Verdwenen bureaublad

**Emtec** · 2 January 2009, 17:15

Logje van een vriend.. zijn bureaublad is verdwenen en vervangen door een soort foutmelding.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:58, on 2/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\shicoxp.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Microsoft Winkler Prins\Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2006 DVD\EDICT.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MusicIP\MusicIP MyDJ iTunes Plugin (1.0.0.21b)\MIPSidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {5349F482-EFBF-4E73-A7B6-71A366F9ECF9} - (no file)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [cpu] regedit /s c:\windows\system32\cpu.reg
O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [L06NXLRD_10434312] "C:\Program Files\Microsoft Winkler Prins\Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132756518812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopMo...eUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata...PSUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: mqcl32 - mqcl32.dll (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAILI - Unknown owner - C:\WINDOWS\system32\caili.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 14452 bytes

alvast bedankt

**Juisterr** · 2 January 2009, 23:15

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - (no file)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {5349F482-EFBF-4E73-A7B6-71A366F9ECF9} - (no file)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: mqcl32 - mqcl32.dll (file missing)

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Download http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je Bureaublad en gebruik het volgens http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]deze handleiding[/url].
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

**Emtec** · 17 January 2009, 15:59

Dag,

excuzes dat ik zo laat ben met mijn antwoord, heb zonet een drukke examenperiode achter de rug...

hier is mijn logje:
(btw, de bureaublad achtergrond is terug zichtbaar! bedankt!

)

