imkeren

Wabbit, Welke installatieschijf bedoel je ? Herinner dat ik enkel een 'recovery CD' heb van mijn OS (zie foto) om terug naar de fabrieksinstellingen te gaan. Verder heb ik een CD Windows/XP Professionel. Is het de tweede CD die je bedoelt, en kan ik dan niets overschrijven of beschadigen ? Gtjes Imker PS Inderdaad het probleem is nog altijd aanwezig.

Wabbit Heb Scannow kunnen uitvoeren met een Windows/XP Professionel CD, maar : > Regelmatig 'Probeer opnieuw' icoon moeten klikken om verder te gaan > Geen Logfile na uitvoering, heb geen bericht gezien omdat ik niet aan de PC zat (duurt uren) Wat denkt U ? Heb nog geen idee of er iets veranderd is. Mvg Imker

Dat was een vergissing Wabbit.......is inderdaad niet opgelost..............heb met verschillende versie OS geprobeerd, maar systeem zegt telkens 'ingeldige CD'.......dus ik vrees dat ik echt in een 'path' stelling zit ? Mocht je nog suggesties hebben zijn ze zéér welkom...........uiteindelijk nieuwe systeem generatie ?! Imker

Wabbit, Ben er ondertussen wel in geslaagd om in 'administrator mode' Scannow uit te voeren. Mijn probleem is dat ik een Medion computer heb, met enkel een 'recovery' CD van Windows/XP, dus wanneer er door Scannow gevraagd wordt naar de CDROM van Windows/XP zegt hij telkens 'verkeerde CD'. Dit wordt dus niks met Scannow ? Als je nog andere toverstokjes hebt dan is het nu het moment om deze te gebruiken ! Gtjes Imker:hmmmm:

Wabbit, In normale mode kan ik blijkbaar niet als administrator aanloggen, enkel als eigenaar. En Scannow kan blijkbaar enkel onder 'adminstrator' uitgevoerd worden. In veilige modus kan ik wel kiezen tussen 'eigenaar' en 'adminstrator', maar in veilige modus kan Scannow eveneens niet uitgevoerd worden. Zie jij oplossing ? Gtjes Imker

Effe geduld Wabbit.......ik moet eerst in 'normale modus ' kunnen opstarten, want niet mogelijk in 'Veilige modus'. Gtjes Imker

Dag Kape, Het resultaat is nog altijd idem; ik moet eerst in veilige modus starten en na geruime tijd kan ik via een software herstart naar normale modus gaan. Dwz dat er dus iets is dat de normale modus verhindert. Het vreemde is dat het Windows scherm normaal wordt getoond, maar de stap waarbij Explorer dient te worden gestart die wordt niet uitgevoerd, hoe lang ik ook wacht, het scherm blijft zwart. Het komt er dus op aan om te ontdekken welk programma Explorer belet om te starten denk ik. Wat is hierover jou mening ? Mvg Imker:hmpf:

In bijlage de gevraagde logfile. Ik hoop dat je hier verder een analyse kunt maken ? Zeer erg bedankt en gtjes Imker Combofix181111-2.txt

Wabbit, Hier de gevraagde Logfiles Dank + gtjes Imker Combofix181111.txt hijackthis181111.txt

Bedankt hoor ! Eerste maal uitvoering Combofix fout (zie bijlage). Daarna MEMTEST uitgevoerd, geen fouten. Tweede maal ok, zie logfiles in bijlage. Gtjes Imker:adore: ComboFix.txt hijackthis171111.txt

