philbuy

Sedert dat ik mijn PC geüpdatet heb naar windows 8 kan ik geen mappen meer kopiëren naar mijn externe harde schijven in het netwerk. Alles wordt goed voorbereid maar wanneer hij begint te kopiëren wordt enkel één mapnaam aangemaakt op de externe schijf maar zonder verder inhoud te kopiëren en alles stopt zonder enige melding. Zie ik iets over het hoofd?

Dit werkte evenmin. Uiteindelijk heb ik gekozen voor een herinstallatie. Kostte me veel tijd maar dit kostte me ook al heel wat tijd en stressmomenten. De zaak ik dus opgelost. 'k Weet dus helemaal niet wat er precies aan de hand was. Al de opstartverbeter- en versnelprogramma's die ik uittestte, betalende en onbetalende, hielpen geen barst. Alvast bedankt voor het helpen meedenken.

soluto 1.2.718.0.beta Na het uitvoeren van ccleaner was niets veranderd. Als ik de opstartprocedure door soluto zichtbaar maak, dan stel ik vast dat een hele reeks progs en services steeds opnieuw herhaald wordt, zo'n 15 minuten lang. Dit was een week geleden nog niet zo. Ook advanced systemcare 5.0 pro geeft geen beterschap. Tijdens het opstarten (na enkele minuten kan ik Google Chrome starten maar Internet Explorer niet. Ook Outlook werkt eerst een tijdje tijdens het opstarten maar na een vijftal minuten loopt hij vast om dan tien minuten later terug te werken. Het lijkt alsof dit alles gekomen is na een of andere update of installatie. Wat de kaartlezer betreft, vroeger verkreeg ik mijn foto enkele seconden nadat ik mijn identiteitskaart in de lezer plaatste, maar nu lukt dat niet meer. De eID viewer werkt pas wanneer ik eerst het programma opstart en daarna de kaarlezer in de usb-poort verbind.

Dit deed ik allemaal al maar daar hielp niet.