ComboFix 09-01-16.03 - Gebruiker 2009-01-17 14:44:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1023.512 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Gebruiker\Application Data\Install.dat
c:\windows\bobsaver.exe
c:\windows\bobsaver.scr
c:\windows\Downloaded Program Files\setup.inf
c:\windows\smdat32a.sys
c:\windows\smdat32m.sys
c:\windows\system32\h@tkeysh@@k.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))
.
2009-01-17 14:47 . 2009-01-17 14:47 <DIR> dr-h----- c:\documents and settings\Gebruiker\Onlangs geopend
2009-01-09 18:08 . 2009-01-09 18:09 <DIR> d-------- c:\documents and settings\Gebruiker\.jenny
2009-01-09 12:05 . 2009-01-16 20:15 <DIR> d-------- C:\vrij werk
2009-01-09 12:04 . 2009-01-16 20:16 <DIR> d-------- C:\100CANON
2009-01-09 00:16 . 2009-01-09 00:17 <DIR> d-------- c:\documents and settings\Gebruiker\.jordan
2008-12-31 14:22 . 2008-12-31 14:29 <DIR> dr------- C:\Mijn afbeeldingen
2008-12-20 17:16 . 2008-12-20 17:16 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2008-12-20 17:16 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2008-12-20 17:15 . 2008-12-20 17:15 <DIR> d-------- c:\program files\Microsoft Sync Framework
2008-12-20 17:15 . 2008-12-20 17:15 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-20 17:13 . 2008-12-20 17:13 <DIR> d-------- c:\program files\Windows Live SkyDrive
2008-12-20 17:13 . 2008-12-20 17:16 <DIR> d-------- c:\program files\Microsoft
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-01-17 13:48 --------- d-----w c:\program files\Lx_cats
2009-01-17 02:05 --------- d-----w c:\documents and settings\Gebruiker\Application Data\FrostWire
2008-12-20 16:16 --------- d-----w c:\program files\Windows Live
2008-12-18 01:56 --------- d-----w c:\program files\FrostWire
2008-12-10 16:16 --------- d-----w c:\program files\iTunes
2008-12-10 16:16 --------- d-----w c:\program files\iPod
2008-12-10 16:16 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 16:15 --------- d-----w c:\program files\QuickTime
2008-12-10 16:14 --------- d-----w c:\program files\Common Files\Apple
2008-12-04 23:31 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-11-30 22:04 --------- d-----w c:\program files\Lexmark X1100 Series
2008-11-24 01:05 --------- d-----w c:\documents and settings\Gebruiker\Application Data\MusicIP
2008-11-20 16:45 --------- d-----w c:\program files\Common Files\Windows Live
2008-11-18 21:30 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2006-08-10 573440]
"L06NXLRD_10434312"="c:\program files\Microsoft Winkler Prins\Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2006 DVD\EDICT.EXE" [2005-06-04 301776]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"cpu"="regedit" [X]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2005-02-04 456704]
"shicoxp"="c:\windows\shicoxp.exe" [2004-04-15 45056]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-10-22 86016]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-12 185632]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]
"LXDJCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXDJtime.dll" [2007-02-10 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\
PowerReg Scheduler V3.exe [2006-09-01 225280]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
SANTIS USB and PC Card Utility.lnk - c:\program files\Siemens\SANTIS WLAN\WlanMonitor.exe [2003-04-02 491520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Gebruiker\\Bureaublad\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\lxdjcfg.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Generals Zero Hour\\generals.exe"=
"c:\\Program Files\\EA Games\\Command & Conquer The First Decade\\Command & Conquer(tm) Tiberian Sun(tm)\\SUN\\Game.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdjpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \lxdjtime.exe"=
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-07-29 138780]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-05 97928]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIM ount.sys [2004-07-29 46779]
R3 ATMEL FVNETusbASKEY (AR)(R);ATMEL FVNETusbASKEY (AR)(R) Service for SANTIS WLAN USB Adapter;c:\windows\system32\drivers\vnetusbk.sys [2003-02-20 93184]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-05 231704]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r_tdi.sys [2008-12-20 55136]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStra p.sys [2005-06-20 2816]
S3 ATMEL WinXP PCMCIAFVNETR (2ARC)(R);ATMEL WinXP PCMCIAFVNETR (2ARC)(R) Service for SANTIS WLAN PC Card;c:\windows\system32\drivers\fvnetr51.sys [2003-01-14 91648]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 RivaTunerEx;RivaTunerEx;c:\program files\RivaTuner v2.0 RC 15.5\RivaTunerEx.sys [2005-05-06 2560]
.
Inhoud van de 'Gedeelde Taken' map
2009-01-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-16 c:\windows\Tasks\User_Feed_Synchronization-{F25E03F1-D32A-42C1-8E55-66E0C05F09BC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Bijkomende Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2
IE: Web Rebates.
O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://express.foto.com/ImageUploader5.cab
c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.inf
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader4.ocx
O16 -: {CAC677B6-4963-4305-9066-0BD135CD9233}
hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
c:\windows\Downloaded Program Files\IPSUploader4.inf
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\IPSUploader.ocx
O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}
hxxp://as.photoprintit.de/ips-opdata/74914091/activex/IPSUploader.cab
c:\windows\Downloaded Program Files\IPSUploader.inf
FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\fm3id7wm.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 14:48:05
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDJtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-861567501-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *T*i*b*e*r*i*u*m* *W*a*r*s*"!\Ondersteuning]
"Order"=hex:08,00,00,00,02,00,00,00,9a,02,00,00,01 ,00,00,00,04,00,00,00,9e,00,
00,00,00,00,00,00,90,00,00,00,41,75,67,4d,02,00,00 ,00,01,00,00,00,7e,00,32,\
[HKEY_USERS\S-1-5-21-1659004503-861567501-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{18021592-2F68-F762-DD4D-C71A929C7C30}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaioadfpcpcdfcodccon"=hex:6b,61,6d,66,6d,61,67,6f ,6e,69,70,65,69,6a,69,62,6d,
67,67,6f,64,64,00,00
"iaockfinlbogcgiifi"=hex:6b,61,6d,66,6d,61,67,6f,6 e,69,70,65,69,6a,69,62,6d,67,
67,6f,64,64,00,00
[HKEY_USERS\S-1-5-21-1659004503-861567501-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{BBD79ACD-814C-8960-D8CD-643501665428}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oagbkihglbghjoebmkdlbmohhfeapj"=hex:63,61,67,70,6 9,6f,00,7c
"oaccemmhcamcaimmnomnhepagcimdn"=hex:6b,61,66,70,6 b,6f,67,6b,66,69,6c,6a,6f,63,
6b,62,62,6c,6e,6d,63,6f,00,00
"naicicbjninkpihonejhbjajlcfg"=hex:6b,61,66,70,6b, 6f,67,6b,66,69,6c,6a,6f,63,
6b,62,62,6c,6e,6d,63,6f,00,00
[HKEY_USERS\S-1-5-21-1659004503-861567501-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:18,ac,36,98,f1,50,68,ae,97,d7,46,b7,05,a8 ,17,b7,a9,e4,d0,2a,72,3e,9e,
ea,0a,bb,6e,f0,27,0d,ab,5f,33,87,26,09,1e,b2,02,b3 ,7d,ee,3c,ac,d3,2c,1b,fa,\
"??"=hex:b8,44,39,be,6c,5b,93,10,9f,8d,e0,c4,f3,81 ,75,eb
[HKEY_USERS\S-1-5-21-1659004503-861567501-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:96,b2,53,f1,c9,94,b6,77,85,c3,8d,1d ,29,72,42,05,17,57,10,08,4a,
70,8d,9d,34,ac,2f,7f,a0,06,87,80,b5,24,d4,de,4d,fa ,ea,3a,48,9f,18,29,2f,94,\
"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b ,d8,19,de,23
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxdjcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-01-17 14:51:52 - machine werd herstart
ComboFix-quarantined-files.txt 2009-01-17 13:51:49
Pre-Run: 16.161.030.144 bytes beschikbaar
Post-Run: 16,164,511,744 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
247

