Vraag & Antwoord

Beveiliging & privacy

Geen startbalk en desktop icoontjes

17 antwoorden
  • Heb op een laptop van een vriend geen startbalk en desktop icoontjes meer. Heb zelf wat dingen geprobeerd maar kom er niet uit. Kan allen via control+alt+delete programma's openen. Heb adaware en virusscanner erover heen gegooid, maar niks bijzonders gevonden. Tot +/- ee week geleden heeft hier nooit iets van beveiliging opgestaan. AVG werd geinstalleerd, maar gaf sindsdien problemen. Hier een hijak this logje: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:30:21, on 20-4-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [bbSysTray] C:\Program Files\Philips\Extern station\Blue Button\bbSysTray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?3bc06cb946b447948153d03ed960606e O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?3bc06cb946b447948153d03ed960606e O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/4735/defaults/activex/ips/IPSUploader4.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • jaaah dat is focktop probeer trojan remover http://www.simplysup.com/
  • aandelen simplysup zeker? :? is er iemand die mss naar mijn loggie kan kijken? alvast bedankt!
  • [quote:4cdbcf4eca="UntouchableFire"]aandelen simplysup zeker? :? is er iemand die mss naar mijn loggie kan kijken? alvast bedankt![/quote:4cdbcf4eca] 8) Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:4cdbcf4eca] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) [/b:4cdbcf4eca] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. [b:4cdbcf4eca][color=blue:4cdbcf4eca]Je Java software is verouderd.[/color:4cdbcf4eca][/b:4cdbcf4eca] Oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem. [b:4cdbcf4eca]Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:[/b:4cdbcf4eca][list][*]Download [url=http://java.sun.com/javase/downloads/index.jsp][b:4cdbcf4eca][color=blue:4cdbcf4eca]Java Runtime Environment (JRE) 6 Update 13[/color:4cdbcf4eca][/b:4cdbcf4eca][/url]. [list:4cdbcf4eca][*:4cdbcf4eca]Scroll omlaag naar : "[i:4cdbcf4eca]Java SE Runtime Environment (JRE) 6 Update 13[/i:4cdbcf4eca]". [*:4cdbcf4eca]Klik op de "[b:4cdbcf4eca]Download[/b:4cdbcf4eca]" knop aan de rechterkant. [*:4cdbcf4eca]In het uitklapmenu rechts naast [b:4cdbcf4eca]Platform[/b:4cdbcf4eca], selecteer [color=blue:4cdbcf4eca][b:4cdbcf4eca]Windows[/b:4cdbcf4eca][/color:4cdbcf4eca] [*:4cdbcf4eca]Vink aan: "[b:4cdbcf4eca]I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement[/b:4cdbcf4eca]", en klik op [b:4cdbcf4eca]Continue[/b:4cdbcf4eca]. [*:4cdbcf4eca]De pagina zal herladen. [*:4cdbcf4eca]Klik op de [b:4cdbcf4eca]jre-6u13-windows-i586-p.exe[/b:4cdbcf4eca] link ONDER [b:4cdbcf4eca]Windows Offline Installation[/b:4cdbcf4eca] en bewaar het naar je Bureaublad. [*:4cdbcf4eca]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:4cdbcf4eca]Ga dan naar [b:4cdbcf4eca]Start[/b:4cdbcf4eca] > [b:4cdbcf4eca]Configuratiescherm[/b:4cdbcf4eca] > [b:4cdbcf4eca]Software[/b:4cdbcf4eca] en verwijder alle oudere versies van Java uit de Softwarelijst. [*:4cdbcf4eca]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:4cdbcf4eca]Klik dan op [b:4cdbcf4eca]Verwijderen[/b:4cdbcf4eca] of op de [b:4cdbcf4eca]Wijzig/Verwijder[/b:4cdbcf4eca] knop. [*:4cdbcf4eca]Herhaal dit tot alle oudere versies verdwenen zijn. [*:4cdbcf4eca]Na het verwijderen van alle oudere versies, [b:4cdbcf4eca]herstart[/b:4cdbcf4eca] je pc. [*:4cdbcf4eca]Dubbelklik vervolgens op [b:4cdbcf4eca]jre-6u13-windows-i586-p.exe[/b:4cdbcf4eca] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:4cdbcf4eca] plaats een nieuw HJT logje
  • Hey juisterr, alvast bedankt voor je meedenken; hier is het nieuwe logje; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:40:26, on 21-4-2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [bbSysTray] C:\Program Files\Philips\Extern station\Blue Button\bbSysTray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [KB923561] rundll32.exe apphelp.dll,ShimFlushCache O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mediacontrole Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?3bc06cb946b447948153d03ed960606e O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?3bc06cb946b447948153d03ed960606e O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/4735/defaults/activex/ips/IPSUploader4.cab O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (Confirmation) - http://quickscan.bitdefender.com/cab/ActiveQscan.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9958 bytes
  • verder geen directe bedreigingen eigenlijk. Nog ergens last van ?
