Mededeling

Collapse
No announcement yet.

taakbalk die verdwijnt

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    taakbalk die verdwijnt

    hallo,

    Daar ben ik weer ;-)

    op ieder willekeurig moment verdwijnt/verschijnt mijn taakbalk. Ik heb ook geen snelkoppelingen meer op mijn desktop en mijn menustart is ook weg.

    Ik doe nu dus alles met taskmanager... new task.

    ik heb al een topic doorgelezen van Jouline, zij had namelijk hetzelfde probleem. ik heb die iefix.exe al laten draaien, maar geen resultaat.

    is het verstandig dat ik een hijack logje neerzet? of heeft dat er helemaal niks mee te maken


    hopelijk kunnen jullie me helpen.

    mvg bas
    Labels: Geen
    • Citaat
  • #2
    terwijl ik hier post, was ik ook bezig met een ad-aware full system scan. Hij vond uiteindelijk 32 problemen. Ik allemaal aangevinkt en toen ik naar quarantaine wilde plaatsen, ... ineens blauw scherm van windows xp. Kon zo snel niet lezen wat er stond.
    • Citaat

    Comment

    • #3
      Download VirtumundoBegone (mirror)
      Sla dit op op je bureaublad.

      Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
      Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
      Als de fix klaar is, start je de pc opnieuw op.
      Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.


      Download Combofix naar je Bureaublad.
      Dubbelklik op Combofix.exe
      Kies voor "Continue" door 1 te typen gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
      Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
      Plaats deze log in je volgende post.

      NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
      • Citaat

      Comment

      • #4
        staat in je process geen explorer.exe? als deze er niet staat (als je taakbalk weg is) moet je die weer activeren
        • kies nieuwe taak en typ explorer.exe

        let op: het kan zijn dat je EXPLORER.EXE met hoofdletters schrijft
        • Citaat

        Comment

        • #5
          Explorer hoef je in taakbeheer niet met hoofdletters te typen.

          PS verander je avatar even, het is erg verwarrend met de Avatar van Smeenk.
          Grtz Lex.

          Kijk ook even naar ==> de huisregels <==, dit kan zeer verhelderend werken.
          Moederbord / Processor; Gigabyte GA-X58 Extreme / Core i7 920 2,66GHz @3,67GHz.
          Koeler; Thermal right 120 Ultra Extreme met Sharkoon 120x120x25mm fan.
          Geheugen / Harddisks; Dominator GT 6GB 1600MHz in Triple-channel / OCZ Agility 2 60GB (SSD), OCZ Agility 2 120GB (SSD).
          Videokaarten / Monitoren; 2x Club3d GTX460 Overclocked Edition in SLI / 2x Samsung 2253BW (22 inch).
          Branders; Plextor 820SA.
          Speakers; Logitech z5500.
          Toetsenbord / Muis; Logitech G15 / G5.
          • Citaat

