dgpatje

14 augustus 2011

Als we de cd in de pc van onze zonen steken, dan werkt die als we hem aanklikken in "mijn computer".

Bij het opnieuw opstarten van hun pc, dan start hij normaal op, dus komt de tekst van "opstarten met cd" er niet op.

14 augustus 2011

We hebben de bios nagekeken, en hem aangepast zodat hij eerst met de cd zou opstarten.

Daarna opnieuw cd ingestoken en proberen opstarten, maar hij start nog steeds niet op met de cd.

We krijgen wel een zwart scherm, waar we keuzes krijgen zoals veilige modus, ... maar als we op veilige modus klikken, dan krijgen we daarna altijd terug de foutmelding.

Dus we geraken niet in de veilige modus, de andere opties lukken ook niet, en via cd start hij ook niet op, ondanks de aanpassingen in de bios. Alleen een steeds weerkerend zwart scherm met de foutmelding : benodigde dll-bestanden voor de kernel laden.

14 augustus 2011

Heb geprobeerd om op te starten via de cd van windows, maar hij doet niks. We krijgen een zwart scherm met veilige modus, ...

Maar niks van opstarten met cd. Als we proberen in veilige modus, of andere opties proberen, dan krijgen we daarna gewoon terug dezelfde foutmelding.

De laatste tijd startten de cd's ook niet automatisch meer op.

14 augustus 2011

Ja, we hebben een cd van Windows XP.

14 augustus 2011

Wij hebben sinds vanmorgen een probleem met het opstarten van onze pc.

We krijgen een zwart scherm met de vermelding : "Windows kan niet opstarten door een fout in de software. De benodigde DLL-bestanden voor de kernel laden."

We raken ook niet in de veilige modus om een herstelpunt te kunnen maken.

Dit bericht hebben we even op de pc van onze zonen gepost, want we weten niet hoe we de onze moeten aan de praat krijgen. Kan iemand ons helpen?

10 juni 2010

Doen we. Nogmaals bedankt voor je hulp.

Dit kunnen we dan weer als opgelost beschouwen.

10 juni 2010

Alles loopt op het eerste zicht terug normaal.

Alvast bedankt voor de weer uitstekende hulp.

Nog een laatste vraagje : vorige keer moesten we ook het programma HijackThis verwijderen, moest dit nu ook of mag dit toch blijven staan voor eventueel een volgende keer?

10 juni 2010

Alles gedaan zoals je gevraagd had. Alleen is er niet gevraagd geweest om de computer terug op te starten, dus heb ik dat ook niet gedaan.

Het logje startte automatisch op, dus hier volgt het :

ComboFix 10-06-09.04 - Patrick 10/06/2010 20:45:32.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1023.480 [GMT 2:00]

Gestart vanuit: d:\mijn documenten\ComboFix.exe

gebruikte Opdracht switches :: d:\mijn documenten\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\windows\system32\nrcpactnpevim.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Patrick\Application Data\Sky-Banners

c:\documents and settings\Patrick\Application Data\Sky-Banners\skb\log.xml

c:\program files\$NtUninstallWTF1012$

c:\program files\$NtUninstallWTF1012$\elUninstall.exe

c:\windows\system32\nrcpactnpevim.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-10 to 2010-06-10 ))))))))))))))))))))))))))))))

.

2010-06-10 11:04 . 2010-06-10 11:04 503808 ----a-w- c:\documents and settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-603ccaa6-n\msvcp71.dll

2010-06-10 11:04 . 2010-06-10 11:04 499712 ----a-w- c:\documents and settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-603ccaa6-n\jmc.dll

2010-06-10 11:04 . 2010-06-10 11:04 348160 ----a-w- c:\documents and settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-603ccaa6-n\msvcr71.dll

2010-06-09 17:14 . 2010-06-09 17:14 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-09 12:45 . 2010-06-10 18:43 -------- d--h--r- c:\documents and settings\Patrick\Onlangs geopend

2010-06-03 17:21 . 2010-06-03 17:21 -------- d-----w- c:\program files\CCleaner

2010-06-03 16:32 . 2010-06-03 16:32 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-02 17:42 . 2010-06-02 17:42 -------- d-----w- c:\documents and settings\Patrick\Application Data\Malwarebytes

2010-06-02 17:41 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-02 17:41 . 2010-06-02 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-02 17:41 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-02 17:41 . 2010-06-02 17:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-02 15:46 . 2010-06-02 15:46 -------- d-----w- c:\program files\Trend Micro

2010-05-31 16:22 . 2010-05-31 16:22 -------- d--h--w- c:\documents and settings\Administrator\Onlangs geopend

2010-05-31 16:22 . 2010-05-31 16:22 -------- d--h--w- c:\documents and settings\Administrator\Netwerkprinteromgeving

2010-05-31 16:22 . 2010-05-31 16:22 -------- d-----w- c:\documents and settings\Administrator\Mijn documenten

2010-05-31 16:22 . 2010-05-31 16:22 -------- d-----w- c:\documents and settings\Administrator\Favorieten

