Foutmelding bij opstarten
- Status
heeft jouw vriend toevallig 2 antivirus programma's lopen ..
dit is een fout melding betreffende de realtime beveiliging !!!
vergeet bovenstaande het betreft dat de opstart sektor fouten bevat ....
heeft jouw vriend de vista installatie cd dan zou hij een opstart herstel moeten overwegen ...
dit is een fout melding betreffende de realtime beveiliging !!!
vergeet bovenstaande het betreft dat de opstart sektor fouten bevat ....
heeft jouw vriend de vista installatie cd dan zou hij een opstart herstel moeten overwegen ...
Laatst bewerkt:
Die foutcode is zeer bizar. Wat me niet aanstaat is dat er melding is van een registry bestand config.dat en dat op lijn nummer 1 bovenstaande herhalende niets beduidende code staat?! Indien dat werkelijk zo zou zijn denk ik niet dat die Windows Vista zelfs kan opstarten. Ook de "privacy software error" lijkt me verdacht.
Mijn eerste mening: Virus.
Indien de melding van een vertrouwelijke bron moest komen wilt dit alsnog zeggen dat er fouten in de Windows registry zitten omdat de parser erop vastloopt. Maar ook hier weer lijkt het me zeer verdacht omdat zulke fouten op de eerste lijn fataal zouden moeten zijn voor je Windows.
Mijn eerste mening: Virus.
Indien de melding van een vertrouwelijke bron moest komen wilt dit alsnog zeggen dat er fouten in de Windows registry zitten omdat de parser erop vastloopt. Maar ook hier weer lijkt het me zeer verdacht omdat zulke fouten op de eerste lijn fataal zouden moeten zijn voor je Windows.
Het bericht dat steeds terug kwam bij het opstarten heb ik al kunnen oplossen.
Bij het opstarten komt het niet meer terug. Wat wel nog steeds aan de gang is
dat is dat de laptop traag reageerd. Zowel bij opstarten als bij afsluiten. Ook bij
het openen van programma's gaat dit steeds traag.Momenteel ben ik 'combifix'
aan het laten zoeken. Als dit gedaan is zal ik hier een logje plaatsen van 'combifix en hijacthis'.
Bij het opstarten komt het niet meer terug. Wat wel nog steeds aan de gang is
dat is dat de laptop traag reageerd. Zowel bij opstarten als bij afsluiten. Ook bij
het openen van programma's gaat dit steeds traag.Momenteel ben ik 'combifix'
aan het laten zoeken. Als dit gedaan is zal ik hier een logje plaatsen van 'combifix en hijacthis'.
Laatst bewerkt:
Index of /devbuilds/RescueDisk10/
Download en brand volgende ISO (kav_rescue_10.iso) op CD. Boot vervolgens de PC met de CD.
De virusscanner gaat een opmerking maken over een outdated database, laat hiervan een update lopen dan. (kan even duren...)
Scan daarna je pc volledig.
ps: Je kan ook de Rescue2usb gebruiken maar heb daar geen ervaring mee.
Rootkit virussen zijn doorgaans zeer moeillijk te detecteren.
Dat de laptop traag reageerd is doorgaans ook één van de kenmerken van een besmetting.
Hoe heb je trouwens de foutmelding kunnen voorkomen? Post indien mogelijk ook nog de aangevraagde logjes.
Download en brand volgende ISO (kav_rescue_10.iso) op CD. Boot vervolgens de PC met de CD.
De virusscanner gaat een opmerking maken over een outdated database, laat hiervan een update lopen dan. (kan even duren...)
Scan daarna je pc volledig.
ps: Je kan ook de Rescue2usb gebruiken maar heb daar geen ervaring mee.
Rootkit virussen zijn doorgaans zeer moeillijk te detecteren.
Dat de laptop traag reageerd is doorgaans ook één van de kenmerken van een besmetting.
Hoe heb je trouwens de foutmelding kunnen voorkomen? Post indien mogelijk ook nog de aangevraagde logjes.
Laatst bewerkt:
Hoi, als ik dit doe dan is dat opstarten vanaf cd ??