Heb ondertuussen in veilige modus Combofix uitgevoerd, en ziehier resultaat : ComboFix 11-11-15.06 - Eigenaar 16-11-2011 9:16.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.510.236 [GMT 1:00] Gestart vanuit: c:\mijn documenten\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . ADS - WINDOWS: deleted 192 bytes in 1 streams. . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users.WINDOWS\Application Data\QuestScan c:\documents and settings\All Users.WINDOWS\Menu Start\HP Image Zone .lnk c:\documents and settings\Eigenaar.OMA\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk c:\documents and settings\Eigenaar.OMA\WINDOWS c:\documents and settings\Eigenaar\WINDOWS c:\documents and settings\Yolande\WINDOWS C:\install.exe c:\program files\QuestScan c:\windows\IsUn0413.exe c:\windows\unin0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))) . . 2011-11-16 07:59 . 2011-11-16 07:59 -------- d--h--r- c:\documents and settings\Eigenaar\Onlangs geopend 2011-11-11 22:17 . 2011-11-11 22:18 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\vlc 2011-11-11 22:17 . 2011-11-11 22:17 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Ilivid Player 2011-11-11 22:17 . 2011-11-11 22:17 -------- d-----w- c:\documents and settings\Eigenaar\AppData 2011-11-11 22:17 . 2011-11-11 22:17 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\searchquband 2011-11-11 22:14 . 2011-11-11 22:24 -------- d-----w- c:\program files\iLivid 2011-11-11 22:13 . 2011-11-11 22:17 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\searchqutoolbar 2011-11-11 22:13 . 2011-11-11 22:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\boost_interprocess 2011-11-11 22:13 . 2011-11-11 22:14 -------- d-----w- c:\program files\Windows iLivid Toolbar 2011-11-11 22:13 . 2011-11-11 22:13 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\PackageAware 2011-11-11 11:50 . 2011-11-11 11:50 -------- d-----w- c:\documents and settings\Eigenaar\Local Settings\Application Data\Babylon 2011-11-11 11:50 . 2011-11-11 11:50 -------- d-----w- c:\documents and settings\Eigenaar\Application Data\Babylon 2011-11-11 11:50 . 2011-11-11 11:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Babylon 2011-11-02 10:16 . 2011-11-02 10:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-14 14:45 . 2011-10-14 14:45 53248 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-10-14 14:44 . 2011-10-14 14:44 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2011-09-26 09:41 . 2011-04-05 02:55 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2011-04-05 02:55 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-23 08:04 . 2011-04-04 21:16 28256 ----a-w- c:\windows\system32\drivers\MxlW2k.sys 2011-09-09 09:12 . 2011-04-05 02:54 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 14:09 . 2011-04-05 02:56 1859072 ----a-w- c:\windows\system32\win32k.sys 2011-09-01 10:17 . 2011-09-01 10:17 1409 ----a-w- c:\windows\system32\tmpF53F2.FOT 2011-09-01 10:17 . 2011-09-01 10:17 1409 ----a-w- c:\windows\system32\tmpB51F2.FOT 2011-09-01 10:17 . 2011-09-01 10:17 1409 ----a-w- c:\windows\system32\tmp552F2.FOT 2011-09-01 10:17 . 2011-09-01 10:17 1409 ----a-w- c:\windows\system32\tmpDE3E2.FOT 2011-09-01 10:17 . 2011-09-01 10:17 1409 ----a-w- c:\windows\system32\tmpBC1E2.FOT 2011-09-01 10:17 . 2011-09-01 10:17 1409 ----a-w- c:\windows\system32\tmpFEBD2.FOT 2011-09-01 10:17 . 2011-09-01 10:17 1409 ----a-w- c:\windows\system32\tmpA1AD2.FOT 2011-09-01 09:00 . 2011-09-01 09:00 1409 ----a-w- c:\windows\system32\tmp7F7B3.FOT 2011-09-01 09:00 . 2011-09-01 09:00 1409 ----a-w- c:\windows\system32\tmp2C8B3.FOT 2011-09-01 09:00 . 2011-09-01 09:00 1409 ----a-w- c:\windows\system32\tmpF86B3.FOT 2011-09-01 09:00 . 2011-09-01 09:00 1409 ----a-w- c:\windows\system32\tmpB47B3.FOT 2011-09-01 09:00 . 2011-09-01 09:00 1409 ----a-w- c:\windows\system32\tmp685B3.FOT 2011-09-01 09:00 . 2011-09-01 09:00 1409 ----a-w- c:\windows\system32\tmp433B3.FOT 2011-09-01 09:00 . 2011-09-01 09:00 1409 ----a-w- c:\windows\system32\tmp03793.FOT 2011-09-01 08:51 . 2011-09-01 08:51 1409 ----a-w- c:\windows\system32\tmp4B286.FOT 2011-09-01 08:51 . 2011-09-01 08:51 1409 ----a-w- c:\windows\system32\tmp4A286.FOT 2011-09-01 08:51 . 2011-09-01 08:51 1409 ----a-w- c:\windows\system32\tmp2F286.FOT 2011-09-01 08:51 . 2011-09-01 08:51 1409 ----a-w- c:\windows\system32\tmp20386.FOT 2011-09-01 08:51 . 2011-09-01 08:51 1409 ----a-w- c:\windows\system32\tmp13386.FOT 2011-09-01 08:51 . 2011-09-01 08:51 1409 ----a-w- c:\windows\system32\tmp12386.FOT 2011-09-01 08:51 . 2011-09-01 08:51 1409 ----a-w- c:\windows\system32\tmp11386.FOT 2011-09-01 08:00 . 2011-09-01 08:00 1409 ----a-w- c:\windows\system32\tmp23A03.FOT 2011-09-01 08:00 . 2011-09-01 08:00 1409 ----a-w- c:\windows\system32\tmp98603.FOT 2011-09-01 08:00 . 2011-09-01 08:00 1409 ----a-w- c:\windows\system32\tmp937E2.FOT 2011-09-01 08:00 . 2011-09-01 08:00 1409 ----a-w- c:\windows\system32\tmp0F0E2.FOT 2011-09-01 08:00 . 2011-09-01 08:00 1409 ----a-w- c:\windows\system32\tmp166D2.FOT 2011-09-01 08:00 . 2011-09-01 08:00 1409 ----a-w- c:\windows\system32\tmpBCFB2.FOT 2011-09-01 08:00 . 2011-09-01 08:00 1409 ----a-w- c:\windows\system32\tmp5ABB2.FOT 2011-09-01 07:27 . 2011-09-01 07:27 1409 ----a-w- c:\windows\system32\tmp65226.FOT 2011-09-01 07:27 . 2011-09-01 07:27 1409 ----a-w- c:\windows\system32\tmpB8126.FOT 2011-09-01 07:27 . 2011-09-01 07:27 1409 ----a-w- c:\windows\system32\tmp92F16.FOT 2011-09-01 07:27 . 2011-09-01 07:27 1409 ----a-w- c:\windows\system32\tmp40026.FOT 2011-09-01 07:27 . 2011-09-01 07:27 1409 ----a-w- c:\windows\system32\tmp0B026.FOT 2011-09-01 07:27 . 2011-09-01 07:27 1409 ----a-w- c:\windows\system32\tmpB4C16.FOT 2011-09-01 07:27 . 2011-09-01 07:27 1409 ----a-w- c:\windows\system32\tmp7FC16.FOT 2011-08-31 15:00 . 2011-04-06 12:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-26 08:19 . 2011-08-26 08:19 388096 ----a-r- c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-22 23:41 . 2011-04-05 02:56 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:41 . 2011-04-05 02:55 43520 ------w- c:\windows\system32\licmgr10.dll 2011-08-22 23:41 . 2011-04-05 02:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:58 . 2011-04-05 02:55 385024 ------w- c:\windows\system32\html.iec 2006-12-27 14:41 . 2006-12-27 14:41 36808256 -c--a-w- c:\program files\iTunesSetup.exe 2005-12-26 13:32 . 2005-12-26 13:31 9350344 -c--a-w- c:\program files\Install_MSN_Messenger.EXE 2005-04-17 18:22 . 2005-04-17 18:22 4354084 -c--a-w- c:\program files\spybotsd13.exe 2005-04-17 18:02 . 2005-04-17 18:01 2636408 -c--a-w- c:\program files\aawsepersonal.exe 2005-04-17 17:51 . 2005-04-17 17:50 2135885 -c--a-w- c:\program files\washandgo.exe 2011-03-18 18:03 . 2011-04-06 12:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680] . [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-09-01 07:16 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680] . [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776] "Cmaudio"="cmicnfg.cpl" [bU] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^RaConfig2500.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\RaConfig2500.lnk backup=c:\windows\pss\RaConfig2500.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2004-06-29 07:06 88363 ----a-w- c:\windows\AGRSMMSG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belgacom] 2008-05-29 08:18 202016 ----a-r- c:\program files\Belgacom\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM] 2007-09-28 12:32 318976 ----a-w- c:\program files\BySoft FreeRAM\FreeRAM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] cmicnfg.cpl [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen] 2010-10-14 08:11 487424 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2003-10-10 11:25 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] 2003-10-10 11:25 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2007-11-06 18:00 1626112 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] 2004-03-17 14:10 61952 ------w- c:\windows\system32\Hdaudpropshortcut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "VSS"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"= "c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 7:13 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 15:03 32592] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4-4-2011 23:59 297168] R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [7-4-2011 22:53 11672] S0 myyvcx;myyvcx;c:\windows\system32\drivers\qjlid.sys --> c:\windows\system32\drivers\qjlid.sys [?] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 5:41 248656] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18-8-2011 0:33 7390560] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 4:33 269520] S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [14-10-2011 15:43 12184] S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [5-4-2011 20:56 196912] S2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29-5-2008 9:18 202016] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14-4-2011 20:28 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 6:53 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 6:53 27216] S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [4-4-2011 21:56 1272000] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [25-8-2011 21:42 27064] S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [26-8-2011 12:18 1025352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://search.myheritage.com TCP: DhcpNameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\jovr3r8p.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) MSConfigStartUp-CHotkey - mHotkey.exe MSConfigStartUp-EM_EXEC - c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE MSConfigStartUp-ledpointer - CNYHKey.exe MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe MSConfigStartUp-PCMService - c:\program files\Home Cinema\PowerCinema\PCMService.exe AddRemove-Adobe Acrobat Reader 3.01 - c:\windows\unin0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-11-16 09:24 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2011-11-16 09:28:35 ComboFix-quarantined-files.txt 2011-11-16 08:28 . Pre-Run: 57.848.205.312 bytes beschikbaar Post-Run: 57.927.196.672 bytes beschikbaar . - - End Of File - - 036F68A7292064ABD9102E11ECBC66A9 Gtjes Imker

