Ga naar inhoud

pjverdonk

Lid
  • Items

    12
  • Registratiedatum

  • Laatst bezocht

pjverdonk's prestaties

  1. Bedankt Kape, zo te zien en te merken zijn mijn problemen inderdaad opgelost. bijkomend voordeel is dat ik nu veel meer vrije schijfruimte heb. Nogmaals thanx!!!!!
  2. het lijkt erop dat het goed blijft gaan. de computer schakelt zich ook niet meer uit zichzelf uit tot nu toe (zie eerdere melding). Hierbij de hyack-log: Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 10:05:21, on 24.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\T-DSL SpeedManager\tsmsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ToADiMon.exe] D:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office\OSA9.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122064604958 O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Program Files\T-DSL SpeedManager\tsmsvc.exe -- End of file - 4751 bytes Bedankt!!! pjverdonk
  3. Zo, voor het eerst verschijnen taakbalk en pictogrammen weer vanzelf op het beeldscherm. Een blijvertje hopelijk. Alvast bedankt!!!! Hier de logfile: ComboFix 10-01-23.02 - pj_2 23.01.2010 21:23:26.1.1 - FAT32x86 Gestart vanuit: c:\documents and settings\pj_2\Bureaublad\ComboFix.ex.exe . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Application Data\MSN6 c:\documents and settings\All Users\Application Data\MSN6\au.ini C:\s c:\windows\system32\1.bat c:\windows\system32\11478.exe c:\windows\system32\11942.exe c:\windows\system32\12322.exe c:\windows\system32\12382.exe c:\windows\system32\14604.exe c:\windows\system32\153.exe c:\windows\system32\15724.exe c:\windows\system32\16827.exe c:\windows\system32\17421.exe c:\windows\system32\18467.exe c:\windows\system32\18716.exe c:\windows\system32\19169.exe c:\windows\system32\19991.exe c:\windows\system32\2234.exe c:\windows\system32\22577.exe c:\windows\system32\23281.exe c:\windows\system32\240.exe c:\windows\system32\24464.exe c:\windows\system32\24859.exe c:\windows\system32\26500.exe c:\windows\system32\26962.exe c:\windows\system32\27206.exe c:\windows\system32\28145.exe c:\windows\system32\28478.exe c:\windows\system32\292.exe c:\windows\system32\29358.exe c:\windows\system32\29512.exe c:\windows\system32\2995.exe c:\windows\system32\31264.exe c:\windows\system32\32391.exe c:\windows\system32\3902.exe c:\windows\system32\4827.exe c:\windows\system32\491.exe c:\windows\system32\5436.exe c:\windows\system32\5705.exe c:\windows\system32\6334.exe c:\windows\system32\9063.exe c:\windows\system32\9896.exe c:\windows\system32\9961.exe ----- BITS: Mogelijk geïnfecteerde sites ----- hxxp://prantsusmailm.com Besmet exemplaar van c:\windows\system32\DRIVERS\atapi.sys werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - Kitty ate it Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\userinit.exe . (((((((((((((((((((( Bestanden Gemaakt van 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))) . 2010-01-23 19:58 . 2010-01-24 00:04 -------- d-----w- C:\32788R22FWJFW 2010-01-20 06:54 . 2010-01-20 06:55 388096 ----a-r- c:\documents and settings\pj_2\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-20 06:54 . 2010-01-20 06:55 -------- d-----w- c:\program files\TrendMicro 2010-01-17 12:15 . 2010-01-17 12:15 -------- d--h--r- c:\documents and settings\pj_2\Onlangs geopend 2010-01-17 09:57 . 2010-01-17 09:57 -------- d-----w- c:\windows\ShellNew 2010-01-17 09:57 . 2010-01-17 09:57 -------- d-----w- c:\documents and settings\pj_2\Application Data\Microsoft Web Folders 2010-01-17 09:41 . 2010-01-17 09:41 -------- d-----w- c:\documents and settings\pj_2\Application Data\TP 2010-01-16 18:03 . 2010-01-16 18:03 -------- d-----w- C:\FOUND.000 2010-01-16 13:53 . 2010-01-16 13:53 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-16 13:53 . 2010-01-16 13:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-16 13:53 . 2010-01-16 13:53 -------- d-----w- c:\program files\MSXML 4.0 2010-01-16 13:53 . 2010-01-16 13:53 -------- d-----w- c:\program files\MSECache 2010-01-16 13:06 . 2010-01-16 13:06 -------- d-----w- c:\documents and settings\pj_2\Application Data\Belastingdienst 2010-01-16 12:53 . 2010-01-16 12:53 -------- d-----w- c:\program files\Belastingdienst 2010-01-16 11:39 . 2010-01-16 11:39 -------- d-----w- C:\Bdienst 2010-01-13 16:28 . 2010-01-13 16:28 -------- d-----w- c:\documents and settings\pj_2\Application Data\T-DSL SpeedManager 2010-01-13 16:12 . 2010-01-13 16:13 -------- d-----w- c:\program files\OfficeUpdate11 2010-01-13 16:12 . 2010-01-13 16:12 -------- d-----w- c:\program files\Ahead 2010-01-13 15:57 . 2010-01-13 15:57 -------- d-----w- c:\program files\T-DSL SpeedManager 2010-01-13 08:57 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-17 12:49 . 2007-05-13 21:18 83928 ----a-w- c:\documents and settings\pj_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-07 15:07 . 2009-12-09 21:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-12-09 21:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-21 19:10 . 2005-04-27 15:43 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-12 16:27 . 2003-04-08 11:00 70426 ----a-w- c:\windows\system32\perfc013.dat 2009-12-12 16:27 . 2003-04-08 11:00 444960 ----a-w- c:\windows\system32\perfh013.dat 2009-12-09 22:03 . 2009-12-09 22:02 -------- d-----w- c:\documents and settings\pj_2\Application Data\Malwarebytes 2009-12-09 21:17 . 2009-12-09 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-27 18:38 . 2009-11-27 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2009-11-26 20:55 . 2009-11-26 20:55 -------- d-----w- c:\program files\Google 2009-11-24 23:54 . 2009-11-28 07:23 1280480 ----a-w- c:\windows\system32\asw173.tmp 2009-11-21 16:03 . 