En verwijderd hij dan alles van de laptop ? Of blijven de mappen die hij erop gezet heeft er opstaan ??
Hierbij de logjes :
ComboFix 11-11-06.01 - admin 06/11/2011 11:37:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1021.147 [GMT 1:00]
Gestart vanuit: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))
.
.
2011-11-06 10:56 . 2011-11-06 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 10:22 . 2011-11-06 10:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A52FF7C-8551-43A3-8F6A-160558E03F9E}\offreg.dll
2011-11-05 20:08 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-05 20:08 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-05 20:08 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-05 20:08 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-05 20:08 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-05 20:08 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-05 20:06 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-05 20:05 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\programdata\AVAST Software
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\program files\AVAST Software
2011-11-05 19:16 . 2011-11-05 19:16 -------- d-----w- c:\program files\VS Revo Group
2011-11-05 18:10 . 2011-11-05 18:10 -------- d-----w- c:\users\admin\AppData\Roaming\f-secure
2011-11-05 18:07 . 2011-11-05 18:07 -------- d-----w- c:\programdata\F-Secure
2011-11-05 12:04 . 2011-11-05 12:04 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2011-11-05 12:04 . 2011-11-05 12:04 -------- d-----w- c:\programdata\Malwarebytes
2011-11-05 12:04 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 12:04 . 2011-11-05 12:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-05 11:46 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A52FF7C-8551-43A3-8F6A-160558E03F9E}\mpengine.dll
2011-11-05 11:38 . 2011-11-05 11:38 388096 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-05 11:38 . 2011-11-05 11:38 -------- d-----w- c:\program files\Trend Micro
2011-10-13 17:10 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 17:10 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 17:10 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 17:10 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 17:10 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 17:10 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 17:10 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 17:10 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 17:10 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 17:09 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-13 16:47 . 2011-10-13 16:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 18:03 . 2011-09-01 18:03 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-01 18:03 . 2011-09-01 18:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-01 18:03 . 2011-09-01 18:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-01 18:03 . 2011-09-01 18:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-01 18:03 . 2011-09-01 18:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-01 18:03 . 2011-09-01 18:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-01 18:03 . 2011-09-01 18:03 367104 ----a-w- c:\windows\system32\html.iec
2011-09-01 18:03 . 2011-09-01 18:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-01 18:03 . 2011-09-01 18:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-01 18:03 . 2011-09-01 18:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-01 18:03 . 2011-09-01 18:03 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-01 18:03 . 2011-09-01 18:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-01 18:03 . 2011-09-01 18:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-01 18:02 . 2011-09-01 18:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-01 18:02 . 2011-09-01 18:02 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-01 18:02 . 2011-09-01 18:02 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-01 18:02 . 2011-09-01 18:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-01 18:02 . 2011-09-01 18:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-27 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-27 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-27 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 135664]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-13 16:38]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 19:32]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 19:32]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477149219-868563909-1107391595-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 18:04]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477149219-868563909-1107391595-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 18:04]
.
2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{DEF84C5F-21CD-4E00-9BAE-66CD655C92AB}.job
- c:\windows\system32\msfeedssync.exe [2011-09-01 18:02]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=71&bd=Pavilion&pf=laptop
TCP: DhcpNameServer = 195.130.131.130 195.130.130.2
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE
AddRemove-BearShare - c:\program files\BearShare Applications\BearShare\UninstallSurvey.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-06 11:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-11-06 12:03:52
ComboFix-quarantined-files.txt 2011-11-06 11:03
.
Pre-Run: 103.419.670.528 bytes beschikbaar
Post-Run: 103.567.081.472 bytes beschikbaar
.
- - End Of File - - 570476BFDA3C1E9EB0D8419632CB4918
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:31, on 6/11/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7877 bytes
Als ik laptop opstart geeft hij rechts onderaan nog steeds een melding dat er 'opstartprogramma's problemen hebben voor op te starten'
Na een aantal min. starten ze dan toch op.
ComboFix 11-11-06.01 - admin 06/11/2011 11:37:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1021.147 [GMT 1:00]
Gestart vanuit: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))
.
.