Beste Kape, Heb een dubbel probleem ivm vernieuwen Java : 1. Verwijderen Java lukt niet in veilige modus, zal dus moeten wachten tot ik nog eens in normale modus kan herstarten. 2. Combofix.exe : in heb al verschillende malen opnieuw gedownload, maar er verschijnt niks in bureaublad. Moet ik misschien 'opslaan' ipv 'uitvoeren' tijdens de download cyclus ? Sorry voor dit gedoe maar dit is momenteel het beste wat ik kan bereiken.............begin stilaan aan een herinstallatie van OS te denken ! Mvg Imker

Hartelijk bedankt Kape........dit zal voor na het weekend zijn.......laat weten wat het resultaat is. Gtjes Imker

Kape, Bedankt voor jouw snelle analyse. Ik heb wel enkele vragen : 1. Kan dit in 'Veilige modus'; ik weet namelijk niet zeker of ik onder elk beding in normale modus kan opstarten. 2. Ik begrijp het verband tussen veiligheid en JAVA niet goed; als de OS Firewall en AVG operationeel zijn, en Malware wordt periodisch uitgevoer, wat verandert Java dan aan deze bewaking ? 3. Enkel vragen over uw voorgestelde procedure : •Ga dan naar Start > Configuratiescherm > Software of Start > Configuratiescherm > Programma's en onderdelen (bij Vista) en verwijder alle oudere versies van Java uit de Softwarelijst. •Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. > Aanvinken, waar ? Bij software onderdelen ? Open een kladblokbestand. > Kladblok bestand ? Sleep CFScript.txt in ComboFix.exe > Hoe in Combofix slepen, combofix downloaden ? Bedankt en groetjes, Imker

