully. d:\documents and settings\huub de boer\local settings\Temp\teste1_p.exe (Trojan.Clicker) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\Activate.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\ASupdater.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\atl71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\BkSites.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\bnlink.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\bpupdater.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\CompWiz.xml (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\forum.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\integrity.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\kb.url (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\lapv.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\License.rtf (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\mfc71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\msvcp71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\msvcr71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\msxml3.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\msxml3a.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\msxml3r.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\Online.url (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\PGE.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\PGupdater.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\pv.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\rbho.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\reform.exe (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\Settings.ini (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\SpOrder.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\sqlite3.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\sr.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\Support.url (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\UBUpdater.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\unins000.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\unins000.exe (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\uninstall.ico (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\updater.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\WinAV.xml (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\worldmap.swf (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\AWBase\vbpv.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\AWBase\database\enemies.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\PGBase\vbpv.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\BORLNDMM.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANADWR.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANBCDR.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANDLDR.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANDOS1.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANEMUL.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANFUNC.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANKRNL.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANMCR1.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANOTHR.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANSCR.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANTOOL.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANTROJ.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\SCANWIN1.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UNACPU.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UNADBX.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\unamscan.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UNMIME.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UNPACK.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UNPACKS.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UNPACKS2.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UNPEPACK.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\vbpv.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UpDate\UA27601.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UpDate\UA27602.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UpDate\UA27603.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UpDate\UA27604.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\plugins\UpDate\UADAILY.DLL (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\res\cross.gif (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\winantivirus pro 2007\res\wa7p.gif (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\common files\winantivirus pro 2007\atl71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\common files\winantivirus pro 2007\err.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\common files\winantivirus pro 2007\mfc71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\common files\winantivirus pro 2007\msvcp71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\common files\winantivirus pro 2007\msvcr71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\common files\winantivirus pro 2007\SpOrder.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. d:\documents and settings\all users\application data\winantivirus pro 2007\Data\Abbr (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. d:\documents and settings\all users\application data\winantivirus pro 2007\Data\ProductCode (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Activate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\atl71.dll (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\AV.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\bnlink.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\err.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\lapv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\license.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\manual.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\pv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\readme.rtf (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\remnag.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\ResErrors.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\ScanReport.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Schedule.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\sr.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\support.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\UDC.xml (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\UDC6M.url (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\unins000.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\unins000.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\uninstall.ico (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\updater.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\AE_CD_Cr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\AReadr4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\AReadr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\ASDSEEpv.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\ASPack.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\Babylon.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\BDelphi5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\CatchUp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\CBuildr5.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\CCGA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\CManager.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\CuteFTP4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\CuteHTML.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\DAcceler.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\DiscJug.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\ECDCreat4.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\Far.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\FFTsks.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\FlashFXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\FrntPage.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\FrontPEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\FtpEXP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\FtpVoya.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\GetRight.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\GoZilla.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\GravMRU.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\HomeSite.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\HotDogPr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\H_TxtPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\IconExtr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\iMesh.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\ImgReady3.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\InsShExp.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\JASC_P_P.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\KaZaA.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\LView.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MacDir.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MacDrWea.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MicAng.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MicDes.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MMUnDisk.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MM_CON.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\Morpheus.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MPaint.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MPicPub.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MPImaGal.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MSExplorer.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MSoffice.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MSRegEdit.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MSWMP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\MSWordPad.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\Nero.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\NetShow.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\NTBackup.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\pfilelst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\PhotShel.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\PHPCoder.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\PowerZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\RapidBr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\RealAuPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\RealDown.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\SecurCRT.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\SL_BlWin.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\SmartClr.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\Sonique.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\StuffIt.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\TelepPro.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\UGifAnim.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\UltraEd.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\UMedStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\UPhImpV.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\UPhotoEx.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\UVidStud.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\VNC.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\WebFeret.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\WebReap.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\WinACE.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\WinGate.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\WinRAR.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\WinZIP.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\WiseInst.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\wordslst.xda (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\YahooPl.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. c:\program files\drivecleaner free\Appbase\ZipMagic.dat (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\drivecleaner free\Deinstallieren DriveCleaner.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\drivecleaner free\DriveCleaner Online Anleitung.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\drivecleaner free\DriveCleaner Online Hilfe.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\drivecleaner free\DriveCleaner Startseite.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\drivecleaner free\DriveCleaner.lnk (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\winantivirus pro 2007\Handleiding WinAntiVirus Pro 2007.lnk (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\winantivirus pro 2007\Reinstalleren WinAntiVirus Pro 2007.lnk (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. d:\documents and settings\all users\menu start\programma's\winantivirus pro 2007\WinAntiVirus Pro 2007.lnk (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. d:\documents and settings\annemarie\application data\drivecleaner free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\huub de boer\application data\drivecleaner free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\sander\application data\drivecleaner free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\tim\application data\drivecleaner free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully. d:\documents and settings\huub de boer\menu start\programma's\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully. c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. d:\documents and settings\huub de boer\bureaublad\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully. D:\Documents and Settings\Huub de Boer\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully. D:\Documents and Settings\Huub de Boer\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot. d:\documents and settings\all users\bureaublad\WinAntiVirus Pro 2007.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cgmopenbho.dll (Trojan.BHO) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:59:47, on 16-7-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\apps\ABoard\AOSD.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ulead AutoDetector v2] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Update Service (gupdate1c983915bfaec3c) (gupdate1c983915bfaec3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10089 bytes Groet van Hanna

Hallo Kape, Met de usb stick kon ik via Boot op de een of andere manier wel in de veilige modus komen en daar heb ik HiJackThis geinstalleerd. Hieronder volgt de logfile. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:08:38, on 16-7-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.home.nl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Metaweb CGM Fragment BHO - {0695F52A-89A2-4246-81B5-AFAD2D3B865F} - C:\PROGRA~1\Ematek\MetaWeb\MetaBHO.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - (no file) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ulead AutoDetector v2] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [updateWin] C:\WINDOWS\system32\acodep.exe O4 - HKLM\..\Run: [runsql] C:\WINDOWS\runsql.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe O4 - HKLM\..\Run: [16522034] D:\Documents and Settings\All Users\Application Data\16522034\16522034.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunServices: [updateWin] C:\WINDOWS\system32\acodep.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm427YYNL O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Toevoegen aan Mobiele favorieten - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Toevoegen aan Mobiele favorieten... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file) O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - D:\DOCUME~1\HUUBDE~1\LOCALS~1\Temp\wndutl32.dll (file missing) O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Update Service (gupdate1c983915bfaec3c) (gupdate1c983915bfaec3c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9872 bytes Groet van Hanna

Hallo Kape, Fijn dat je me wilt helpen. Ik heb HiJackThis gedownd en op een usb stick gezet. Daarna wilde ik de geinfecteerde computer opstarten ik de veilige modus, wat gisteren wel lukte, maar vandaag dus niet meer... Ik krijg het volgende in het scherm Boot Menu Select a boot first device +hard disk CD rom Ik klik dan op hard disk en enter en dan komt er weer in het scherm te staan: Select a boot first device CHOM:st3160021A Bootable Add.in Cards Ik klik dan op: CHOM:st3160021A en enter. Dan start Windows normaal op. Als ik op Bootable Add.in Cards klik geeft hij een foutmelding en kom ik weer terug bij de keuze van Hard disk/CDrom Op deze manier kom ik dus niet in de veilige modus. Daarom heb ik nog iets anders geprobeerd. Klik op start en uitvoeren, voer in: MSconfig en enter. Helaas geeft het systeem dan meteen de melding dat dit niet lukt omdat MSconfig besmet is..... Heb jij nog een oplossing om in de veilige modus te komen? Nog even ter info: Het gaat om een Packard Bell computer waar Windows XP op staat. Groet van Hanna

Hallo, Ja ik kan opstarten in de veilige modus.

Hallo, Net zoals meer mensen heb ik ook een computer waar System Security2009 zich in heeft genesteld. Het bureaublad is blauw met allerlei meldingen dat de compu geinfecteerd is en met grote letters staat er: Warning. Het programma start meteen een scan waarna duidelijk wordt dat ik last heb van ik weet niet hoeveel wormen, trojans enz. Helaas kan ik geen enkel programma openen,wat ik ook aan klik. Ook mijn antivirus programma werkt dus niet meer. Ik ben op een andere computer al druk aan het Googelen geweest en kwam toen o.a. hier terecht. Ik las dat het topiq al vaker aan de beurt is geweest maar met wat ik tot nu toe heb gelezen weet ik nog steeds niet wat ik nu moet doen. Ik kan namelijk van een usb stick ook geen programmaatje openen...Heeft iemand ook een oplossing voor mij? Groet, Hanna