          Comment

          • #6
            [12/18/2007, 21:48:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Bas online\Bureaublad\VirtumundoBeGone.exe" )
            [12/18/2007, 21:48:12] - Detected System Information:
            [12/18/2007, 21:48:12] - Windows Version: 5.1.2600, Service Pack 2
            [12/18/2007, 21:48:12] - Current Username: Bas online (Admin)
            [12/18/2007, 21:48:12] - Windows is in NORMAL mode.
            [12/18/2007, 21:48:12] - Searching for Browser Helper Objects:
            [12/18/2007, 21:48:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
            [12/18/2007, 21:48:12] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
            [12/18/2007, 21:48:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
            [12/18/2007, 21:48:12] - Checking for HKLM\...\Winlogon\Notify\SDHelper
            [12/18/2007, 21:48:12] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
            [12/18/2007, 21:48:12] - BHO 3: {73F24B2F-4F7A-4BC2-A685-0333C49D1042} ()
            [12/18/2007, 21:48:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
            [12/18/2007, 21:48:12] - Checking for HKLM\...\Winlogon\Notify\pmnnlig
            [12/18/2007, 21:48:12] - Found: HKLM\...\Winlogon\Notify\pmnnlig - This is probably Virtumundo.
            [12/18/2007, 21:48:12] - Assigning {73F24B2F-4F7A-4BC2-A685-0333C49D1042} MSEvents Object
            [12/18/2007, 21:48:13] - BHO list has been changed! Starting over...
            [12/18/2007, 21:48:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
            [12/18/2007, 21:48:13] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
            [12/18/2007, 21:48:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
            [12/18/2007, 21:48:13] - Checking for HKLM\...\Winlogon\Notify\SDHelper
            [12/18/2007, 21:48:13] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
            [12/18/2007, 21:48:13] - BHO 3: {73F24B2F-4F7A-4BC2-A685-0333C49D1042} (MSEvents Object)
            [12/18/2007, 21:48:13] - ALERT: Found MSEvents Object!
            [12/18/2007, 21:48:13] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
            [12/18/2007, 21:48:13] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
            [12/18/2007, 21:48:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
            [12/18/2007, 21:48:13] - No filename found. Continuing.
            [12/18/2007, 21:48:13] - BHO 6: {A5BC2F40-2505-40E5-81C9-94B981BC9838} ()
            [12/18/2007, 21:48:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
            [12/18/2007, 21:48:13] - Checking for HKLM\...\Winlogon\Notify\pmkhh
            [12/18/2007, 21:48:13] - Key not found: HKLM\...\Winlogon\Notify\pmkhh, continuing.
            [12/18/2007, 21:48:13] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
            [12/18/2007, 21:48:13] - Finished Searching Browser Helper Objects
            [12/18/2007, 21:48:13] - *** Detected MSEvents Object
            [12/18/2007, 21:48:13] - Trying to remove MSEvents Object...
            [12/18/2007, 21:48:14] - Terminating Process: IEXPLORE.EXE
            [12/18/2007, 21:48:15] - Terminating Process: RUNDLL32.EXE
            [12/18/2007, 21:48:15] - Disabling Automatic Shell Restart
            [12/18/2007, 21:48:15] - Terminating Process: EXPLORER.EXE
            [12/18/2007, 21:48:16] - Suspending the NT Session Manager System Service
            [12/18/2007, 21:48:16] - Terminating Windows NT Logon/Logoff Manager
            [12/18/2007, 21:48:16] - Re-enabling Automatic Shell Restart
            [12/18/2007, 21:48:16] - File to disable: C:\WINDOWS\system32\pmnnlig.dll
            [12/18/2007, 21:48:16] - Renaming C:\WINDOWS\system32\pmnnlig.dll -> C:\WINDOWS\system32\pmnnlig.dll.vir
            [12/18/2007, 21:48:17] - ! File rename was unsucessful.
            [12/18/2007, 21:48:17] - Attempting to Deny Access to C:\WINDOWS\system32\pmnnlig.dll
            [12/18/2007, 21:48:18] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
            [12/18/2007, 21:48:18] - ERROR: Er is geen toewijzing uitgevoerd tussen accountnamen en beveiligings-ID's.

            [12/18/2007, 21:48:18] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
            [12/18/2007, 21:48:18] - Removing HKLM\...\Browser Helper Objects\{73F24B2F-4F7A-4BC2-A685-0333C49D1042}
            [12/18/2007, 21:48:18] - Removing HKCR\CLSID\{73F24B2F-4F7A-4BC2-A685-0333C49D1042}
            [12/18/2007, 21:48:18] - Adding Kill Bit for ActiveX for GUID: {73F24B2F-4F7A-4BC2-A685-0333C49D1042}
            [12/18/2007, 21:48:19] - Deleting ATLEvents/MSEvents Registry entries
            [12/18/2007, 21:48:19] - Removing HKLM\...\Winlogon\Notify\pmnnlig
            [12/18/2007, 21:48:19] - Searching for Browser Helper Objects:
            [12/18/2007, 21:48:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
            [12/18/2007, 21:48:19] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
            [12/18/2007, 21:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
            [12/18/2007, 21:48:19] - Checking for HKLM\...\Winlogon\Notify\SDHelper
            [12/18/2007, 21:48:19] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
            [12/18/2007, 21:48:19] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
            [12/18/2007, 21:48:19] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
            [12/18/2007, 21:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
            [12/18/2007, 21:48:19] - No filename found. Continuing.
            [12/18/2007, 21:48:19] - BHO 5: {A5BC2F40-2505-40E5-81C9-94B981BC9838} ()
            [12/18/2007, 21:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
            [12/18/2007, 21:48:19] - Checking for HKLM\...\Winlogon\Notify\pmkhh
            [12/18/2007, 21:48:19] - Key not found: HKLM\...\Winlogon\Notify\pmkhh, continuing.
            [12/18/2007, 21:48:19] - BHO 6: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
            [12/18/2007, 21:48:19] - Finished Searching Browser Helper Objects
            [12/18/2007, 21:48:19] - Finishing up...
            [12/18/2007, 21:48:19] - A restart is needed.
            [12/18/2007, 21:48:31] - Attempting to Restart via STOP error (Blue Screen!)
            • Citaat

            Comment

            • #7
              tweede test;


              ComboFix 07-12-19.2 - Bas online 2007-12-18 21:56:38.1 - NTFSx86
              Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.569 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Bas online\Bureaublad\ComboFix.exe
              * Nieuw herstelpunt werd aangemaakt
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Program Files\bifrost\klog.dat
              C:\WINDOWS\system32\hhkmp.ini
              C:\WINDOWS\system32\hhkmp.ini2
              C:\WINDOWS\system32\pmkhh.dll
              C:\WINDOWS\system32\wvusrsq.dll

              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

              .
              -------\LEGACY_DOMAINSERVICE


              (((((((((((((((((((( Bestanden Gemaakt van 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))
              .

              2007-12-18 18:15 . 2007-12-18 18:15 <DIR> d-------- C:\Program Files\SpywareBlaster
              2007-12-17 17:38 . 2007-12-18 21:52 <DIR> dr-h----- C:\Documents and Settings\Bas online\Onlangs geopend
              2007-12-15 13:58 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
              2007-12-14 16:01 . 2007-12-14 16:01 131 --a------ C:\WINDOWS\system32\tablet.dat
              2007-12-14 15:56 . 2007-12-14 15:56 <DIR> d-------- C:\9f3f0412bd0dea288abea930c36243d5
              2007-12-13 18:02 . 2007-12-13 18:02 39,936 --a------ C:\WINDOWS\system32\pmnnlig.dll.vir
              2007-12-13 18:02 . 2007-12-13 18:02 39,936 --a------ C:\WINDOWS\mrofinu922.exe.tmp
              2007-12-09 16:51 . 2007-12-09 16:51 <DIR> d-------- C:\Documents and Settings\Gast\Application Data\vlc
              2007-11-28 23:53 . 2007-11-28 23:53 <DIR> d-------- C:\Documents and Settings\Bas online\Application Data\ViStart
              2007-11-28 23:52 . 2007-11-28 23:54 <DIR> d-------- C:\Program Files\ViStart
              2007-11-28 23:50 . 2007-12-02 13:53 <DIR> d-------- C:\Program Files\TopDesk Trial
              2007-11-23 18:00 . 2007-11-28 23:58 <DIR> d-------- C:\Program Files\PokerStars
              2007-11-21 17:09 . 2007-11-21 17:10 <DIR> d-------- C:\Documents and Settings\Bas online\Application Data\OnRez
              2007-11-21 17:08 . 2007-11-21 17:10 <DIR> d-------- C:\Program Files\OnRez

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2007-12-19 21:00 --------- d-----w C:\Program Files\Bifrost
              2007-12-18 20:51 --------- d-----w C:\Documents and Settings\Bas online\Application Data\WTablet
              2007-12-18 17:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
              2007-12-18 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
              2007-12-15 16:37 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
              2007-12-15 13:37 --------- d-----w C:\Documents and Settings\Bas online\Application Data\uTorrent
              2007-12-09 19:36 --------- d-----w C:\Documents and Settings\Gast\Application Data\WTablet
              2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
              2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
              2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
              2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
              2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
              2007-11-22 00:17 --------- d-----w C:\Program Files\LimeWire
              2007-11-16 00:20 --------- d-----w C:\Documents and Settings\Bas online\Application Data\Teleca
              2007-11-16 00:14 --------- d-----w C:\Program Files\Common Files\Teleca Shared
              2007-11-16 00:13 --------- d-----w C:\Program Files\Sony Ericsson
              2007-11-16 00:13 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
              2007-11-16 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
              2007-11-16 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
              2007-11-15 12:15 --------- d-----w C:\Documents and Settings\Bas online\Application Data\SecondLife
              2007-11-13 18:57 --------- d-----w C:\Documents and Settings\Bas online\Application Data\AVG7
              2007-11-13 12:58 --------- d-----w C:\Program Files\AmsterdamsPoker
              2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
              2007-11-12 23:47 --------- d-----w C:\Program Files\DivoCodec
              2007-11-12 22:51 --------- d-----w C:\Program Files\SecondLife
              2007-11-06 20:19 --------- d-----w C:\Program Files\share
              2007-11-06 01:13 --------- d-----w C:\Program Files\DivX
              2007-10-22 19:50 --------- d-----w C:\Program Files\LimeWire Plus
              2007-10-22 19:47 --------- d-----w C:\Program Files\Incomplete
              2007-10-22 19:47 --------- d-----w C:\Documents and Settings\Bas online\Application Data\LimeWirePlus
              2007-10-05 13:50 1,024 ----a-w C:\test.bin
              2007-01-04 19:54 66 ----a-w C:\Documents and Settings\Bas online\Bas online_notes.dat
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
              {47833539-D0C5-4125-9FA8-0819E2EAAC93}
              {93344865-74BD-4873-BE65-56539D41A65C}

              [HKEY_CLASSES_ROOT\clsid\{93344865-74bd-4873-be65-56539d41a65c}]
              [HKEY_CLASSES_ROOT\Earn2Life.LeadBar.1]
              [HKEY_CLASSES_ROOT\TypeLib\{92F9C4A2-C2A5-41f6-9829-49B8C6FF0709}]
              [HKEY_CLASSES_ROOT\Earn2Life.LeadBar]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-04-11 05:00]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-18 05:40]
              "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58]
              "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 21:17]
              "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 21:13]
              "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 21:17]
              "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 21:44 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
              "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22]
              "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 14:14]
              "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
              "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33]
              "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 09:50]
              "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
              "Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 08:52]
              "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2004-08-25 10:26]
              "POEngine"=""
              "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-04-11 05:00]

              C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
              Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-03-07 20:08:35]
              Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-31 03:08:34]
              Watch.lnk - C:\Program Files\DV Series\Console\Watch.exe [2007-03-11 20:24:30]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
              "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

              [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
              "NoBandCustomize"= 0 (0x0)
              "NoMovingBands"= 0 (0x0)
              "NoCloseDragDropBands"= 0 (0x0)
              "NoToolbarsOnTaskbar"= 0 (0x0)

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
              "UIHost"="LogonUI.EXE"

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bas online^Menu Start^Programma's^Opstarten^Yahoo! Widget Engine.lnk]
              path=C:\Documents and Settings\Bas online\Menu Start\Programma's\Opstarten\Yahoo! Widget Engine.lnk
              backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
              2006-01-12 20:52 483328 --a------ C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
              C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
              C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
              2006-04-11 05:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctpmon]
              ctpmon.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
              2006-10-30 09:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
              2006-01-12 16:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
              C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
              C:\Program Files\QuickTime\qttask.exe -atboottime

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
              C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

              R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 12:18]
              R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-11-15 10:55]
              S2 Ca533av;DV Series Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 11:37]
              S3 s116bus;Sony Ericsson Device 116 driver (WDM);C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 13:57]
              S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 13:57]
              S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS);C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 13:57]
              S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 13:57]
              S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM);C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 13:57]
              S3 USBCamera;DV Series Digital Camera;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-11-22 09:25]

              .
              **************************************************************************

              catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2007-12-19 22:07:11
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              HKLM\Software\Microsoft\Windows\CurrentVersion\Run
              Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\[email protected]? ????]??????`[email protected][email protected]

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2007-12-19 22:09:25 - machine was rebooted
              • Citaat

              Comment

              • #8
                and final;


                ----------------RVAXO.exe first run-------------

                Files found:

                C:\WINDOWS\system32\pmnnlig.dll.vir
                C:\WINDOWS\mrofinu922.exe.tmp

                Uninstallers Rogue scanners:


                Folders Found:

                C:\WINDOWS\system32\winsecurityxp

                Hosts-file was reset, If you use a custom hosts file please replace it...

                --------------RVAXO.exe last run---------------

                Files found:

                Folders Found:

                --------------RVAXO.exe finished----------------
                • Citaat

                Comment

                • #9
                  Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                  Dit zal alles van RVAXO doen verwijderen.

                  Verwijder de volgende map:
                  C:\Qoobox\

                  Maak dan je prullenbak leeg.

                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                  Dubbelklik op ATF cleaner om het programma te starten.
                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook FireFox als browser hebt:
                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook Opera als browser hebt:
                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  Klik op de knop Empty Selected.
                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                  Combofix /U
                  Druk daarna op OK.
                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                  Dit zal Combofix deïnstalleren.