ComboFix 11-02-22.05 - Eigenaar 23/02/2011 16:05:07.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.511.323 [GMT 1:00] Gestart vanuit: c:\mijn documenten\Mijn ontvangen bestanden\Combo-Fix.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users.WINDOWS\Menu Start\HP Image Zone .lnk c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\1.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\a.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\b.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\c.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\d.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\e.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\f.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\g.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\h.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\i.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\J.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\k.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\l.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\m.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\n.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\o.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\p.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\q.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\r.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\s.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\t.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\u.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\v.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\w.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\x.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\y.xml c:\documents and settings\Eigenaar.OMA\Application Data\PriceGong\Data\z.xml c:\windows\system32\AutoRun.inf Besmet exemplaar van c:\windows\system32\drivers\atapi.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty had a snack . (((((((((((((((((((( Bestanden Gemaakt van 2011-01-23 to 2011-02-23 )))))))))))))))))))))))))))))) . 2011-02-22 12:58 . 2011-02-22 12:58 -------- d-----w- c:\documents and settings\Eigenaar.OMA\Application Data\AVG9 2011-02-21 08:42 . 2011-02-21 08:42 -------- d-----w- c:\program files\Photo Story 3 for Windows 2011-02-18 09:00 . 2011-02-23 14:24 -------- d--h--r- c:\documents and settings\Eigenaar.OMA\Onlangs geopend 2011-02-01 10:36 . 2011-02-01 10:50 -------- d-----w- c:\documents and settings\Eigenaar.OMA\Local Settings\Application Data\ToggleDU 2011-02-01 10:36 . 2011-02-01 10:36 -------- d-----w- c:\program files\Conduit 2011-02-01 10:35 . 2011-02-01 10:50 -------- d-----w- c:\documents and settings\Eigenaar.OMA\Local Settings\Application Data\ConduitEngine 2011-02-01 10:35 . 2011-02-01 10:53 -------- d-----w- c:\program files\ToggleDU 2011-01-31 11:01 . 2011-01-31 11:01 68928 ----a-w- c:\windows\system32\NLSSRV32.EXE 2011-01-31 09:58 . 2011-01-31 09:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\top_media_palayer 2011-01-31 09:28 . 2011-01-31 09:28 -------- d-----w- c:\documents and settings\Eigenaar.OMA\Local Settings\Application Data\LQ Graphics, Inc 2011-01-30 21:26 . 2011-01-30 21:26 -------- d-----w- c:\documents and settings\Eigenaar.OMA\Local Settings\Application Data\Windows Live Writer 2011-01-30 21:26 . 2011-01-30 21:26 -------- d-----w- c:\documents and settings\Eigenaar.OMA\Application Data\Windows Live Writer 2011-01-30 16:31 . 2011-02-18 08:55 -------- d-----w- c:\documents and settings\Eigenaar.OMA\Tracing 2011-01-30 16:10 . 2011-01-30 16:10 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2011-01-30 16:07 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2011-01-30 16:06 . 2011-01-30 16:10 -------- d-----w- c:\program files\Microsoft 2011-01-30 15:38 . 2011-01-30 15:38 -------- d-----w- c:\program files\Common Files\Windows Live 2011-01-29 14:29 . 2011-02-18 08:45 -------- d-----w- c:\program files\WashAndGo 2011-01-27 11:01 . 2011-01-31 07:45 -------- d-----w- c:\program files\SweetIM 2011-01-27 10:55 . 2007-08-21 12:32 98304 ----a-w- c:\windows\system32\redmonnt.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-21 07:11 . 2004-08-03 22:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2011-02-08 13:04 . 2010-06-18 10:45 60152 ----a-w- c:\documents and settings\Eigenaar.OMA\Application Data\mdbu.bin 2011-01-31 10:59 . 2010-10-04 15:30 17728 ----a-w- c:\windows\system32\nitrolocalui.dll 2011-01-31 10:59 . 2010-10-04 15:30 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll 2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2006-12-27 14:41 . 