Tijdens het opstarten worden de opstartprogramma's en services meerdere keren herhaald en volgens Soluto is er een crash: 07/22/2012 (4 minutes ago) [h=3]beidservicecrl.exe | Zetes[/h]crashed After running for 11:23:51Exception access violation (c0000005) Community solutionnull null See full solution Research this crash No Solution YetConsider yourself a power user? Help describe & solve this crash [h=3]Stack Trace[/h][TABLE] [TR] [TH]Module [/TH] [TH]Offset [/TH] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x67ecd[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x6719a[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x673d5[/TD] [/TR] [TR] [TD]kernel32.dll:4da47967dc000[/TD] [TD]0x49c46[/TD] [/TR] [TR] [TD]msvcrt.dll:4ee8cc5aaa000[/TD] [TD]0x9c03[/TD] [/TR] [TR] [TD]qt_mt334[/TD] [TD]0x338a1[/TD] [/TR] [TR] [TD]qt_mt334[/TD] [TD]0x3382a[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x412f4[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x3b1bc[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x3b13e[/TD] [/TR] [TR] [TD]kernel32.dll:4da47967dc000[/TD] [TD]0x44409[/TD] [/TR] [TR] [TD]msvcrt.dll:4ee8cc5aaa000[/TD] [TD]0x13c3a[/TD] [/TR] [TR] [TD]msvcrt.dll:4ee8cc5aaa000[/TD] [TD]0x13b7c[/TD] [/TR] [TR] [TD]msvcrt.dll:4ee8cc5aaa000[/TD] [TD]0x13c19[/TD] [/TR] [TR] [TD]beidservicecrl.exe:45d9b14638000[/TD] [TD]0x27304[/TD] [/TR] [TR] [TD]kernel32.dll:4da47967dc000[/TD] [TD]0x4d309[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x41603[/TD] [/TR] [TR] [TD]ntdll.dll:4ec3e3d5128000[/TD] [TD]0x415d6[/TD] [/TR] [/TABLE] [h=3]Running modules during crash[/h][TABLE] [TR] [TH]Module [/TH] [TH]File Size [/TH] [TH]Version [/TH] [TH]Vendor [/TH] [TH]MD5 [/TH] [/TR] [TR] [TD]beidssleay32.dll[/TD] [TD]163840[/TD] [TD]0.9.7.0[/TD] [TD]The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS[/TD] [TD]22119944-7ff7-9910-d730-6d83ec75d3f1[/TD] [/TR] [TR] [TD]beidservicecrl.exe[/TD] [TD]229376[/TD] [TD]1.3.0.0[/TD] [TD] Zetes[/TD] [TD]2506962d-7688-5f9e-31db-e0c1c99eb086[/TD] [/TR] [TR] [TD]beidlibeay32.dll[/TD] [TD]876544[/TD] [TD]0.9.7.0[/TD] [TD]The OpenSSL Project, OpenSSL: The Open Source toolkit for SSL/TLS[/TD] [TD]df838738-48c7-b3c5-6caa-4057ad1c66c1[/TD] [/TR] [TR] [TD]qt-mt334.dll[/TD] [TD]4214784[/TD] [TD]3.3.4.1[/TD] [TD]Trolltech AS[/TD] [TD]93f7e287-ca86-4c26-4de3-71458529415a[/TD] [/TR] [TR] [TD]winspool.drv[/TD] [TD]270336[/TD] [TD]6.0.6002.18392[/TD] [TD]Microsoft Corporation[/TD] [TD]83fbc85e-1af3-d6a2-f421-f02c3f4f4475[/TD] [/TR] [TR] [TD]wsock32.dll[/TD] [TD]28672[/TD] [TD]6.0.6001.18000[/TD] [TD]Microsoft Corporation[/TD] [TD]6a8182e5-5548-4d91-effc-212e12b3b744[/TD] [/TR] [TR] [TD]comctl32.dll[/TD] [TD]1695744[/TD] [TD]6.10.6002.18305[/TD] [TD]Microsoft Corporation[/TD] [TD]28083cbe-8637-4c6c-291a-daf163c10ea6[/TD] [/TR] [TR] [TD]apphelp.dll[/TD] [TD]180224[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]57bd0711-844a-7736-35fe-c38b9bd64e6b[/TD] [/TR] [TR] [TD]lpk.dll[/TD] [TD]36864[/TD] [TD]6.0.6002.18051[/TD] [TD]Microsoft Corporation[/TD] [TD]74020eeb-e59c-88c4-741c-9a0abeab5dec[/TD] [/TR] [TR] [TD]advapi32.dll[/TD] [TD]811008[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]07a7ca50-172c-981b-8721-5c83d52069e4[/TD] [/TR] [TR] [TD]rpcrt4.dll[/TD] [TD]798720[/TD] [TD]6.0.6002.18024[/TD] [TD]Microsoft Corporation[/TD] [TD]ff1c28e2-3d79-097a-ce2b-35f9f8732ee3[/TD] [/TR] [TR] [TD]gdi32.dll[/TD] [TD]307200[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]b4e35678-4759-ef14-89bb-97375e8644ee[/TD] [/TR] [TR] [TD]ws2_32.dll[/TD] [TD]184320[/TD] [TD]6.0.6001.18000[/TD] [TD]Microsoft Corporation[/TD] [TD]7dd404b3-4457-20ba-fcb9-9fb8b2c07b0b[/TD] [/TR] [TR] [TD]usp10.dll[/TD] [TD]512000[/TD] [TD]1.626.6002.18244[/TD] [TD]Microsoft Corporation[/TD] [TD]4ff1ff80-5717-afb9-8be9-d314fc1ae88b[/TD] [/TR] [TR] [TD]shell32.dll[/TD] [TD]11603968[/TD] [TD]6.0.6002.18646[/TD] [TD]Microsoft Corporation[/TD] [TD]9001f1aa-230a-5ad7-e1ae-00840fa6f3b8[/TD] [/TR] [TR] [TD]msvcrt.dll[/TD] [TD]696320[/TD] [TD]7.0.6002.18551[/TD] [TD]Microsoft Corporation[/TD] [TD]d764af17-5427-285f-04f6-e6d998327e3f[/TD] [/TR] [TR] [TD]ole32.dll[/TD] [TD]1331200[/TD] [TD]6.0.6002.18277[/TD] [TD]Microsoft Corporation[/TD] [TD]cbe78695-5522-b0a8-97a7-e4538202585e[/TD] [/TR] [TR] [TD]msctf.dll[/TD] [TD]819200[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]69bdc3e3-1c70-b7e6-b171-01e4f7740534[/TD] [/TR] [TR] [TD]kernel32.dll[/TD] [TD]901120[/TD] [TD]6.0.6002.18449[/TD] [TD]Microsoft Corporation[/TD] [TD]3f474b57-aaac-910e-702b-86578440b525[/TD] [/TR] [TR] [TD]user32.dll[/TD] [TD]643072[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]47015175-45b9-4098-7666-f4802797c75a[/TD] [/TR] [TR] [TD]ntdll.dll[/TD] [TD]1212416[/TD] [TD]6.0.6002.18541[/TD] [TD]Microsoft Corporation[/TD] [TD]bb70a7dd-c2d7-02ed-4d6f-50e279d90e5b[/TD] [/TR] [TR] [TD]nsi.dll[/TD] [TD]24576[/TD] [TD]6.0.6001.18000[/TD] [TD]Microsoft Corporation[/TD] [TD]c6eb4aa6-8bc7-fd4c-7f41-a7277879df8f[/TD] [/TR] [TR] [TD]imm32.dll[/TD] [TD]122880[/TD] [TD]6.0.6002.18005[/TD] [TD]Microsoft Corporation[/TD] [TD]cecebdc8-82e0-4fb5-0bac-838bf0a34597[/TD] [/TR] [TR] [TD]shlwapi.dll[/TD] [TD]364544[/TD] [TD]6.0.6002.18393[/TD] [TD]Microsoft Corporation[/TD] [TD]51287691-b722-49b8-fec2-aa1b72a8f7a8[/TD] [/TR] [/TABLE] Technical details

OK hier is het: (De PC vertoonde geen problemen meer.) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:53:33, on 26/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\PLFSetI.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Belgacom\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Users\philip\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Linkscanner Uninstall Survey | AVG Nederland O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe (file missing) O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11039 bytes

Na het verwijderen van de mappen c:\programdata\blekko toolbars; c:\programdata\rocqirsjswuqywe en bij heropstarten werd fase 3 van windowsupdates uitgevoerd en liep de PC in een kringloop die voortdurend herhaald werd, hij startte dus steeds opnieuw op terwijl het scherm van fase 3 van de updates met 0% aan het lopen was. Ik heb een systeemherstel moeten uitvoeren om terug te kunnen opstarten. Nu is de virusscanner aan het lopen en alles lijkt normaal en loopt niet meer vast. Straks start ik nog eens opnieuw op en hopelijk verloopt deze keer alles normaal.

ComboFix 12-06-25.02 - philip 25/06/2012 11:25:27.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.1788 [GMT 2:00] Gestart vanuit: c:\users\philip\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\philip\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Tasks\0.job" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Tasks\0.job . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))) . . 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Marleen\AppData\Local\temp 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Ghislain\AppData\Local\temp 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 06:59 . 2012-06-25 06:59 -------- d-----w- c:\program files\AVG Secure Search 2012-06-23 06:00 . 2012-06-23 06:01 -------- d-----w- c:\users\Administrator 2012-06-22 17:03 . 2012-06-25 07:16 -------- d-----w- c:\programdata\AVG Secure Search 2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-22 17:00 . 2012-06-22 17:00 -------- d-----w- C:\$AVG 2012-06-22 17:00 . 2012-06-22 17:04 -------- d-----w- c:\programdata\AVG2012 2012-06-22 15:09 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5653ADA7-4C1B-471F-BF60-C003DBC5F742}\mpengine.dll 2012-06-22 13:08 . 2012-06-22 16:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-22 08:59 . 2012-06-22 08:59 -------- d-----w- c:\program files\Trend Micro 2012-06-22 07:31 . 2012-06-22 09:04 -------- d-----w- c:\programdata\blekko toolbars 2012-06-22 07:31 . 2012-06-22 07:31 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-06-22 06:15 . 2012-06-22 06:16 -------- d-----w- c:\users\philip 2012-06-22 03:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 03:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 03:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 03:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-21 04:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 15:44 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 15:44 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\programdata\WindowsSearch 2012-05-29 19:29 . 2012-05-29 19:29 -------- d-----w- c:\programdata\rocqirsjswuqywe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 17:45 . 2012-04-20 17:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 17:45 . 2011-06-27 16:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-04 13:56 . 2011-01-11 07:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 06:40 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-01-24 10:26 . 2010-06-25 20:09 13312 ----a-w- c:\program files\CreateCDGUI.exe 2006-12-12 14:07 . 2010-06-25 20:09 679152 ----a-w- c:\program files\mkisowin.exe 2006-01-17 10:08 . 2010-06-25 20:09 438272 ----a-w- c:\program files\BurnMe.exe 2002-11-12 14:20 . 2010-06-25 20:09 462336 ----a-w- c:\program files\vdscimg.dll 2000-05-06 04:51 . 2010-06-25 20:09 332800 ----a-w- c:\program files\vdsrun30dll.xxx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-25 06:59 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-25 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-24 3625984] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-25 1104440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-01-24 14:28 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Users^Ghislain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk] backup=c:\windows\pss\ctfmon.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Marleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2012-04-05 03:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2012-06-25 06:59 1104440 ----a-w- c:\program files\AVG Secure Search\vprot.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:45] . 2012-06-21 c:\windows\Tasks\Auto Backup for Ghislain.job - c:\program files\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 14:14] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003Core.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003UA.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://nl.intl.acer.yahoo.com TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-25 11:40 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(2180) c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . Voltooingstijd: 2012-06-25 11:43:56 ComboFix-quarantined-files.txt 2012-06-25 09:43 ComboFix2.txt 2012-06-25 07:59 . Pre-Run: 64.488.771.584 bytes beschikbaar Post-Run: 64.463.716.352 bytes beschikbaar . - - End Of File - - 2D011612780E0752F78989B3537B7F54 ---------- Post toegevoegd om 13:34 ---------- Vorige post was om 13:30 ---------- Alles lijkt beter te lopen, voorlopig loopt het niet meer vast. Ik doe nog eerst enekel controles, alvast bedankt voor de vlotte begeleiding.

ComboFix 12-06-25.02 - philip 25/06/2012 11:25:27.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.1788 [GMT 2:00] Gestart vanuit: c:\users\philip\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\philip\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Tasks\0.job" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Tasks\0.job . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))) . . 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Marleen\AppData\Local\temp 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Ghislain\AppData\Local\temp 2012-06-25 09:40 . 2012-06-25 09:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 06:59 . 2012-06-25 06:59 -------- d-----w- c:\program files\AVG Secure Search 2012-06-23 06:00 . 2012-06-23 06:01 -------- d-----w- c:\users\Administrator 2012-06-22 17:03 . 2012-06-25 07:16 -------- d-----w- c:\programdata\AVG Secure Search 2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-22 17:00 . 2012-06-22 17:00 -------- d-----w- C:\$AVG 2012-06-22 17:00 . 2012-06-22 17:04 -------- d-----w- c:\programdata\AVG2012 2012-06-22 15:09 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5653ADA7-4C1B-471F-BF60-C003DBC5F742}\mpengine.dll 2012-06-22 13:08 . 2012-06-22 16:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-22 08:59 . 2012-06-22 08:59 -------- d-----w- c:\program files\Trend Micro 2012-06-22 07:31 . 2012-06-22 09:04 -------- d-----w- c:\programdata\blekko toolbars 2012-06-22 07:31 . 2012-06-22 07:31 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-06-22 06:15 . 2012-06-22 06:16 -------- d-----w- c:\users\philip 2012-06-22 03:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 03:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 03:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 03:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-21 04:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 15:44 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 15:44 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\programdata\WindowsSearch 2012-05-29 19:29 . 2012-05-29 19:29 -------- d-----w- c:\programdata\rocqirsjswuqywe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 17:45 . 2012-04-20 17:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 17:45 . 2011-06-27 16:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-04 13:56 . 2011-01-11 07:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 06:40 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-01-24 10:26 . 2010-06-25 20:09 13312 ----a-w- c:\program files\CreateCDGUI.exe 2006-12-12 14:07 . 2010-06-25 20:09 679152 ----a-w- c:\program files\mkisowin.exe 2006-01-17 10:08 . 2010-06-25 20:09 438272 ----a-w- c:\program files\BurnMe.exe 2002-11-12 14:20 . 2010-06-25 20:09 462336 ----a-w- c:\program files\vdscimg.dll 2000-05-06 04:51 . 2010-06-25 20:09 332800 ----a-w- c:\program files\vdsrun30dll.xxx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-25 06:59 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-25 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-24 3625984] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-25 1104440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-01-24 14:28 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Users^Ghislain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk] backup=c:\windows\pss\ctfmon.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Marleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2012-04-05 03:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2012-06-25 06:59 1104440 ----a-w- c:\program files\AVG Secure Search\vprot.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:45] . 2012-06-21 c:\windows\Tasks\Auto Backup for Ghislain.job - c:\program files\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 14:14] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003Core.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003UA.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://nl.intl.acer.yahoo.com TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-25 11:40 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(2180) c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . Voltooingstijd: 2012-06-25 11:43:56 ComboFix-quarantined-files.txt 2012-06-25 09:43 ComboFix2.txt 2012-06-25 07:59 . Pre-Run: 64.488.771.584 bytes beschikbaar Post-Run: 64.463.716.352 bytes beschikbaar . - - End Of File - - 2D011612780E0752F78989B3537B7F54

Sorry, had combofix uitgevoerd in veilige modus. hierna de log: ComboFix 12-06-25.01 - philip 25/06/2012 9:29.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.1283 [GMT 2:00] Gestart vanuit: c:\users\philip\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))) . . 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Marleen\AppData\Local\temp 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Ghislain\AppData\Local\temp 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 06:59 . 2012-06-25 06:59 -------- d-----w- c:\program files\AVG Secure Search 2012-06-23 06:00 . 2012-06-23 06:01 -------- d-----w- c:\users\Administrator 2012-06-22 17:03 . 2012-06-25 07:16 -------- d-----w- c:\programdata\AVG Secure Search 2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-22 17:00 . 2012-06-22 17:00 -------- d-----w- C:\$AVG 2012-06-22 17:00 . 2012-06-22 17:04 -------- d-----w- c:\programdata\AVG2012 2012-06-22 15:09 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5653ADA7-4C1B-471F-BF60-C003DBC5F742}\mpengine.dll 2012-06-22 13:08 . 2012-06-22 16:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-22 08:59 . 2012-06-22 08:59 -------- d-----w- c:\program files\Trend Micro 2012-06-22 07:31 . 2012-06-22 09:04 -------- d-----w- c:\programdata\blekko toolbars 2012-06-22 07:31 . 2012-06-22 07:31 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-06-22 06:15 . 2012-06-22 06:16 -------- d-----w- c:\users\philip 2012-06-22 03:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 03:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 03:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 03:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-21 04:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 15:44 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 15:44 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\programdata\WindowsSearch 2012-05-29 19:29 . 2012-05-29 19:29 -------- d-----w- c:\programdata\rocqirsjswuqywe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 17:45 . 2012-04-20 17:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 17:45 . 2011-06-27 16:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-04 13:56 . 2011-01-11 07:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 06:40 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-01-24 10:26 . 2010-06-25 20:09 13312 ----a-w- c:\program files\CreateCDGUI.exe 2006-12-12 14:07 . 2010-06-25 20:09 679152 ----a-w- c:\program files\mkisowin.exe 2006-01-17 10:08 . 2010-06-25 20:09 438272 ----a-w- c:\program files\BurnMe.exe 2002-11-12 14:20 . 2010-06-25 20:09 462336 ----a-w- c:\program files\vdscimg.dll 2000-05-06 04:51 . 2010-06-25 20:09 332800 ----a-w- c:\program files\vdsrun30dll.xxx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-25 06:59 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-25 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-24 3625984] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-25 1104440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start Linkscanner Uninstall Survey | AVG Nederland" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-01-24 14:28 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Users^Ghislain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk] backup=c:\windows\pss\ctfmon.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Marleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2012-04-05 03:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2012-06-25 06:59 1104440 ----a-w- c:\program files\AVG Secure Search\vprot.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-22 c:\windows\Tasks\0.job - c:\program files\internet explorer\iexplore.exe [2012-06-22 23:21] . 2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:45] . 2012-06-21 c:\windows\Tasks\Auto Backup for Ghislain.job - c:\program files\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 14:14] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003Core.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003UA.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://nl.intl.acer.yahoo.com TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-ExtraFilmManager - c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe AddRemove-myBabylon_English Toolbar - c:\progra~1\MYBABY~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-25 09:53 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4812) c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe c:\program files\Acer\Empowering Technology\Service\ETService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Acer\Acer Bio Protection\BASVC.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\acer\Mobility Center\MobilityService.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe c:\program files\Belgacom\bin\sprtsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\system32\igfxsrvc.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\windows\system32\wbem\unsecapp.exe c:\users\philip\AppData\Local\Temp\RtkBtMnt.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Voltooingstijd: 2012-06-25 09:59:07 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-25 07:59 . Pre-Run: 65.187.127.296 bytes beschikbaar Post-Run: 64.676.986.880 bytes beschikbaar . - - End Of File - - C05268CC021A1BAA614711E89793CA18 ---------- Post toegevoegd om 10:01 ---------- Vorige post was om 10:00 ---------- Sorry, had combofix uitgevoerd in veilige modus. hierna de log: ComboFix 12-06-25.01 - philip 25/06/2012 9:29.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.1283 [GMT 2:00] Gestart vanuit: c:\users\philip\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))) . . 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Marleen\AppData\Local\temp 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Ghislain\AppData\Local\temp 2012-06-25 07:47 . 2012-06-25 07:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-25 06:59 . 2012-06-25 06:59 -------- d-----w- c:\program files\AVG Secure Search 2012-06-23 06:00 . 2012-06-23 06:01 -------- d-----w- c:\users\Administrator 2012-06-22 17:03 . 2012-06-25 07:16 -------- d-----w- c:\programdata\AVG Secure Search 2012-06-22 17:03 . 2012-06-22 17:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-22 17:00 . 2012-06-22 17:00 -------- d-----w- C:\$AVG 2012-06-22 17:00 . 2012-06-22 17:04 -------- d-----w- c:\programdata\AVG2012 2012-06-22 15:09 . 2012-06-18 01:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5653ADA7-4C1B-471F-BF60-C003DBC5F742}\mpengine.dll 2012-06-22 13:08 . 2012-06-22 16:33 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-22 08:59 . 2012-06-22 08:59 -------- d-----w- c:\program files\Trend Micro 2012-06-22 07:31 . 2012-06-22 09:04 -------- d-----w- c:\programdata\blekko toolbars 2012-06-22 07:31 . 2012-06-22 07:31 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor 2012-06-22 06:15 . 2012-06-22 06:16 -------- d-----w- c:\users\philip 2012-06-22 03:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 03:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 03:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 03:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 04:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-21 04:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-19 15:44 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 15:44 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-04 14:13 . 2012-06-04 14:13 -------- d-----w- c:\programdata\WindowsSearch 2012-05-29 19:29 . 2012-05-29 19:29 -------- d-----w- c:\programdata\rocqirsjswuqywe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 17:45 . 2012-04-20 17:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 17:45 . 2011-06-27 16:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-04-04 13:56 . 2011-01-11 07:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 08:16 . 2012-05-12 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 06:40 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2007-01-24 10:26 . 2010-06-25 20:09 13312 ----a-w- c:\program files\CreateCDGUI.exe 2006-12-12 14:07 . 2010-06-25 20:09 679152 ----a-w- c:\program files\mkisowin.exe 2006-01-17 10:08 . 2010-06-25 20:09 438272 ----a-w- c:\program files\BurnMe.exe 2002-11-12 14:20 . 2010-06-25 20:09 462336 ----a-w- c:\program files\vdscimg.dll 2000-05-06 04:51 . 2010-06-25 20:09 332800 ----a-w- c:\program files\vdsrun30dll.xxx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-06-25 06:59 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-25 2068536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-25 145944] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192] "ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2009-01-24 3625984] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016] "Belgacom"="c:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-25 1104440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start Linkscanner Uninstall Survey | AVG Nederland" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000] 2009-01-24 14:28 2938880 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKLM\~\startupfolder\C:^Users^Ghislain^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk] backup=c:\windows\pss\ctfmon.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Marleen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY] 2012-04-05 03:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 13:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt] 2012-06-25 06:59 1104440 ----a-w- c:\program files\AVG Secure Search\vprot.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-06-22 c:\windows\Tasks\0.job - c:\program files\internet explorer\iexplore.exe [2012-06-22 23:21] . 2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 17:45] . 2012-06-21 c:\windows\Tasks\Auto Backup for Ghislain.job - c:\program files\Packard Bell\Packard Bell Software Suite\DSMsg.exe [2008-01-09 14:14] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 16:40] . 2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003Core.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-75373782-2752769981-735008259-1003UA.job - c:\users\Ghislain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 17:30] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mStart Page = hxxp://nl.intl.acer.yahoo.com TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-ExtraFilmManager - c:\program files\ExtraFilm Designer BE NL\ExtraFilmManager.exe HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe AddRemove-myBabylon_English Toolbar - c:\progra~1\MYBABY~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-25 09:53 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4812) c:\windows\System32\SysHook.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe c:\program files\Acer\Empowering Technology\Service\ETService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Acer\Acer Bio Protection\BASVC.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\acer\Mobility Center\MobilityService.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe c:\program files\Belgacom\bin\sprtsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\conime.exe c:\windows\RtHDVCpl.exe c:\windows\system32\igfxsrvc.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\windows\system32\wbem\unsecapp.exe c:\users\philip\AppData\Local\Temp\RtkBtMnt.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Voltooingstijd: 2012-06-25 09:59:07 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-25 07:59 . Pre-Run: 65.187.127.296 bytes beschikbaar Post-Run: 64.676.986.880 bytes beschikbaar . - - End Of File - - C05268CC021A1BAA614711E89793CA18

ComboFix 12-06-21.03 - philip 22/06/2012 16:25:10.1.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2936.2468 [GMT 2:00] Gestart vanuit: C:\Users\philip\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) ---- Voorgaande Run ------- C:\Program Files\Acer\Acer Bio Protection\PwdFilter.dll C:\ProgramData\Microsoft\Windows\Start Menu\Programs\.lnk C:\ProgramData\xecbjrlaekgvkgs C:\Users\Ghislain\AppData\Roaming\~ygw.tmp C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf C:\Windows\system32\roboot.exe D:\install.exe

Loopt nog steeds vast enkele "seconden" na het uitvoeren van bv. malwarebytes

Na mbam Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.22.02 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 7.0.6001.18000 philip :: PC_VAN_GHISLAIN [administrator] Protection: Disabled 22/06/2012 12:08:58 mbam-log-2012-06-22 (12-08-58).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 398434 Time elapsed: 49 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile Hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:11:26, on 22/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=NzctMTMzODE0NjcxOS1UMS1LVjMrNy1CQSsxLVhMKzEtVUNBTEwrMS1CQVI4RysxLVVDQUxMMisyLUZMKzktWE8zNisxLUxJQysyLUZMMTArMS1TUDErMS1TVVArNC1UVUcrMy1TUDFTNCsxLUREVCsyNzA4MS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRU4rMS1UQisxLVUxMCsxLUYxMFRCKzItU1QxMFRCRisxLUNJQTEwKzItRjEwTTEyUisxLVZJUDEyKzEtVEwrMQ"&"prod=55"&"ver=10.0.1424 O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe (file missing) O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10770 bytes

Na het uitvoeren van een programma (AVG-malwarebytes-...) loopt de pc steeds vast Dit is de hijacklog: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:19:42, on 22/06/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = blekko | spam free search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ExtraFilmManager] "C:\Program Files\ExtraFilm Designer BE NL\ExtraFilmManager.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start Linkscanner Uninstall Survey | AVG Nederland O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\dllniaso64.dat,StartAs (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\dllniaso64.dat,StartAs (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing) O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11620 bytes

Dit werkt niet in dbase. Is dus geen oplossing. ---------- Post toegevoegd om 09:21 ---------- Vorige post was om 09:15 ---------- Voorlopig werk ik met een virtual machine (Oracle VM virtualbox) waarin ik windows XP installeerde en daarin terug met dbase kan werken zoals vroeger. Dit werkt zeer goed maar is toch een beetje een omweg. Je moet al een kenner zijn om zoiets op te zetten.

Ik werk nog met een oud programma geschreven in dbase 4 voor dos. Tot windows XP werkte dit programma perfect. Sedert Windows Vista en ook windows 7 krijg ik steed een qwerty-keyboard i.p.v. een azerty keyboard. Hoe kan ik terug een azerty-keyboard verkrijgen?

De tijd van mijn PC wordt niet meer bijgehouden terwijl hij uitstaat. Als hij enkele uren uitstaat, is de tijde hetzelfde aantal uren in retard.

Kent er iemand een oplossing om een azerty-klavier te verkrijgen in dbase IV onder Vista. Een programma, gemaakt in dbase IV werkte onder Windows XP prima, maar in Vista zijn er problemen met de languagedrivers en met het azertyklavier.

Uitgevoerd zoals beschreven. Hieronder de logs. ComboFix 09-03-19.02 - tony 2009-03-22 19:22:44.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.503.131 [GMT 1:00] Gestart vanuit: c:\documents and settings\tony\Bureaublad\Combo-Fix.exe gebruikte Opdracht switches :: c:\documents and settings\tony\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Nieuw herstelpunt werd aangemaakt FILE :: c:\windows\nfr.assembly c:\windows\nl10.exe c:\windows\system32\nfr.assembly c:\windows\system32\OGAVerify.exe c:\windows\t55ft2799f44.dat c:\windows\t55ft2807f44.dat c:\windows\t55ft3223f44.dat c:\windows\t55ft3532f44.dat c:\windows\t55ft3533f44.dat c:\windows\t55ft3928f44.dat c:\windows\t55ft3949f44.dat c:\windows\Tasks\OGADaily.job c:\windows\Tasks\OGALogon.job . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\SchijfBewaker c:\program files\Macrogaming\SweetIM c:\program files\Macrogaming\SweetIM\conf\adapter.xml c:\program files\Macrogaming\SweetIM\conf\autoupdate.xml c:\program files\Macrogaming\SweetIM\conf\logger.xml c:\program files\Macrogaming\SweetIM\conf\messages.xml c:\program files\Macrogaming\SweetIM\conf\sweetim.xml c:\program files\Macrogaming\SweetIM\conf\sweetimapp.xml c:\program files\Macrogaming\SweetIM\conf\users\main_user_config.xml c:\program files\Macrogaming\SweetIM\conf\users\solenneke@hotmail.com\emoticons_shortcut.xml c:\program files\Macrogaming\SweetIM\conf\users\solenneke@hotmail.com\lastuse_Audibles.xml c:\program files\Macrogaming\SweetIM\conf\users\solenneke@hotmail.com\lastuse_Emoticons.xml c:\program files\Macrogaming\SweetIM\conf\users\solenneke@hotmail.com\lastuse_Winks.xml c:\program files\Macrogaming\SweetIM\conf\users\solenneke@hotmail.com\user_config.xml c:\program files\Macrogaming\SweetIM\data\contentdb\0001081A.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00010859.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00010893.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00010896.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0001089B.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108A9.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108AA.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108AD.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108BE.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108C2.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108DD.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108F1.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108F4.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108FD.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000108FF.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0001091C.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0001092C.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00010937.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00010954.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0002006A.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0002006C.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0002006D.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020071.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020075.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020077.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000200C0.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000200F1.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020114.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020121.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020158.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020185.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000201DA.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000201DC.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000201F6.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020201.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020226.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00020239.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000202ED.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0002031D.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00030063.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00030098.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00030099.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0003009A.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000300A1.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0004002B.dat c:\program files\Macrogaming\SweetIM\data\contentdb\000400C4.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00050005.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00080020.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00080024.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00080046.dat c:\program files\Macrogaming\SweetIM\data\contentdb\00080057.dat c:\program files\Macrogaming\SweetIM\data\contentdb\0008006E.dat c:\program files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat c:\program files\Macrogaming\SweetIM\default.xml c:\program files\Macrogaming\SweetIM\mgAdaptersProxy.dll c:\program files\Macrogaming\SweetIM\mgAIMAuto.dll c:\program files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll c:\program files\Macrogaming\SweetIM\mgArchive.dll c:\program files\Macrogaming\SweetIM\mgcommon.dll c:\program files\Macrogaming\SweetIM\mgcommunication.dll c:\program files\Macrogaming\SweetIM\mgconfig.dll c:\program files\Macrogaming\SweetIM\mgFlashPlayer.dll c:\program files\Macrogaming\SweetIM\mghooking.dll c:\program files\Macrogaming\SweetIM\mgIEPlayer.dll c:\program files\Macrogaming\SweetIM\mglogger.dll c:\program files\Macrogaming\SweetIM\mgMediaPlayer.dll c:\program files\Macrogaming\SweetIM\mgMsnAuto.dll c:\program files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll c:\program files\Macrogaming\SweetIM\mgSweetIM.dll c:\program files\Macrogaming\SweetIM\mgUpdateSupport.dll c:\program files\Macrogaming\SweetIM\mgxml_wrapper.dll c:\program files\Macrogaming\SweetIM\mgYahooAuto.dll c:\program files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll c:\program files\Macrogaming\SweetIM\msvcp71.dll c:\program files\Macrogaming\SweetIM\msvcr71.dll c:\program files\Macrogaming\SweetIM\resources\images\AudibleButton.png c:\program files\Macrogaming\SweetIM\resources\images\DisplayPicturesButton.png c:\program files\Macrogaming\SweetIM\resources\images\EmoticonButton.png c:\program files\Macrogaming\SweetIM\resources\images\NudgeButton.png c:\program files\Macrogaming\SweetIM\resources\images\SoundFxButton.png c:\program files\Macrogaming\SweetIM\resources\images\WinksButton.png c:\program files\Macrogaming\SweetIM\SweetIM.exe c:\program files\SchijfBewaker c:\windows\9gdfgjf23\ c:\windows\nfr.assembly c:\windows\nl10.exe c:\windows\system32\887164 c:\windows\system32\nfr.assembly c:\windows\system32\OGAVerify.exe c:\windows\t55ft2799f44.dat c:\windows\t55ft2807f44.dat c:\windows\t55ft3223f44.dat c:\windows\t55ft3532f44.dat c:\windows\t55ft3533f44.dat c:\windows\t55ft3928f44.dat c:\windows\t55ft3949f44.dat c:\windows\Tasks\OGADaily.job c:\windows\Tasks\OGALogon.job . (((((((((((((((((((( Bestanden Gemaakt van 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))) . 