**Juisterr** · 17 January 2009, 16:08

Mag ik een nieuw HJT logje ter controle en vertel gelijk even hoe het nu gaat aub.

**Emtec** · 18 January 2009, 01:24

Het opstarten gaat sneller, en de bureaublad achtergrond is nog steeds ok.
Daarentegen scheelt er wel iets met IE, die gaat veel trager dan voorheen en heeft 't moeilijk met weergeven van bepaalde pagina's. Maar ik denk dat ik gewoon ga overschakelen op firefox.

Nogmaals bedankt!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:19:58, on 18/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\shicoxp.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Winkler Prins\Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2006 DVD\EDICT.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gebruiker\Bureaublad\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Helperobject voor Encarta Winkler Prins Webassistent - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Encarta Winkler Prins Webassistent - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [cpu] regedit /s c:\windows\system32\cpu.reg
O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [L06NXLRD_10434312] "C:\Program Files\Microsoft Winkler Prins\Microsoft Winkler Prins Huiswerkhulp voor Leerlingen 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: SANTIS USB and PC Card Utility.lnk = C:\Program Files\Siemens\SANTIS WLAN\WlanMonitor.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://express.foto.com/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132756518812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.kodakimages.com/DesktopMo...eUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata...SUploader4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata...PSUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAILI - Unknown owner - C:\WINDOWS\system32\caili.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 13729 bytes

**Juisterr** · 18 January 2009, 15:15

Probeer dit even voor je ie

Download dial-a-fix van hier:
http://wiki.djlizard.net/Dial-a-fix#Download_Dial-a-fix
Unzip het en plaats het op je bureaublad.
Het kan zijn dat er meteen een venster opgaat met de naam: "restrictive policies" bovenaan.
Sluit dit venster terug. Zo kom je in het hoofdvenster van dialafix.
Daar vink aan onder het Registration Center : Explorer/IE/OE/shell/wmp
en klik je op de 'Go' knop onderaan.

**theo2602** · 18 January 2009, 17:16

Ik lees PB sturen heeft geen zin... hoe komt het dan dat ik enkele weken geleden de vraag kreeg om een PB te sturen, zodat men dan beter kon antwoorden?

**Juisterr** · 18 January 2009, 18:58

Die vraag komt niet van mij, er staat trouwens ook in de hijackthis regels dat je niet mag antwoorden in het topic van iemand anders.

**Emtec** · 22 January 2009, 15:53

Zeer fel bedankt!
Alles werkt weer!

Greetz!

**namaste** · 22 January 2009, 16:05

Ik weet niet of je dan wel nog een vraag mag stellen, in iemand anders zijn topic nadat zijn probleem is opgelost, maar ik vond het belachelijk om een nieuwe post te maken.

Het gaat over:

Probeer dit even voor je ie

Download dial-a-fix van hier:
http://wiki.djlizard.net/Dial-a-fix#Download_Dial-a-fix
Unzip het en plaats het op je bureaublad.
Het kan zijn dat er meteen een venster opgaat met de naam: "restrictive policies" bovenaan.
Sluit dit venster terug. Zo kom je in het hoofdvenster van dialafix.
Daar vink aan onder het Registration Center : Explorer/IE/OE/shell/wmp
en klik je op de 'Go' knop onderaan.

Dat programma, werkt niet onder vista blijkbaar, weet u of er al een versie uit is dat wel compatibel is met vista, of hebt u een soortgelijk programma dat me kan helpen met hetzelfde probleem voor IE als Emtec.

Hartelijk dank

Discussie: Verdwenen bureaublad

Discussietools

Discussie doorzoeken

Weergave

Verdwenen bureaublad

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

De volgende gebruiker bedankt Juisterr voor deze nuttige post:

Discussie informatie

Users Browsing this Thread

Soortgelijke discussies

bureaublad

map verdwenen

Kopiëren naar het bureaublad is verdwenen !

bureaublad

bureaublad

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten