Ga naar inhoud

philbuy

Lid
  • Items

    27
  • Registratiedatum

  • Laatst bezocht

Over philbuy

  • Verjaardag 11-05-1952

Recente bezoekers van dit profiel

De recente bezoekers block is uitgeschakeld en zal niet meer getoond worden aan gebruikers.

philbuy's prestaties

  1. Sedert dat ik mijn PC geüpdatet heb naar windows 8 kan ik geen mappen meer kopiëren naar mijn externe harde schijven in het netwerk. Alles wordt goed voorbereid maar wanneer hij begint te kopiëren wordt enkel één mapnaam aangemaakt op de externe schijf maar zonder verder inhoud te kopiëren en alles stopt zonder enige melding. Zie ik iets over het hoofd?
  2. Dit werkte evenmin. Uiteindelijk heb ik gekozen voor een herinstallatie. Kostte me veel tijd maar dit kostte me ook al heel wat tijd en stressmomenten. De zaak ik dus opgelost. 'k Weet dus helemaal niet wat er precies aan de hand was. Al de opstartverbeter- en versnelprogramma's die ik uittestte, betalende en onbetalende, hielpen geen barst. Alvast bedankt voor het helpen meedenken.
  3. soluto 1.2.718.0.beta Na het uitvoeren van ccleaner was niets veranderd. Als ik de opstartprocedure door soluto zichtbaar maak, dan stel ik vast dat een hele reeks progs en services steeds opnieuw herhaald wordt, zo'n 15 minuten lang. Dit was een week geleden nog niet zo. Ook advanced systemcare 5.0 pro geeft geen beterschap. Tijdens het opstarten (na enkele minuten kan ik Google Chrome starten maar Internet Explorer niet. Ook Outlook werkt eerst een tijdje tijdens het opstarten maar na een vijftal minuten loopt hij vast om dan tien minuten later terug te werken. Het lijkt alsof dit alles gekomen is na een of andere update of installatie. Wat de kaartlezer betreft, vroeger verkreeg ik mijn foto enkele seconden nadat ik mijn identiteitskaart in de lezer plaatste, maar nu lukt dat niet meer. De eID viewer werkt pas wanneer ik eerst het programma opstart en daarna de kaarlezer in de usb-poort verbind.
  4. Dit deed ik allemaal al maar daar hielp niet.
  5. Tijdens het opstarten worden de opstartprogramma's en services meerdere keren herhaald en volgens Soluto is er een crash: 07/22/2012 (4 minutes ago) [h=3]beidservicecrl.exe | Zetes[/h]crashed After running for 11:23:51Exception access violation (c0000005) Community solutionnull null See full solution Research this crash No Solution YetConsider yourself a power user? Help describe & solve this crash [h=3]Stack Trace[/h][TABLE] [TR] [TH]Module [/TH] [TH]Offset [/TH] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x67ecd[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x6719a[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x673d5[/TD] [/TR] [TR] [TD]kernel32.dll:4da47967dc000[/TD] [TD]0x49c46[/TD] [/TR] [TR] [TD]msvcrt.dll:4ee8cc5aaa000[/TD] [TD]0x9c03[/TD] [/TR] [TR] [TD]qt_mt334[/TD] [TD]0x338a1[/TD] [/TR] [TR] [TD]qt_mt334[/TD] [TD]0x3382a[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x412f4[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x3b1bc[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x3b13e[/TD] [/TR] [TR] [TD]kernel32.dll:4da47967dc000[/TD] [TD]0x44409[/TD] [/TR] [TR] [TD]msvcrt.dll:4ee8cc5aaa000[/TD] [TD]0x13c3a[/TD] [/TR] [TR] [TD]msvcrt.dll:4ee8cc5aaa000[/TD] [TD]0x13b7c[/TD] [/TR] [TR] [TD]msvcrt.dll:4ee8cc5aaa000[/TD] [TD]0x13c19[/TD] [/TR] [TR] [TD]beidservicecrl.exe:45d9b14638000[/TD] [TD]0x27304[/TD] [/TR] [TR] [TD]kernel32.dll:4da47967dc000[/TD] [TD]0x4d309[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x41603[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x415d6[/TD] [/TR] [/TABLE] [h=3]Running modules during crash[/h][TABLE] [TR] [TH]Module [/TH] [TH]File Size [/TH] [TH]Version [/TH] [TH]Vendor [/TH] [TH]MD5 [/TH] [/TR] [TR] [TD]beidssleay32.dll[/TD] [TD]163840[/TD] [TD]0.9.7.0[/TD] [TD]The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS[/TD] [TD]22119944-7ff7-9910-d730-6d83ec75d3f1[/TD] [/TR] [TR] [TD]beidservicecrl.exe[/TD] [TD]229376[/TD] [TD]1.3.0.0[/TD] [TD] Zetes[/TD] [TD]2506962d-7688-5f9e-31db-e0c1c99eb086[/TD] [/TR] [TR] [TD]beidlibeay32.dll[/TD] [TD]876544[/TD] [TD]0.9.7.0[/TD] [TD]The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS[/TD] [TD]df838738-48c7-b3c5-6caa-4057ad1c66c1[/TD] [/TR] [TR] [TD]qt-mt334.dll[/TD] [TD]4214784[/TD] [TD]3.3.4.1[/TD] [TD]Trolltech AS[/TD] [TD]93f7e287-ca86-4c26-4de3-71458529415a[/TD] [/TR] [TR] [TD]winspool.drv[/TD] [TD]270336[/TD] [TD]6.0.6002.18392[/TD] [TD]Microsoft Corporation[/TD] [TD]83fbc85e-1af3-d6a2-f421-f02c3f4f4475[/TD] [/TR] [TR] [TD]wsock32.dll[/TD] [TD]28672[/TD] [TD]6.0.6001.18000[/TD] [TD]Microsoft Corporation[/TD] [TD]6a8182e5-5548-4d91-effc-212e12b3b744[/TD] [/TR] [TR] [TD]comctl32.dll[/TD] [TD]1695744[/TD] [TD]6.10.6002.18305[/TD] [TD]Microsoft Corporation[/TD] [TD]28083cbe-8637-4c6c-291a-daf163c10ea6[/TD] [/TR] [TR] [TD]apphelp.dll[/TD] [TD]180224[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]57bd0711-844a-7736-35fe-c38b9bd64e6b[/TD] [/TR] [TR] [TD]lpk.dll[/TD] [TD]36864[/TD] [TD]6.0.6002.18051[/TD] [TD]Microsoft Corporation[/TD] [TD]74020eeb-e59c-88c4-741c-9a0abeab5dec[/TD] [/TR] [TR] [TD]advapi32.dll[/TD] [TD]811008[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]07a7ca50-172c-981b-8721-5c83d52069e4[/TD] [/TR] [TR] [TD]rpcrt4.dll[/TD] [TD]798720[/TD] [TD]6.0.6002.18024[/TD] [TD]Microsoft Corporation[/TD] [TD]ff1c28e2-3d79-097a-ce2b-35f9f8732ee3[/TD] [/TR] [TR] [TD]gdi32.dll[/TD] [TD]307200[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]b4e35678-4759-ef14-89bb-97375e8644ee[/TD] [/TR] [TR] [TD]ws2_32.dll[/TD] [TD]184320[/TD] [TD]6.0.6001.18000[/TD] [TD]Microsoft Corporation[/TD] [TD]7dd404b3-4457-20ba-fcb9-9fb8b2c07b0b[/TD] [/TR] [TR] [TD]usp10.dll[/TD] [TD]512000[/TD] [TD]1.626.6002.18244[/TD] [TD]Microsoft Corporation[/TD] [TD]4ff1ff80-5717-afb9-8be9-d314fc1ae88b[/TD] [/TR] [TR] [TD]shell32.dll[/TD] [TD]11603968[/TD] [TD]6.0.6002.18646[/TD] [TD]Microsoft Corporation[/TD] [TD]9001f1aa-230a-5ad7-e1ae-00840fa6f3b8[/TD] [/TR] [TR] [TD]msvcrt.dll[/TD] [TD]696320[/TD] [TD]7.0.6002.18551[/TD] [TD]Microsoft Corporation[/TD] [TD]d764af17-5427-285f-04f6-e6d998327e3f[/TD] [/TR] [TR] [TD]ole32.dll[/TD] [TD]1331200[/TD] [TD]6.0.6002.18277[/TD] [TD]Microsoft Corporation[/TD] [TD]cbe78695-5522-b0a8-97a7-e4538202585e[/TD] [/TR] [TR] [TD]msctf.dll[/TD] [TD]819200[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]69bdc3e3-1c70-b7e6-b171-01e4f7740534[/TD] [/TR] [TR] [TD]kernel32.dll[/TD] [TD]901120[/TD] [TD]6.0.6002.18449[/TD] [TD]Microsoft Corporation[/TD] [TD]3f474b57-aaac-910e-702b-86578440b525[/TD] [/TR] [TR] [TD]user32.dll[/TD] [TD]643072[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]47015175-45b9-4098-7666-f4802797c75a[/TD] [/TR] [TR] [TD]ntdll.dll[/TD] [TD]1212416[/TD] [TD]6.0.6002.18541[/TD] [TD]Microsoft Corporation[/TD] [TD]bb70a7dd-c2d7-02ed-4d6f-50e279d90e5b[/TD] [/TR] [TR] [TD]nsi.dll[/TD] [TD]24576[/TD] [TD]6.0.6001.18000[/TD] [TD]Microsoft Corporation[/TD] [TD]c6eb4aa6-8bc7-fd4c-7f41-a7277879df8f[/TD] [/TR] [TR] [TD]imm32.dll[/TD] [TD]122880[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]cecebdc8-82e0-4fb5-0bac-838bf0a34597[/TD] [/TR] [TR] [TD]shlwapi.dll[/TD] [TD]364544[/TD] [TD]6.0.6002.18393[/TD] [TD]Microsoft Corporation[/TD] [TD]51287691-b722-49b8-fec2-aa1b72a8f7a8[/TD] [/TR] [/TABLE] Technical details
  6. OK hier is het: (De PC vertoonde geen problemen meer.) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:53:33, on 26/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\PLFSetI.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Users\philip\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Linkscanner Uninstall Survey | AVG Nederland O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe (file missing) O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11039 bytes
  7. Na het verwijderen van de mappen c:\programdata\blekko toolbars; c:\programdata\rocqirsjswuqywe en bij heropstarten werd fase 3 van windowsupdates uitgevoerd en liep de PC in een kringloop die voortdurend herhaald werd, hij startte dus steeds opnieuw op terwijl het scherm van fase 3 van de updates met 0% aan het lopen was. Ik heb een systeemherstel moeten uitvoeren om terug te kunnen opstarten. Nu is de virusscanner aan het lopen en alles lijkt normaal en loopt niet meer vast. Straks start ik nog eens opnieuw op en hopelijk verloopt deze keer alles normaal.
  8. ComboFix 12-06-25.02 - philip 25/06/2012 11:25:27.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.1788 [GMT 2:00] Gestart vanuit: c:\users\philip\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\philip\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Tasks\0.job" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Tasks\0.job . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))) . . 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Marleen\AppData\Local\temp 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Ghislain\AppData\Local\temp 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 06:59 . 2012-06-25 06:59 -------- d-----w- c:\program files\AVG Secure Search 2012-06-23 06:00 . 2012-06-23 06:01 -------- d-----w- c:\users\Administrator 2012-06-22 17:03 . 2012-06-25 07:16 -------- d-----w- c:\programdata\AVG Secure Search 2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-22 17:00 . 2012-06-22 17:00 -------- d-----w- C:\$AVG 2012-06-22 17:00 . 2012-06-22 17:04 -------- d-----w- c:\programdata\AVG2012 2012-06-22 15:09 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5653ADA7-4C1B-471F-BF60-C003DBC5F742}\mpengine.dll 2012-06-22 13:08 . 2012-06-22 16:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-22 08:59 . 2012-06-22 08:59 -------- d-----w- c:\program files\Trend Micro 2012-06-22 07:31 . 2012-06-22 09:04 -------- d-----w- c:\programdata\blekko toolbars 2012-06-22 07:31 . 2012-06-22 07:31 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-06-22 06:15 . 2012-06-22 06:16 -------- d-----w- c:\users\philip 2012-06-22 03:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 03:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 03:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 03:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-21 04:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 15:44 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 15:44 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\programdata\WindowsSearch 2012-05-29 19:29 . 2012-05-29 19:29 -------- d-----w- c:\programdata\rocqirsjswuqywe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 17:45 . 2012-04-20 17:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 17:45 . 2011-06-27 16:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-04 13:56 . 2011-01-11 07:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 06:40 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-01-24 10:26 . 2010-06-25 20:09 13312 ----a-w- c:\program files\CreateCDGUI.exe 2006-12-12 14:07 . 2010-06-25 20:09 679152 ----a-w- c:\program files\mkisowin.exe 2006-01-17 10:08 . 2010-06-25 20:09 438272 ----a-w- c:\program files\BurnMe.exe 2002-11-12 14:20 . 2010-06-25 20:09 462336 ----a-w- c:\program files\vdscimg.dll 2000-05-06 04:51 . 2010-06-25 20:09 332800 ----a-w- c:\program files\vdsrun30dll.xxx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-25 06:59 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-25 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-24 3625984] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-25 1104440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-01-24 14:28 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Users^Ghislain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk] backup=c:\windows\pss\ctfmon.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Marleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2012-04-05 03:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2012-06-25 06:59 1104440 ----a-w- c:\program files\AVG Secure Search\vprot.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:45] . 2012-06-21 c:\windows\Tasks\Auto Backup for Ghislain.job - c:\program files\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 14:14] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003Core.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003UA.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://nl.intl.acer.yahoo.com TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-25 11:40 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(2180) c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . Voltooingstijd: 2012-06-25 11:43:56 ComboFix-quarantined-files.txt 2012-06-25 09:43 ComboFix2.txt 2012-06-25 07:59 . Pre-Run: 64.488.771.584 bytes beschikbaar Post-Run: 64.463.716.352 bytes beschikbaar . - - End Of File - - 2D011612780E0752F78989B3537B7F54 ---------- Post toegevoegd om 13:34 ---------- Vorige post was om 13:30 ---------- Alles lijkt beter te lopen, voorlopig loopt het niet meer vast. Ik doe nog eerst enekel controles, alvast bedankt voor de vlotte begeleiding.
  9. ComboFix 12-06-25.02 - philip 25/06/2012 11:25:27.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.1788 [GMT 2:00] Gestart vanuit: c:\users\philip\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\philip\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Tasks\0.job" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Tasks\0.job . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))) . . 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Marleen\AppData\Local\temp 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Ghislain\AppData\Local\temp 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 06:59 . 2012-06-25 06:59 -------- d-----w- c:\program files\AVG Secure Search 2012-06-23 06:00 . 2012-06-23 06:01 -------- d-----w- c:\users\Administrator 2012-06-22 17:03 . 2012-06-25 07:16 -------- d-----w- c:\programdata\AVG Secure Search 2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-22 17:00 . 2012-06-22 17:00 -------- d-----w- C:\$AVG 2012-06-22 17:00 . 2012-06-22 17:04 -------- d-----w- c:\programdata\AVG2012 2012-06-22 15:09 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5653ADA7-4C1B-471F-BF60-C003DBC5F742}\mpengine.dll 2012-06-22 13:08 . 2012-06-22 16:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-22 08:59 . 2012-06-22 08:59 -------- d-----w- c:\program files\Trend Micro 2012-06-22 07:31 . 2012-06-22 09:04 -------- d-----w- c:\programdata\blekko toolbars 2012-06-22 07:31 . 2012-06-22 07:31 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-06-22 06:15 . 2012-06-22 06:16 -------- d-----w- c:\users\philip 2012-06-22 03:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 03:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 03:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 03:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-21 04:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 15:44 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 15:44 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\programdata\WindowsSearch 2012-05-29 19:29 . 2012-05-29 19:29 -------- d-----w- c:\programdata\rocqirsjswuqywe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 17:45 . 2012-04-20 17:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 17:45 . 2011-06-27 16:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-04 13:56 . 2011-01-11 07:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 06:40 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-01-24 10:26 . 2010-06-25 20:09 13312 ----a-w- c:\program files\CreateCDGUI.exe 2006-12-12 14:07 . 2010-06-25 20:09 679152 ----a-w- c:\program files\mkisowin.exe 2006-01-17 10:08 . 2010-06-25 20:09 438272 ----a-w- c:\program files\BurnMe.exe 2002-11-12 14:20 . 2010-06-25 20:09 462336 ----a-w- c:\program files\vdscimg.dll 2000-05-06 04:51 . 2010-06-25 20:09 332800 ----a-w- c:\program files\vdsrun30dll.xxx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-25 06:59 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-25 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-24 3625984] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-25 1104440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-01-24 14:28 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Users^Ghislain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk] backup=c:\windows\pss\ctfmon.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Marleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2012-04-05 03:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2012-06-25 06:59 1104440 ----a-w- c:\program files\AVG Secure Search\vprot.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:45] . 2012-06-21 c:\windows\Tasks\Auto Backup for Ghislain.job - c:\program files\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 14:14] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003Core.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003UA.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://nl.intl.acer.yahoo.com TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-25 11:40 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(2180) c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . Voltooingstijd: 2012-06-25 11:43:56 ComboFix-quarantined-files.txt 2012-06-25 09:43 ComboFix2.txt 2012-06-25 07:59 . Pre-Run: 64.488.771.584 bytes beschikbaar Post-Run: 64.463.716.352 bytes beschikbaar . - - End Of File - - 2D011612780E0752F78989B3537B7F54
  10. Sorry, had combofix uitgevoerd in veilige modus. hierna de log: ComboFix 12-06-25.01 - philip 25/06/2012 9:29.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.1283 [GMT 2:00] Gestart vanuit: c:\users\philip\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))) . . 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Marleen\AppData\Local\temp 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Ghislain\AppData\Local\temp 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 06:59 . 2012-06-25 06:59 -------- d-----w- c:\program files\AVG Secure Search 2012-06-23 06:00 . 2012-06-23 06:01 -------- d-----w- c:\users\Administrator 2012-06-22 17:03 . 2012-06-25 07:16 -------- d-----w- c:\programdata\AVG Secure Search 2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-22 17:00 . 2012-06-22 17:00 -------- d-----w- C:\$AVG 2012-06-22 17:00 . 2012-06-22 17:04 -------- d-----w- c:\programdata\AVG2012 2012-06-22 15:09 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5653ADA7-4C1B-471F-BF60-C003DBC5F742}\mpengine.dll 2012-06-22 13:08 . 2012-06-22 16:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-22 08:59 . 2012-06-22 08:59 -------- d-----w- c:\program files\Trend Micro 2012-06-22 07:31 . 2012-06-22 09:04 -------- d-----w- c:\programdata\blekko toolbars 2012-06-22 07:31 . 2012-06-22 07:31 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-06-22 06:15 . 2012-06-22 06:16 -------- d-----w- c:\users\philip 2012-06-22 03:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 03:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 03:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 03:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-21 04:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 15:44 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 15:44 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\programdata\WindowsSearch 2012-05-29 19:29 . 2012-05-29 19:29 -------- d-----w- c:\programdata\rocqirsjswuqywe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 17:45 . 2012-04-20 17:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 17:45 . 2011-06-27 16:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-04 13:56 . 2011-01-11 07:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 06:40 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-01-24 10:26 . 2010-06-25 20:09 13312 ----a-w- c:\program files\CreateCDGUI.exe 2006-12-12 14:07 . 2010-06-25 20:09 679152 ----a-w- c:\program files\mkisowin.exe 2006-01-17 10:08 . 2010-06-25 20:09 438272 ----a-w- c:\program files\BurnMe.exe 2002-11-12 14:20 . 2010-06-25 20:09 462336 ----a-w- c:\program files\vdscimg.dll 2000-05-06 04:51 . 2010-06-25 20:09 332800 ----a-w- c:\program files\vdsrun30dll.xxx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-25 06:59 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-25 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-24 3625984] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-25 1104440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start Linkscanner Uninstall Survey | AVG Nederland" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-01-24 14:28 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Users^Ghislain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk] backup=c:\windows\pss\ctfmon.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Marleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2012-04-05 03:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2012-06-25 06:59 1104440 ----a-w- c:\program files\AVG Secure Search\vprot.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-22 c:\windows\Tasks\0.job - c:\program files\internet explorer\iexplore.exe [2012-06-22 23:21] . 2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:45] . 2012-06-21 c:\windows\Tasks\Auto Backup for Ghislain.job - c:\program files\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 14:14] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003Core.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003UA.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://nl.intl.acer.yahoo.com TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-ExtraFilmManager - c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe AddRemove-myBabylon_English Toolbar - c:\progra~1\MYBABY~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-25 09:53 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4812) c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe c:\program files\Acer\Empowering Technology\Service\ETService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Acer\Acer Bio Protection\BASVC.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\acer\Mobility Center\MobilityService.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe c:\program files\Belgacom\bin\sprtsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\system32\igfxsrvc.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\windows\system32\wbem\unsecapp.exe c:\users\philip\AppData\Local\Temp\RtkBtMnt.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Voltooingstijd: 2012-06-25 09:59:07 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-25 07:59 . Pre-Run: 65.187.127.296 bytes beschikbaar Post-Run: 64.676.986.880 bytes beschikbaar . - - End Of File - - C05268CC021A1BAA614711E89793CA18 ---------- Post toegevoegd om 10:01 ---------- Vorige post was om 10:00 ---------- Sorry, had combofix uitgevoerd in veilige modus. hierna de log: ComboFix 12-06-25.01 - philip 25/06/2012 9:29.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.1283 [GMT 2:00] Gestart vanuit: c:\users\philip\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))) . . 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Marleen\AppData\Local\temp 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Ghislain\AppData\Local\temp 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 06:59 . 2012-06-25 06:59 -------- d-----w- c:\program files\AVG Secure Search 2012-06-23 06:00 . 2012-06-23 06:01 -------- d-----w- c:\users\Administrator 2012-06-22 17:03 . 2012-06-25 07:16 -------- d-----w- c:\programdata\AVG Secure Search 2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-22 17:00 . 2012-06-22 17:00 -------- d-----w- C:\$AVG 2012-06-22 17:00 . 2012-06-22 17:04 -------- d-----w- c:\programdata\AVG2012 2012-06-22 15:09 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5653ADA7-4C1B-471F-BF60-C003DBC5F742}\mpengine.dll 2012-06-22 13:08 . 2012-06-22 16:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-22 08:59 . 2012-06-22 08:59 -------- d-----w- c:\program files\Trend Micro 2012-06-22 07:31 . 2012-06-22 09:04 -------- d-----w- c:\programdata\blekko toolbars 2012-06-22 07:31 . 2012-06-22 07:31 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-06-22 06:15 . 2012-06-22 06:16 -------- d-----w- c:\users\philip 2012-06-22 03:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 03:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 03:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 03:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-21 04:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 15:44 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 15:44 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\programdata\WindowsSearch 2012-05-29 19:29 . 2012-05-29 19:29 -------- d-----w- c:\programdata\rocqirsjswuqywe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 17:45 . 2012-04-20 17:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 17:45 . 2011-06-27 16:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-04 13:56 . 2011-01-11 07:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 06:40 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-01-24 10:26 . 