2006-12-27 14:41 36808256 -c--a-w- c:\program files\iTunesSetup.exe 2005-12-26 13:32 . 2005-12-26 13:31 9350344 -c--a-w- c:\program files\Install_MSN_Messenger.EXE 2005-04-17 18:22 . 2005-04-17 18:22 4354084 -c--a-w- c:\program files\spybotsd13.exe 2005-04-17 18:02 . 2005-04-17 18:01 2636408 -c--a-w- c:\program files\aawsepersonal.exe 2005-04-17 17:51 . 2005-04-17 17:50 2135885 -c--a-w- c:\program files\washandgo.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\tbTog0.dll" [2010-12-09 3911776] [HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}] 2010-12-09 11:51 3911776 ----a-w- c:\program files\ToggleDU\tbTog0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}"= "c:\program files\ToggleDU\tbTog0.dll" [2010-12-09 3911776] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-09 3911776] [HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1}"= "c:\program files\ToggleDU\tbTog0.dll" [2010-12-09 3911776] [HKEY_CLASSES_ROOT\clsid\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mhutncmm.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Photo Loader supervisory.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Photo Loader supervisory.lnk backup=c:\windows\pss\Photo Loader supervisory.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk] backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.OMA^Menu Start^Programma's^Opstarten^Dropbox.lnk] path=c:\documents and settings\Eigenaar.OMA\Menu Start\Programma's\Opstarten\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.OMA^Menu Start^Programma's^Opstarten^Mediacontrole Picture Motion Browser.lnk] backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Eigenaar.OMA^Menu Start^Programma's^Opstarten^OpenOffice.org 3.2 .lnk] path=c:\documents and settings\Eigenaar.OMA\Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk backup=c:\windows\pss\OpenOffice.org 3.2 .lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2004-06-29 08:06 88363 -c--a-w- c:\windows\AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen] 2008-12-09 11:08 495616 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-07 16:07 61952 ------w- c:\windows\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2006-03-23 16:06 1398272 -c----w- c:\program files\Ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2008-04-14 17:03 172032 -c--a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio] 2004-03-17 14:10 61952 ------w- c:\windows\system32\Hdaudpropshortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-12-14 02:42 144784 -c--a-w- c:\program files\Java\jre1.6.0_04\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Zattoo\\zattood.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [31/01/2011 12:01 68928] R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [16/10/2010 10:04 1272000] S3 ATMEL FVNETusbASKEY (AR)®;ATMEL FVNETusbASKEY (AR)® Service for SANTIS WLAN USB Adapter;c:\windows\system32\drivers\vnetusbk.sys [20/02/2003 18:15 93184] S3 ATMEL WinXP PCMCIAFVNETR (2ARC)®;ATMEL WinXP PCMCIAFVNETR (2ARC)® Service for SANTIS WLAN PC Card;c:\windows\system32\drivers\fvnetr51.sys [14/01/2003 12:44 91648] S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.babylon.com/home?AF=15627 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://downloads.phpnuke.org/nl/index.php?rvs=google uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - . - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe HKLM-Run-Cmaudio - cmicnfg.cpl HKLM-RunOnce-AvgRemover - c:\documents and settings\Eigenaar.OMA\Local Settings\Temporary Internet Files\Content.IE5\CZW1TUUQ\avg_remover_stf_x86_2011_1184[1].exe Notify-avgrsstarter - avgrsstx.dll MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe MSConfigStartUp-Cmaudio - cmicnfg.cpl MSConfigStartUp-Control Center - c:\program files\ASUS\WLAN Card Utilities\Center.exe MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe MSConfigStartUp-nwiz - nwiz.exe MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe MSConfigStartUp-Route 66 Sync Helper - c:\program files\ROUTE 66\ROUTE 66 Sync\Bin\Route66SyncHelper.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe MSConfigStartUp-YouSendIt - c:\program files\YouSendIt\Express\YouSendIt.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-02-23 16:12 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2011-02-23 16:15:23 ComboFix-quarantined-files.txt 2011-02-23 15:15 Pre-Run: 81.729.474.560 bytes beschikbaar Post-Run: 85.129.916.416 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 032C9D8DAC678FE78EFB294BFC5A2461