2009-03-22 18:19 . 2005-10-26 16:12 <DIR> d--h----- c:\documents and settings\Administrator.TONYC\Sjablonen 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> dr-h----- c:\documents and settings\Administrator.TONYC\Onlangs geopend 2009-03-22 18:19 . 2005-10-26 18:05 <DIR> d--h----- c:\documents and settings\Administrator.TONYC\Netwerkprinteromgeving 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> dr------- c:\documents and settings\Administrator.TONYC\Mijn documenten 2009-03-22 18:19 . 2005-10-26 18:05 <DIR> dr------- c:\documents and settings\Administrator.TONYC\Menu Start 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> dr------- c:\documents and settings\Administrator.TONYC\Favorieten 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> d-------- c:\documents and settings\Administrator.TONYC\Bureaublad 2009-03-22 18:19 . 2009-03-22 18:20 <DIR> d-------- c:\documents and settings\Administrator.TONYC\Application Data\AVGTOOLBAR 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> d-------- c:\documents and settings\Administrator.TONYC 2009-03-22 16:52 . 2009-03-22 16:52 <DIR> d-------- c:\program files\CCleaner 2009-03-22 16:52 . 2009-03-22 18:44 <DIR> dr-h----- c:\documents and settings\tony\Onlangs geopend 2009-03-21 10:02 . 2009-03-22 12:23 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-21 09:51 . 2009-03-22 08:40 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-21 09:51 . 2009-03-21 09:51 <DIR> d-------- c:\program files\AVG 2009-03-21 09:51 . 2009-03-21 09:59 <DIR> d-------- c:\documents and settings\tony\Application Data\AVGTOOLBAR 2009-03-21 09:51 . 2009-03-22 08:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-21 09:51 . 2009-03-21 09:51 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-21 09:51 . 2009-03-21 09:51 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-21 09:51 . 2009-03-21 09:51 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-13 18:30 . 2009-03-13 18:30 118 --a------ c:\windows\system32\MRT.INI 2009-03-06 17:54 . 2009-03-06 17:54 1 --a------ c:\windows\9gdfgjf23 2009-02-22 13:50 . 2009-02-27 17:19 <DIR> d-------- c:\program files\Netlog Uploader . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-22 18:23 --------- d-----w c:\program files\Macrogaming 2009-03-21 17:16 374 ----a-w c:\documents and settings\tony\Application Data\internaldb6334.dat 2009-03-21 17:05 18,432 ----a-w c:\documents and settings\tony\Application Data\internaldb41.dat 2009-03-21 16:47 555 ----a-w c:\documents and settings\tony\Application Data\internaldb8467.dat 2009-03-08 13:06 --------- d-----w c:\program files\Windows Live 2009-02-27 16:29 --------- d-----w c:\program files\Windows Live Toolbar 2009-02-19 19:31 --------- d-----w c:\program files\Common Files\Adobe 2009-02-19 19:20 --------- d-----w c:\program files\Bonjour 2009-02-19 19:13 --------- d-----w c:\program files\Common Files\Macrovision Shared 2009-02-19 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-02-11 14:23 --------- d-----w c:\documents and settings\tony\Application Data\U3 2009-02-11 14:03 --------- d-----w c:\program files\Google 2009-02-09 14:08 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-01-18 11:49 44,814,336 ----a-w C:\Photoshop.exe 2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr 2008-12-31 16:04 691,560 ----a-w c:\windows\system32\OGACheckControl.dll 2008-12-31 16:04 502,120 ----a-w c:\windows\system32\OGAAddin.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-21 1932568] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ enhanced keyboard driver.lnk - c:\program files\EnhanceKeyboard\kb_2k.exe [2005-10-29 221184] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-10-29 98304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-21 09:51 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:TCP"= 80:TCP:dll32 "7070:TCP"= 7070:TCP:nfr "7171:TCP"= 7171:TCP:dll32 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-21 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-21 107912] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-21 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-21 298264] R3 ipgd;IC Plus IP1000 Family Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [2005-10-26 33792] S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2001-09-07 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nfrsvc REG_MULTI_SZ NFRAgent [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a40fa16-d587-11dc-96fb-00508d7e3c1c}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a40fa23-d587-11dc-96fb-00508d7e3c1c}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2a84950-b0a7-11dd-97c0-00508d7e3c1c}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie mWindow Title = Telenet Internet uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Trusted Zone: mirarsearch.com\click Trusted Zone: mirarsearch.com\redirect . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-22 19:24:19 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Voltooingstijd: 2009-03-22 19:25:29 ComboFix-quarantined-files.txt 2009-03-22 18:25:27 ComboFix2.txt 2009-03-22 17:42:10 Pre-Run: 105.137.651.712 bytes beschikbaar Post-Run: 105,122,361,344 bytes beschikbaar 280 --- E O F --- 2009-03-13 17:30:48 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:26:18, on 22/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\EnhanceKeyboard\kb_2k.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\tony\Bureaublad\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: enhanced keyboard driver.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6953 bytes