2002-09-27 18:32 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-26 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648] "ToADiMon.exe"="d:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624] "T-DSL SpeedMgr"="c:\progra~1\T-DSLS~1\SpeedMgr.exe" [2004-07-14 397312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:German /KBD:2 [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MACNDIS5.SYS [2006-10-04 17280] R3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152] R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;d:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536] S2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\program files\Common Files\Marmiko Shared\MZCCntrl.exe [2006-10-04 61440] . Inhoud van de 'Gedeelde Taken' map 2010-01-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-26 21:19] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporteren naar Microsoft Excel - d:\office12\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-InfoCockpit - d:\program files\T-Online_Software_6\Info-Cockpit\IC_START.EXE HKU-Default-Run-T-Online_Software_6\WLAN-Access Finder - c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe HKU-Default-Run-InfoCockpit - d:\program files\T-Online_Software_6\Info-Cockpit\IC_START.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-01-23 21:36 Windows 5.1.2600 Service Pack 3 FAT NTAPI scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'explorer.exe'(3468) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe c:\program files\T-DSL SpeedManager\tsmsvc.exe . ************************************************************************** . Voltooingstijd: 2010-01-23 21:39:07 - machine werd herstart ComboFix-quarantined-files.txt 2010-01-23 20:39 Pre-Run: 504.573.952 bytes beschikbaar Post-Run: 567.230.464 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - 66454BA77F8814B6A0249D7737894B3C Groet, pjverdonk
  4. Beste Kane, Wat betreft toevoeging achter userinit: er staat nu niets achter. Wat betreft combofix: ik krijg een foutmelding dat ik combofix niet kan benoemen als combofix1. Ook als ik combofix opstart gebeurt er niets, behalve dan dat taakbeheer verdwijnt van mijn beeldscherm. Gr. pjverdonk
  5. Hoi Angel, bovenstaande veranderd. Taakbalk en pictogrammen verschijnen echter niet. Wel wordt na korte tijd de map 'mijn documenten' automatisch getoond. Hoi Kape, de logfiles: (het heeft even geduurd, omdat mijn computer steeds uitvalt. Hier nogmaals de mededeling die ik krijg: 'Systeem wordt door NT AUTHORITY\SYSTEM afgeloten. Moet opnieuw opstarten, omdat de DCOM Server Process Launcher-service onverwacht is gestopt' Geen idee wat dit te betekenen heeft. Het gebeurt soms al na een minuut na pc aanzetten, soms kun je een half uur werken. Hyack: Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 20:47:40, on 22.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\SVCHOST.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe D:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ToADiMon.exe] D:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [infoCockpit] D:\Program Files\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [infoCockpit] D:\Program Files\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office\OSA9.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122064604958 O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Program Files\T-DSL SpeedManager\tsmsvc.exe -- End of file - 5173 bytes malware: Malwarebytes' Anti-Malware 1.44 Database version: 3609 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.01.2010 18:26:55 mbam-log-2010-01-22 (18-26-55).txt Scan type: Quick Scan Objects scanned: 102825 Time elapsed: 9 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Hoop dat er wat aan gedaan kan worden. Alvast bedankt!!!
  6. Beste Angel, Ik heb je aanwijzingen opgevolgd. Mijn computer blijft echter regelmatig uit zichzelf uitvallen. Mededeling: Kan DCOM Server Process Launcher-service niet starten????
  7. Hoi Angel, In regedit stond bij shell inderdaad al explorer.exe. Bij userinit stond inderdaad c:\\windows\system32\\userinit.exe, maar erachter stond nog een ander pad, ook c:\\windows\....... (ik weet niet meer welk). Ik wacht op Kape. Vr. gr. pjverdonk
  8. Ik krijg inderdaad via ctrl + alt + del en dan explorer.exe invullen mijn taakbalk en pictogrammen. Daarna via regedit gedaan wat jij voorstelde. Ik krijg na opstarten echter niet mijn taakbalk en pictogrammen. Wel krijg ik als ik weer via taakbeheer explorer.exe opstart steeds automatisch de inhoud van de map 'mijn documenten' te zien. Ik heb er trouwens een nieuw probleem bij. De computer sluit zich soms na 5 minuten, soms na een uur vanzelf af. Ik krijg dan de mededeling dat het systeem niet kon opstarten, omdat hij DCOM System Process Launcher niet kan vinden. Binnen 60 seconden gaat mijn computer dan uit. Het wordt steeds vreemder. Gr. Pjverdonk