  • euh ja.. geen startbalk en desktop icoontjes lol explorer.exe waar het mee te maken heeft denk ik wil niet starten
  • niks geen lol, probeer dit eens. [list=1:7a0300f474] [*:7a0300f474]Klik in het menu [b:7a0300f474] Extra[/b:7a0300f474] op[b:7a0300f474] Internet-opties. [/b:7a0300f474] [*:7a0300f474]Klik op het tabblad [b:7a0300f474] Geavanceerd[/b:7a0300f474] op[b:7a0300f474] Reset. [/b:7a0300f474] [*:7a0300f474]Klik in het dialoogvenster [b:7a0300f474] Reset Internet Explorer Settings[/b:7a0300f474] op [b:7a0300f474] Reset. [/b:7a0300f474] [*:7a0300f474]Wanneer de standaardinstellingen van Internet Explorer 7 zijn hersteld, klikt u op [b:7a0300f474] Sluiten[/b:7a0300f474] en vervolgens tweemaal op [b:7a0300f474] OK.[/b:7a0300f474] [*:7a0300f474]Sluit Internet Explorer 7. De wijzigingen worden doorgevoerd wanneer u Internet Explorer 7 de volgende keer opent. [*:7a0300f474][b:7a0300f474] Opmerking [/b:7a0300f474] Als u Internet Explorer 7 om enigerlei reden niet kunt starten, gebruikt u [url=http://support.microsoft.com/kb/923737/nl]RIES[/url] in [b:7a0300f474] Internet-opties [/b:7a0300f474] in het Configuratiescherm.[/list:o:7a0300f474]
  • ik bedoel windows explorer.exe en niet internet explorer.exe, of heeft dat er niks mee te maken?
  • probeer maar, het kan zeker geen kwaad, ik weet niet waar de fout vandaan komt dus er moet worden uitgeprobeerd.
  • IE 6 staat er nog op, is dat een probleem?
  • denk niet dat hij het dan doet , probeerd anders dit eens. Download [b:11768055ae][u:11768055ae][url=http://download.chip.eu/nl/download_nl_1520438.html][color=Blue:11768055ae]Dial-a-fix[/color:11768055ae][/url][/u:11768055ae][/b:11768055ae] en pak beide bestanden in hun eigen map uit naar je Bureaublad.[list:11768055ae]In de map [b:11768055ae]Dial-a-fix-v0.60.0.24[/b:11768055ae], dubbelklik op [b:11768055ae]Dial-a-fix.exe[/b:11768055ae] In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all). Klik daarna op "GO" en laat de tool alle instellingen terugzetten. Sluit dit venster na afloop door onderaan op "Exit" te klikken.[/list:u:11768055ae]
  • progje laten lopen en opnieuw opgestart, maar nog steeds geen start balk en desktop icoontjes.
  • apart Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:5c12f9a68d][color=blue:5c12f9a68d]Combofix[/color:5c12f9a68d][/b:5c12f9a68d][/url] naar je Bureaublad en gebruik het volgens [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url]. [i:5c12f9a68d][color=Red:5c12f9a68d]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:5c12f9a68d]download Combofix opnieuw[/b:5c12f9a68d]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:5c12f9a68d][/i:5c12f9a68d][list:5c12f9a68d][*:5c12f9a68d]Dubbelklik op [b:5c12f9a68d]Combofix.exe[/b:5c12f9a68d] om het te starten. [*:5c12f9a68d][i:5c12f9a68d]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:5c12f9a68d] [*:5c12f9a68d]Klik op [b:5c12f9a68d]OK[/b:5c12f9a68d] in het "NirCmd" venstertje. [*:5c12f9a68d][i:5c12f9a68d]Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op [b:5c12f9a68d]JA[/b:5c12f9a68d] te klikken in het "Query - Recovery Console" venster.[/i:5c12f9a68d] [*:5c12f9a68d]Klik op [b:5c12f9a68d]OK[/b:5c12f9a68d] en [b:5c12f9a68d]Ja[/b:5c12f9a68d] om automatisch de Recovery Console te laten installeren. [*:5c12f9a68d]Klik na afloop terug op [b:5c12f9a68d]Ja[/b:5c12f9a68d] om het scannen op malware te starten. [*:5c12f9a68d]Tijdens het runnen van de fix, [b:5c12f9a68d]NIET[/b:5c12f9a68d] in het venster klikken, want dit zal je pc doen vasthangen. [*:5c12f9a68d]Wanneer de fix voltooid is en na herstart, zal de log [b:5c12f9a68d]Combofix.txt[/b:5c12f9a68d] openen.[/list:u:5c12f9a68d]Post dit logje in je volgende antwoord.