1. Herstelpunt brengt geen soelaas 2. Geen 'updating' fouten gevonden 3. Ja , in veilige modus was Outlook en Exell gestart 4. Hierna een HiJask Logfile : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 0:07:50, on 11-11-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Belgacom\bin\sprtsvc.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Skynet.be - LE portail belge – DE Belgische portaalsite! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MyHeritage.com Search R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Apparaatdetectie) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://oas.support.microsoft.com/ActiveX/MSDcode.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fotoalbum.seniorennet.be/incl/uploader/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301984090593 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- End of file - 8330 bytes Bedankt voor hulp en gtejs, Imker

> 1ste maal opstarten, alles verloopt normaal tot de Explorer het bureaublad zou moeten tonen; doch scherm blijft zwart. > Als ik dan een reset doe en dus opnieuw start, dan verschijnt er een scherm met de vraag om naar 'Veilige modus' te gaan; indien ik naar veilige modus ga met netwerk mogelijkheden, dan ok in veilige modus. > Nadat ik na ong. 30 min. opnieuw een software herstart doe , dan start het systeem in 100% van de gevallen normaal en wordt het bureaublad wel getoond.(dus explorer start wel) Ik vermoed dat er dus een programma is dat Explorer belet om aan bod te komen, en door een bepaalde tijd in veilige modus te werken wordt deze taak de kans geboden om uitgevoerd te worden.....'t is maar een gissing. Ik heb de takenlijst eens opgenomen in het geval van de veilige modus en de gewone modus, misschien ziet iemand wie de dader zou kunnen zijn ? Gtjes Imker

En hier een fofo van de binnenzijde van de computer

Het ontstoffen is grondig gebeurd, daarna gestofzuigd en tenslotte met perslucht uitgeblazen. De beide ventilators draaien ( grafisch bord + moederbord), alhoewel aan relatief lage snelheid. Ik vind dat vooral de temp. van het grafisch bord te hoog is. Ziehier nieuwe logfile http://speccy.piriform.com/results/cTM8MKV7hOcztVjPw8Lgh0q Gtjes Imker

Ventilatoren draaien normaal, zowel moederbord als grafische kaart. Hier overzicht configuratie met een open kast : http://speccy.piriform.com/results/126Rp6cgVy4MuytvU4eMr1s Imker

Zo grondig mogelijk........borsteltje en stofzuiger. Met gesloten kast gemeten. Foto volgt later Gtjes Imker

Ziehier evolutie temp. graphics board, ok ?

Heb ondertussen : 1. Alle services en starttaken uitgeschakeld en zelfde resultaat. 2. De PC gereinigd en zo goed als mogelijk van stof ontdaan, en hier de huidige temperaturen. ( te hoog ? ) Gtjes Imker

Asus, Zeer hartelijke dank......zal zo snel mogelijk doen en jou jou op de hoogte. Imker

Wat is hier een normale temperatuur ? Ik zal de PC eens openen en volledig uitblazen ? Mvg Imker