2010-06-25 20:09 13312 ----a-w- c:\program files\CreateCDGUI.exe 2006-12-12 14:07 . 2010-06-25 20:09 679152 ----a-w- c:\program files\mkisowin.exe 2006-01-17 10:08 . 2010-06-25 20:09 438272 ----a-w- c:\program files\BurnMe.exe 2002-11-12 14:20 . 2010-06-25 20:09 462336 ----a-w- c:\program files\vdscimg.dll 2000-05-06 04:51 . 2010-06-25 20:09 332800 ----a-w- c:\program files\vdsrun30dll.xxx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-25 06:59 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-25 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-24 3625984] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-25 1104440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start Linkscanner Uninstall Survey | AVG Nederland" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-01-24 14:28 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Users^Ghislain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk] backup=c:\windows\pss\ctfmon.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Marleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2012-04-05 03:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2012-06-25 06:59 1104440 ----a-w- c:\program files\AVG Secure Search\vprot.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-22 c:\windows\Tasks\0.job - c:\program files\internet explorer\iexplore.exe [2012-06-22 23:21] . 2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:45] . 2012-06-21 c:\windows\Tasks\Auto Backup for Ghislain.job - c:\program files\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 14:14] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003Core.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003UA.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://nl.intl.acer.yahoo.com TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-ExtraFilmManager - c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe AddRemove-myBabylon_English Toolbar - c:\progra~1\MYBABY~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-25 09:53 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4812) c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe c:\program files\Acer\Empowering Technology\Service\ETService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Acer\Acer Bio Protection\BASVC.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\acer\Mobility Center\MobilityService.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe c:\program files\Belgacom\bin\sprtsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\system32\igfxsrvc.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\windows\system32\wbem\unsecapp.exe c:\users\philip\AppData\Local\Temp\RtkBtMnt.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Voltooingstijd: 2012-06-25 09:59:07 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-25 07:59 . Pre-Run: 65.187.127.296 bytes beschikbaar Post-Run: 64.676.986.880 bytes beschikbaar . - - End Of File - - C05268CC021A1BAA614711E89793CA18
  11. ComboFix 12-06-21.03 - philip 22/06/2012 16:25:10.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.2468 [GMT 2:00] Gestart vanuit: C:\Users\philip\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) ---- Voorgaande Run ------- C:\Program Files\Acer\Acer Bio Protection\PwdFilter.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\.lnk C:\ProgramData\xecbjrlaekgvkgs C:\Users\Ghislain\AppData\Roaming\~ygw.tmp C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf C:\Windows\system32\roboot.exe D:\install.exe
  12. Loopt nog steeds vast enkele "seconden" na het uitvoeren van bv. malwarebytes
  13. Na mbam Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.22.02 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.6001.18000 philip :: PC_VAN_GHISLAIN [administrator] Protection: Disabled 22/06/2012 12:08:58 mbam-log-2012-06-22 (12-08-58).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 398434 Time elapsed: 49 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile Hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:11:26, on 22/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctMTMzODE0NjcxOS1UMS1LVjMrNy1CQSsxLVhMKzEtVUNBTEwrMS1CQVI4RysxLVVDQUxMMisyLUZMKzktWE8zNisxLUxJQysyLUZMMTArMS1TUDErMS1TVVArNC1UVUcrMy1TUDFTNCsxLUREVCsyNzA4MS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRU4rMS1UQisxLVUxMCsxLUYxMFRCKzItU1QxMFRCRisxLUNJQTEwKzItRjEwTTEyUisxLVZJUDEyKzEtVEwrMQ"&"prod=55"&"ver=10.0.1424 O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe (file missing) O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10770 bytes
  14. Na het uitvoeren van een programma (AVG-malwarebytes-...) loopt de pc steeds vast Dit is de hijacklog: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:19:42, on 22/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = blekko | spam free search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Linkscanner Uninstall Survey | AVG Nederland O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\dllniaso64.dat,StartAs (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\dllniaso64.dat,StartAs (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11620 bytes
  15. Dit werkt niet in dbase. Is dus geen oplossing. ---------- Post toegevoegd om 09:21 ---------- Vorige post was om 09:15 ---------- Voorlopig werk ik met een virtual machine (Oracle VM virtualbox) waarin ik windows XP installeerde en daarin terug met dbase kan werken zoals vroeger. Dit werkt zeer goed maar is toch een beetje een omweg. Je moet al een kenner zijn om zoiets op te zetten.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.