2011-11-06 10:56 . 2011-11-06 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 10:22 . 2011-11-06 10:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A52FF7C-8551-43A3-8F6A-160558E03F9E}\offreg.dll
2011-11-05 20:08 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-05 20:08 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-05 20:08 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-05 20:08 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-05 20:08 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-05 20:08 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-05 20:06 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-05 20:05 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\programdata\AVAST Software
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\program files\AVAST Software
2011-11-05 19:16 . 2011-11-05 19:16 -------- d-----w- c:\program files\VS Revo Group
2011-11-05 18:10 . 2011-11-05 18:10 -------- d-----w- c:\users\admin\AppData\Roaming\f-secure
2011-11-05 18:07 . 2011-11-05 18:07 -------- d-----w- c:\programdata\F-Secure
2011-11-05 12:04 . 2011-11-05 12:04 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2011-11-05 12:04 . 2011-11-05 12:04 -------- d-----w- c:\programdata\Malwarebytes
2011-11-05 12:04 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 12:04 . 2011-11-05 12:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-05 11:46 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A52FF7C-8551-43A3-8F6A-160558E03F9E}\mpengine.dll
2011-11-05 11:38 . 2011-11-05 11:38 388096 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-05 11:38 . 2011-11-05 11:38 -------- d-----w- c:\program files\Trend Micro
2011-10-13 17:10 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 17:10 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 17:10 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 17:10 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 17:10 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 17:10 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 17:10 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 17:10 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 17:10 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 17:09 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-13 16:47 . 2011-10-13 16:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 18:03 . 2011-09-01 18:03 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-01 18:03 . 2011-09-01 18:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-01 18:03 . 2011-09-01 18:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-01 18:03 . 2011-09-01 18:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-01 18:03 . 2011-09-01 18:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-01 18:03 . 2011-09-01 18:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-01 18:03 . 2011-09-01 18:03 367104 ----a-w- c:\windows\system32\html.iec
2011-09-01 18:03 . 2011-09-01 18:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-01 18:03 . 2011-09-01 18:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-01 18:03 . 2011-09-01 18:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-01 18:03 . 2011-09-01 18:03 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-01 18:03 . 2011-09-01 18:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-01 18:03 . 2011-09-01 18:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-01 18:02 . 2011-09-01 18:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-01 18:02 . 2011-09-01 18:02 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-01 18:02 . 2011-09-01 18:02 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-01 18:02 . 2011-09-01 18:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-01 18:02 . 2011-09-01 18:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-27 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-27 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-27 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 135664]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-13 16:38]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 19:32]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-06 19:32]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477149219-868563909-1107391595-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 18:04]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2477149219-868563909-1107391595-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 18:04]
.
2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{DEF84C5F-21CD-4E00-9BAE-66CD655C92AB}.job
- c:\windows\system32\msfeedssync.exe [2011-09-01 18:02]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=71&bd=Pavilion&pf=laptop
TCP: DhcpNameServer = 195.130.131.130 195.130.130.2
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE
AddRemove-BearShare - c:\program files\BearShare Applications\BearShare\UninstallSurvey.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-06 11:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-11-06 12:03:52
ComboFix-quarantined-files.txt 2011-11-06 11:03
.
Pre-Run: 103.419.670.528 bytes beschikbaar
Post-Run: 103.567.081.472 bytes beschikbaar
.
- - End Of File - - 570476BFDA3C1E9EB0D8419632CB4918
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:31, on 6/11/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7877 bytes
Als ik laptop opstart geeft hij rechts onderaan nog steeds een melding dat er 'opstartprogramma's problemen hebben voor op te starten'
Na een aantal min. starten ze dan toch op.
type in het zoekvenster eens msconfig
rechtsklik verder op msconfig.exe uitvoeren als admin
kies de 1ste tap algemeen
controlleer hier alles zoals op de afbeeldingen ...
Bekijk bijlage 7982Bekijk bijlage 7983
rechtsklik verder op msconfig.exe uitvoeren als admin
kies de 1ste tap algemeen
controlleer hier alles zoals op de afbeeldingen ...
Bekijk bijlage 7982Bekijk bijlage 7983
- Status