                  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                  Kijk hier hoe je je systeemherstel moet uitschakelen.
                  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                  Zijn alle problemen nu voorbij?
                  • Citaat

                  Comment

                  • #10
                    tot nu toe werkt ie prima, ...

                    even afwachten

                    thnx in advance
                    • Citaat

                    Comment

                    • #11
                      Zou je ook nog een logje van Hijackthis willen maken en deze hier ter controle posten?
                      Nucia Security Forums
                      http://www.nucia.eu/forum/vbarticles.php?do=article&articleid=25
                      • Citaat

                      Comment

                      • #12
                        ter controle een Hijacklog.

                        hey,

                        op advies van smeenk hier nog een hijacklog, na het runnen van een aantal programma's, als controle.

                        ----


                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 16:01:07, on 20/12/2007
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\eHome\ehRecvr.exe
                        C:\WINDOWS\eHome\ehSched.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        C:\WINDOWS\ehome\ehtray.exe
                        C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\system32\igfxtray.exe
                        C:\WINDOWS\system32\hkcmd.exe
                        C:\WINDOWS\system32\igfxpers.exe
                        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                        C:\Program Files\HP\QuickPlay\QPService.exe
                        C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                        C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
                        C:\Program Files\DU Meter\DUMeter.exe
                        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\WINDOWS\system32\mqsvc.exe
                        C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
                        C:\WINDOWS\system32\mqtgsvc.exe
                        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        C:\Program Files\DV Series\Console\Watch.exe
                        C:\WINDOWS\eHome\ehmsas.exe
                        C:\WINDOWS\system32\dllhost.exe
                        C:\Program Files\Internet Explorer\IEXPLORE.EXE
                        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                        R3 - URLSearchHook: (no name) - - (no file)
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                        O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
                        O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
                        O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
                        O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
                        O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                        O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                        O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
                        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                        O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
                        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
                        O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
                        O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
                        O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
                        O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
                        O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
                        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                        O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
                        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
                        O4 - Global Startup: Watch.lnk = C:\Program Files\DV Series\Console\Watch.exe
                        O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                        O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                        O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                        O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                        O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                        O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                        O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
                        O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
                        O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
                        O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
                        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
                        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                        O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop
                        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
                        O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
                        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176336265625
                        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
                        O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) - http://www.earn2life.com/plugin/Earn2Life.cab
                        O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
                        O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab
                        O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
                        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
                        O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
                        O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
                        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
                        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                        O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
                        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
                        O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
                        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                        O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
                        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
                        O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
                        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

                        --
                        End of file - 10203 bytes
                        • Citaat

                        Comment

                        • #13
                          Deze regels mag je verwijderen met Hijackthis:
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                          R3 - URLSearchHook: (no name) - - (no file)

                          Ga naar Start - Uitvoeren en geef hier het volgende in:
                          sc delete SDhelper
                          Druk daarna op OK.

                          Logje ziet er verder weer prima uit
                          • Citaat

                          Comment

                          • #14
                            Oorspronkelijk geplaatst door smeenk Bekijk Berichten
                            Deze regels mag je verwijderen met Hijackthis:
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                            R3 - URLSearchHook: (no name) - - (no file)

                            Ga naar Start - Uitvoeren en geef hier het volgende in:
                            sc delete SDhelper
                            Druk daarna op OK.

                            Logje ziet er verder weer prima uit

                            fijn! tot nu toe geen problemen meer gehad. thnx!

                            Ben vandaag echter bij mijn ouders thuis geweest, en terwijl ik vertelde dat mijn laptop vervelend was, kreeg ik te horen dat hun desktop ook steeds trager werd. het kan dus zijn dat ik je nog lastig val met hijacklogs ;-)

                            met de groeten van Bas
                            • Citaat

                            Comment

                            • #15
                              Oorspronkelijk geplaatst door bazzia
                              fijn! tot nu toe geen problemen meer gehad. thnx!

                              Ben vandaag echter bij mijn ouders thuis geweest, en terwijl ik vertelde dat mijn laptop vervelend was, kreeg ik te horen dat hun desktop ook steeds trager werd. het kan dus zijn dat ik je nog lastig val met hijacklogs ;-)

                              met de groeten van Bas
                              Graag gedaan hoor

                              Topics van een andere computer in een nieuw topic a.u.b.
                              • Citaat

                              Comment

                              Vorige template Volgende
                              Sorry, you are not authorized to view this page
                              Working...
                              X