  • Hey, nogmaals bedankt voor alle moeite die je neemt. Morgen ga ik hiermee verder, vandaag helaas geen tijd :)
  • neem je tijd.
  • Hey, toch nog even tijd vanavond. Ik heb je instructies opegevolgd en op het moment zijn de startbalk en icoontjes terug. Ik ga zo nog even opnieuw opstarten om te kijken of dat zo blijft. Hieronder het gevraagde logje; ComboFix 09-04-23.02 - Administrator 22-04-2009 21:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.1015.661 [GMT 2:00] Gestart vanuit: c:\documents and settings\Administrator\Desktop\ComboFix.exe * Nieuw herstelpunt werd aangemaakt . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Microsoft Common c:\windows\IE4 Error Log.txt . (((((((((((((((((((( Bestanden Gemaakt van 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))) . 2009-04-21 14:57 . 2009-04-22 19:29 -------- d-----w c:\windows\system32\CatRoot2 2009-04-21 13:39 . 2009-04-21 13:39 73728 ----a-w c:\windows\system32\javacpl.cpl 2009-04-21 13:39 . 2009-04-21 13:39 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-20 13:15 . 2009-04-20 13:15 -------- d-----w c:\windows\system32\en 2009-04-20 13:15 . 2009-04-20 13:15 -------- d-----w c:\windows\system32\bits 2009-04-20 12:22 . 2009-04-20 12:22 -------- d-----w c:\windows\system32\scripting 2009-04-20 12:21 . 2009-04-20 12:21 -------- d-----w c:\windows\l2schemas 2009-04-20 12:18 . 2009-04-20 12:22 -------- d-----w c:\windows\ServicePackFiles 2009-04-20 11:50 . 2009-04-20 13:11 -------- d-----w c:\documents and settings\Administrator\Application Data\OfficeUpdate12 2009-04-20 09:40 . 2009-04-20 09:40 -------- d-----w c:\documents and settings\Administrator\Application Data\QuickScan 2009-04-19 21:42 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-04-19 21:08 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-04-19 21:06 . 2009-04-20 13:11 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-04-19 21:06 . 2009-04-20 13:11 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-04-15 13:36 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-15 13:36 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 13:36 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 13:36 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 13:36 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe 2009-04-15 13:36 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-15 13:36 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 13:36 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 13:36 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 13:36 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 13:36 . 2009-02-06 11:06 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-15 13:36 . 2009-02-06 11:08 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-15 13:35 . 2009-02-06 10:32 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-15 13:27 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 13:27 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 13:27 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-04 18:48 . 2009-04-20 13:08 -------- d-----w c:\documents and settings\Administrator\.housecall6.6 2009-04-02 20:39 . 2009-04-02 20:48 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 19:30 . 2009-04-19 21:46 4252 ----a-w C:\aaw7boot.log 2009-04-22 19:01 . 2009-01-11 12:31 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-04-21 13:39 . 2009-04-21 13:39 -------- d-----w c:\program files\Java 2009-04-20 12:26 . 2004-08-07 13:12 254623 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-20 12:14 . 2002-08-29 07:00 250048 --sh--r C:\ntldr 2009-04-19 23:30 . 2009-04-19 23:30 -------- d-----w c:\program files\Trend Micro 2009-04-19 21:52 . 2009-04-19 21:52 -------- d-----w c:\program files\Alwil Software 2009-04-19 21:06 . 2009-04-19 21:06 -------- d-----w c:\program files\Lavasoft 2009-04-15 13:24 . 2006-09-04 19:31 232 ---ha-w C:\sqmdata02.sqm 2009-04-15 13:24 . 2006-09-04 17:47 244 ---ha-w C:\sqmnoopt00.sqm 2009-04-14 11:22 . 2006-09-30 23:17 244 ---ha-w C:\sqmnoopt19.sqm 2009-04-14 11:22 . 2006-09-04 19:31 232 ---ha-w C:\sqmdata01.sqm 2009-04-08 08:28 . 2006-09-29 21:44 244 ---ha-w C:\sqmnoopt18.sqm 2009-04-08 08:28 . 2006-09-04 17:47 232 ---ha-w C:\sqmdata00.sqm 2009-04-05 19:22 . 2006-09-30 23:17 232 ---ha-w C:\sqmdata19.sqm 2009-04-05 19:22 . 2006-09-29 21:44 244 ---ha-w C:\sqmnoopt17.sqm 2009-04-04 09:34 . 2006-09-29 21:44 232 ---ha-w C:\sqmdata18.sqm 2009-04-04 09:34 . 2006-09-28 15:38 244 ---ha-w C:\sqmnoopt16.sqm 2009-04-04 09:26 . 2006-09-29 21:44 232 ---ha-w C:\sqmdata17.sqm 2009-04-04 09:26 . 2006-09-28 15:37 244 ---ha-w C:\sqmnoopt15.sqm 2009-04-04 09:24 . 2006-09-28 15:38 232 ---ha-w C:\sqmdata16.sqm 2009-04-04 09:24 . 2006-09-11 07:00 244 ---ha-w C:\sqmnoopt14.sqm 2009-04-04 09:23 . 2006-09-28 15:37 232 ---ha-w C:\sqmdata15.sqm 2009-04-04 09:23 . 2006-09-10 19:28 244 ---ha-w C:\sqmnoopt13.sqm 2009-04-04 09:23 . 2006-09-11 07:00 232 ---ha-w C:\sqmdata14.sqm 2009-04-04 09:23 . 2006-09-10 19:28 244 ---ha-w C:\sqmnoopt12.sqm 2009-04-04 09:23 . 2006-09-10 19:28 232 ---ha-w C:\sqmdata13.sqm 2009-04-04 09:23 . 2006-09-09 12:42 244 ---ha-w C:\sqmnoopt11.sqm 2009-03-28 10:36 . 2008-04-28 20:39 -------- d-----w c:\program files\PokerStars 2009-03-24 17:04 . 2006-03-25 08:08 -------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-03-22 17:12 . 2006-09-10 19:28 232 ---ha-w C:\sqmdata12.sqm 2009-03-22 17:12 . 2006-09-09 06:41 244 ---ha-w C:\sqmnoopt10.sqm 2009-03-22 17:12 . 2006-09-09 12:42 232 ---ha-w C:\sqmdata11.sqm 2009-03-22 17:12 . 2006-09-07 22:21 244 ---ha-w C:\sqmnoopt09.sqm 2009-03-22 17:08 . 2006-09-09 06:41 232 ---ha-w C:\sqmdata10.sqm 2009-03-22 17:08 . 2006-09-07 18:36 244 ---ha-w C:\sqmnoopt08.sqm 2009-03-21 14:51 . 2006-09-07 22:21 232 ---ha-w C:\sqmdata09.sqm 2009-03-21 14:51 . 2006-09-07 18:36 244 ---ha-w C:\sqmnoopt07.sqm 2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll 2009-03-20 21:08 . 2006-09-07 18:36 232 ---ha-w C:\sqmdata08.sqm 2009-03-20 21:08 . 2006-09-07 18:35 244 ---ha-w C:\sqmnoopt06.sqm 2009-03-20 21:08 . 2006-09-07 18:36 232 ---ha-w C:\sqmdata07.sqm 2009-03-20 21:08 . 2006-09-07 10:44 244 ---ha-w C:\sqmnoopt05.sqm 2009-03-20 21:08 . 2006-09-07 18:35 232 ---ha-w C:\sqmdata06.sqm 2009-03-20 21:08 . 2006-09-07 10:44 244 ---ha-w C:\sqmnoopt04.sqm 2009-03-20 21:07 . 2006-09-07 10:44 232 ---ha-w C:\sqmdata05.sqm 2009-03-20 21:07 . 2006-09-04 19:54 244 ---ha-w C:\sqmnoopt03.sqm 2009-03-20 21:07 . 2006-09-07 10:44 232 ---ha-w C:\sqmdata04.sqm 2009-03-20 21:07 . 2006-09-04 19:31 244 ---ha-w C:\sqmnoopt02.sqm 2009-03-16 16:42 . 2009-03-16 16:42 524288 ----a-w c:\windows\opuc.dll 2009-03-06 14:22 . 2004-08-04 08:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-04 17:50 . 2006-09-04 19:54 268 ---ha-w C:\sqmdata03.sqm 2009-03-04 17:50 . 2006-09-04 19:31 244 ---ha-w C:\sqmnoopt01.sqm 2009-03-02 23:04 . 2008-08-20 05:30 1499136 ------w c:\windows\system32\dllcache\shdocvw.dll 2009-02-20 08:11 . 2008-04-21 06:44 3068416 ------w c:\windows\system32\dllcache\mshtml.dll 2009-02-20 08:10 . 2008-08-20 05:30 619520 ------w c:\windows\system32\dllcache\urlmon.dll 2009-02-20 08:10 . 2008-04-21 06:44 666112 ------w c:\windows\system32\dllcache\wininet.dll 2009-02-20 08:10 . 2004-08-04 08:00 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2009-02-20 08:10 81920 ------w c:\windows\system32\dllcache\ieencode.dll 2009-02-20 08:10 . 2004-08-04 08:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2004-08-04 08:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2004-08-04 08:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2004-08-04 08:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2004-08-04 08:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2008-12-09 17:42 1846784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-09 11:13 . 2004-08-04 08:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-07 17:02 . 2009-02-07 17:02 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-07 17:02 . 2004-08-04 08:00 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-06 11:11 . 2004-08-04 08:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:08 . 2004-08-04 08:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2004-08-04 08:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll 2009-02-03 19:59 . 2004-08-04 08:00 56832 ----a-w c:\windows\system32\secur32.dll 2008-07-11 10:07 . 2005-12-14 21:31 60504 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2005-09-29 15:52 . 2006-10-19 21:19 136 ----a-w c:\documents and settings\Jeroen\Local Settings\Application Data\fusioncache.dat 2005-09-29 15:52 . 2005-09-29 15:52 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-06-12 20002856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-21 126976] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-19 233534] "hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-09 790528] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 184320] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-24 20480] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 32768] "bbSysTray"="c:\program files\Philips\Extern station\Blue Button\bbSysTray.exe" [2002-06-06 77915] "AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-07-31 684032] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-07 30192] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-8-18 344064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2005-10-5 184320] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-10-24 169472] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-07 30192] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 272128] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2004-05-03 80384] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f5177a6-a128-11dc-8988-0012f096cfbf}] \Shell\Auto\command - MSOCache\doWTP_RESTORE.exe -autorun \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe -autorun [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4529fcdc-dd05-11dd-89de-00143813974d}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe \Shell\Explore\command - F:\system.exe \Shell\Open\command - F:\system.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bfaac01-e0dc-11dd-89e1-0012f096cfbf}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe \Shell\Explore\command - E:\system.exe \Shell\Open\command - E:\system.exe . Inhoud van de 'Gedeelde Taken' map 2009-04-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06] 2009-04-21 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-04-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 21:30] . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-WebCamRT.exe - (no file) . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hp.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Page_URL = hxxp://www.hp.com mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Openen in een nieuwe achtergrondtab - c:\program files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?3bc06cb946b447948153d03ed960606e IE: Openen in een nieuwe voorgrondtab - c:\program files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?3bc06cb946b447948153d03ed960606e DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/4735/defaults/activex/ips/IPSUploader4.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-22 21:31 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ?4?B?????????????hLC? ?????? scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-106071749-1716406200-1298410500-500\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-106071749-1716406200-1298410500-500\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-106071749-1716406200-1298410500-500\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-106071749-1716406200-1298410500-500\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-106071749-1716406200-1298410500-500\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*] "3140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\scardsvr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\windows\system32\msiexec.exe c:\windows\system32\Macromed\Flash\FlashUtil9f.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe . ************************************************************************** . Voltooingstijd: 2009-04-22 21:37 - machine werd herstart ComboFix-quarantined-files.txt 2009-04-22 19:37 Pre-Run: 17.602.895.872 bytes free Post-Run: 17.581.133.824 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 308 --- E O F --- 2009-04-21 18:57

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.