  9. Beste Kape, reactie heeft even geduurd. Nog meer problemen. Computer viel steeds uit en startte opnieuw op. Nu pas gelukt een scan te doen. Hier de logfile van Malware: Malwarebytes' Anti-Malware 1.44 Database version: 3609 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 21.01.2010 20:46:06 mbam-log-2010-01-21 (20-46-06).txt Scan type: Quick Scan Objects scanned: 101231 Time elapsed: 15 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 34 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\iebho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho15.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho04.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho09.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho18.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho00.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho10.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho07.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho17.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho03.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho08.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho12.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho14.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho05.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho19.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho13.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho02.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho16.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho06.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho11.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0A.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1E.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0B.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0D.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0F.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1C.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0E.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1B.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0C.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1D.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1A.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. en de logfile van hyackthis: Malwarebytes' Anti-Malware 1.44 Database version: 3609 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 21.01.2010 20:46:06 mbam-log-2010-01-21 (20-46-06).txt Scan type: Quick Scan Objects scanned: 101231 Time elapsed: 15 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 34 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\iebho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho15.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho04.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho09.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho18.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho00.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho10.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho07.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho17.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho03.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho08.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho12.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho14.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho05.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho19.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho13.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho02.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho16.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho06.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho11.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0A.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1E.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0B.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0D.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0F.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1C.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0E.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1B.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho0C.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1D.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iebho1A.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. Hopelijk kun je me verder helpen. Vr. gr. pjverdonk
  10. HOI Angel, Hier de logfile, bedankt!! Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 07:57:24, on 20.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SVCHOST.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe D:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\T-DSL SpeedManager\tsmsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - C:\WINDOWS\system32\iebho15.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [ToADiMon.exe] D:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [infoCockpit] D:\Program Files\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [infoCockpit] D:\Program Files\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Office\OSA9.EXE O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122064604958 O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} (Navigram Control) - http://www.navigram.com/engine/v911/Navigram.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Program Files\T-DSL SpeedManager\tsmsvc.exe -- End of file - 5541 bytes
  11. Beste angel, Bedankt voor je tip, echter.... Bij rechtermuisklikken gebeurde niets. Ik heb de taakbalk en pictogrammen terug gekregen, door via taakbeheer (ctrl-alt-del) windows-verkener te starten. Toen verschenen de taakbalk en pictogrammen weer en functioneren ook. Ik blijf echter een probleem houden: het opstarten van de computer duurt langer en de taakbalk en pictogrammen verschijnen na opstarten niet automatisch, maar pas na starten windows-verkenner. Wie weet raad?
  12. Ik heb vandaag via Malwarebytes Antimalware een virusscan op mijn computer gedaan. Na afloop afgesloten en weer opgestart. Dit verliep goed, er leek geen probleem te zijn. Nadat ik een uur later de computer weer opstartte, kreeg ik vervolgens geen taakbalk en pictogrammen meer op mijn bureaublad. Via taakbeheer kan ik wel programma's openen. Vr. gr. pj verdonk
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.