2010-05-31 16:22 . 2010-05-31 16:22 -------- d-----w- c:\documents and settings\Administrator\Bureaublad

2010-05-31 16:22 . 2010-05-31 16:22 -------- d-----r- c:\documents and settings\Administrator\Menu Start

2010-05-30 17:00 . 2010-05-31 16:21 -------- d--h--w- c:\documents and settings\Administrator\Sjablonen

2010-05-30 17:00 . 2010-05-31 16:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft

2010-05-30 17:00 . 2010-06-03 16:32 -------- d-----w- c:\documents and settings\Administrator

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-10 09:54 . 2009-11-24 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-06-03 07:48 . 2009-05-18 19:26 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 07:48 . 2009-05-18 19:26 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-28 11:04 . 2001-09-07 12:00 91688 ----a-w- c:\windows\system32\perfc013.dat

2010-03-28 11:04 . 2001-09-07 12:00 511526 ----a-w- c:\windows\system32\perfh013.dat

2010-03-23 14:53 . 2009-05-18 19:30 73936 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-17 08:21 . 2010-03-17 08:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-17 08:20 . 2009-05-18 19:26 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]

"nwiz"="nwiz.exe" [2007-04-12 1626112]

"SW20"="c:\windows\system32\sw20.exe" [2006-12-15 208896]

"SW24"="c:\windows\system32\sw24.exe" [2006-12-15 69632]

"WinSys2"="c:\windows\system32\winsys2.exe" [2006-12-15 217088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-19 68592]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-9-3 176128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-19 688128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/05/2009 21:26 216200]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/05/2009 21:26 242896]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17/03/2010 10:20 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 10:20 308064]

R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 10:26 508288]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/02/2010 16:50 135664]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Inhoud van de 'Gedeelde Taken' map

2010-06-10 c:\windows\Tasks\1-klik Onderhoud.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-03 15:48]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 14:50]

2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 14:50]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.msn.be/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

Trusted Zone: dexia.be\directnet

DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2.be/mailconfig/config/bin/AccountHelper.cab

.

- - - - ORPHANS VERWIJDERD - - - -

AddRemove-$NtUninstallWTF1012$ - c:\program files\$NtUninstallWTF1012$\elUninstall.exe

AddRemove-nrcpactnpevim - c:\windows\system32\nrcpactnpevim.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-10 20:48

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2010-06-10 20:48:54

ComboFix-quarantined-files.txt 2010-06-10 18:48

ComboFix2.txt 2010-06-10 18:06

Pre-Run: 90.723.213.312 bytes beschikbaar

Post-Run: 90.721.329.152 bytes beschikbaar

- - End Of File - - 56B1C8C713C2D949420EF896AD85C12B

En ook nog het logje van HijackThis :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:54:19, on 10/06/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2.be/mailconfig/config/bin/AccountHelper.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 9268 bytes

10 juni 2010

ComboFix 10-06-09.04 - Patrick 10/06/2010 19:58:18.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.1023.626 [GMT 2:00]

Gestart vanuit: d:\mijn documenten\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Patrick\Application Data\768B92BECA185AAEDB7C38865DF9BC40

c:\documents and settings\Patrick\Application Data\768B92BECA185AAEDB7C38865DF9BC40\enemies-names.txt

c:\documents and settings\Patrick\Application Data\768B92BECA185AAEDB7C38865DF9BC40\local.ini

c:\documents and settings\Patrick\Application Data\768B92BECA185AAEDB7C38865DF9BC40\setupupdater0000.exe

c:\documents and settings\Patrick\Application Data\chrtmp

c:\windows\ndlgwms.dll

c:\windows\system32\2567697197.dat

c:\windows\system32\winsys.exe

Besmet exemplaar van c:\windows\system32\drivers\i8042prt.sys werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - Kitty had a snack

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SSHNAS

(((((((((((((((((((( Bestanden Gemaakt van 2010-05-10 to 2010-06-10 ))))))))))))))))))))))))))))))

.

2010-06-10 11:04 . 2010-06-10 11:04 503808 ----a-w- c:\documents and settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-603ccaa6-n\msvcp71.dll

2010-06-10 11:04 . 2010-06-10 11:04 499712 ----a-w- c:\documents and settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-603ccaa6-n\jmc.dll

2010-06-10 11:04 . 2010-06-10 11:04 348160 ----a-w- c:\documents and settings\Patrick\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-603ccaa6-n\msvcr71.dll

2010-06-10 09:29 . 2010-06-10 09:29 50981 ----a-w- c:\windows\system32\nrcpactnpevim.exe

2010-06-10 09:29 . 2010-06-10 09:29 -------- d-----w- c:\program files\$NtUninstallWTF1012$

2010-06-09 17:14 . 2010-06-09 17:14 388096 ----a-r- c:\documents and settings\Patrick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-09 12:45 . 2010-06-10 16:49 -------- d--h--r- c:\documents and settings\Patrick\Onlangs geopend