combofix heeft alles afgewerkt. Schijfcontrole werkt weer en defragmentatie ook. Alvast hartelijk dank voor je snelle reactie en dan nog op een zondag. Bedankt. Hieronder vind je het logbestand van combofix en eveneens van hijackthis. ComboFix 09-03-19.02 - tony 2009-03-22 18:33:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1043.18.503.228 [GMT 1:00] Gestart vanuit: c:\documents and settings\tony\Bureaublad\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\salesmonitor c:\documents and settings\tony\Application Data\Antivirus2008y c:\documents and settings\tony\ResErrors.log c:\program files\Common Files\System\Uninstall c:\program files\Common Files\System\Uninstall\Uninstall A360.lnk c:\program files\dbar c:\program files\FunWebProducts c:\program files\MyWebSearch c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL c:\program files\PCPrivacyCleaner c:\program files\VirusRemover2008 c:\program files\winvi c:\program files\winvi\dsktp\AC_RunActiveContent.js c:\program files\winvi\dsktp\desktop.html c:\program files\winvi\dsktp\internetDetection.swf c:\program files\winvi\dsktp\settings.sol c:\program files\winvi\icons\bufferthis.ico c:\program files\winvi\icons\flashfunpages.ico c:\program files\winvi\icons\funnies.ico c:\program files\winvi\icons\funnyfunpages.ico c:\program files\winvi\icons\goodcleanvideos.ico c:\program files\winvi\icons\newfunpages.ico c:\program files\winvi\icons\positivethoughts.ico c:\program files\winvi\icons\removespyware.ico c:\program files\winvi\icons\thissiterocks.ico c:\program files\winvi\temp\version.ini c:\program files\winvi\version.ini c:\windows\jestertb.dll c:\windows\system32\drivers\UACamyqvpxu.sys c:\windows\system32\UACblmluiyu.log c:\windows\system32\UACcpboexwn.dll c:\windows\system32\UACflbonipp.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACirftobig.dll c:\windows\system32\UACopykrwai.dll c:\windows\system32\UACqpenittw.log c:\windows\system32\UACrebqafqx.log c:\windows\system32\UACsiemuedi.dll c:\windows\system32\UACsklyfvnk.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_FMTR (((((((((((((((((((( Bestanden Gemaakt van 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))) . 2009-03-22 18:19 . 2005-10-26 16:12 <DIR> d--h----- c:\documents and settings\Administrator.TONYC\Sjablonen 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> dr-h----- c:\documents and settings\Administrator.TONYC\Onlangs geopend 2009-03-22 18:19 . 2005-10-26 18:05 <DIR> d--h----- c:\documents and settings\Administrator.TONYC\Netwerkprinteromgeving 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> dr------- c:\documents and settings\Administrator.TONYC\Mijn documenten 2009-03-22 18:19 . 2005-10-26 18:05 <DIR> dr------- c:\documents and settings\Administrator.TONYC\Menu Start 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> dr------- c:\documents and settings\Administrator.TONYC\Favorieten 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> d-------- c:\documents and settings\Administrator.TONYC\Bureaublad 2009-03-22 18:19 . 2009-03-22 18:20 <DIR> d-------- c:\documents and settings\Administrator.TONYC\Application Data\AVGTOOLBAR 2009-03-22 18:19 . 2009-03-22 18:19 <DIR> d-------- c:\documents and settings\Administrator.TONYC 2009-03-22 16:52 . 2009-03-22 16:52 <DIR> d-------- c:\program files\CCleaner 2009-03-22 16:52 . 2009-03-22 16:52 <DIR> dr-h----- c:\documents and settings\tony\Onlangs geopend 2009-03-21 10:02 . 2009-03-22 12:23 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-21 09:51 . 2009-03-22 08:40 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-21 09:51 . 2009-03-21 09:51 <DIR> d-------- c:\program files\AVG 2009-03-21 09:51 . 2009-03-21 09:59 <DIR> d-------- c:\documents and settings\tony\Application Data\AVGTOOLBAR 2009-03-21 09:51 . 2009-03-22 08:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-21 09:51 . 2009-03-21 09:51 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-21 09:51 . 2009-03-21 09:51 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-21 09:51 . 2009-03-21 09:51 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-13 18:30 . 2009-03-13 18:30 118 --a------ c:\windows\system32\MRT.INI 2009-03-08 14:00 . 2009-03-08 14:00 0 --a------ c:\windows\system32\nfr.assembly 2009-03-06 17:54 . 2009-03-08 13:59 <DIR> d-------- c:\windows\system32\887164 2009-03-06 17:54 . 2009-03-08 14:01 23,040 ---h----- c:\windows\nl10.exe 2009-03-06 17:54 . 2009-03-06 17:54 1 ---h----- c:\windows\t55ft2799f44.dat 2009-03-06 17:54 . 2009-03-06 17:54 1 --a------ c:\windows\9gdfgjf23 2009-03-04 11:14 . 2009-03-04 11:14 1 ---h----- c:\windows\t55ft3223f44.dat 2009-03-04 11:14 . 2009-03-04 11:14 1 ---h----- c:\windows\t55ft2807f44.dat 2009-02-26 16:48 . 2009-02-26 16:48 0 --a------ c:\windows\nfr.assembly 2009-02-26 16:02 . 2009-02-26 16:02 1 ---h----- c:\windows\t55ft3949f44.dat 2009-02-26 16:02 . 2009-02-26 16:02 1 ---h----- c:\windows\t55ft3533f44.dat 2009-02-25 11:10 . 2009-02-25 11:10 1 ---h----- c:\windows\t55ft3928f44.dat 2009-02-25 11:10 . 2009-02-25 11:10 1 ---h----- c:\windows\t55ft3532f44.dat 2009-02-22 13:50 . 2009-02-27 17:19 <DIR> d-------- c:\program files\Netlog Uploader . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-22 11:23 --------- d-----w c:\program files\Common Files\SchijfBewaker 2009-03-21 17:16 374 ----a-w c:\documents and settings\tony\Application Data\internaldb6334.dat 2009-03-21 17:05 18,432 ----a-w c:\documents and settings\tony\Application Data\internaldb41.dat 2009-03-21 16:47 555 ----a-w c:\documents and settings\tony\Application Data\internaldb8467.dat 2009-03-21 16:34 --------- d-----w c:\program files\SchijfBewaker 2009-03-08 13:06 --------- d-----w c:\program files\Windows Live 2009-02-27 16:29 --------- d-----w c:\program files\Windows Live Toolbar 2009-02-19 19:31 --------- d-----w c:\program files\Common Files\Adobe 2009-02-19 19:20 --------- d-----w c:\program files\Bonjour 2009-02-19 19:13 --------- d-----w c:\program files\Common Files\Macrovision Shared 2009-02-19 17:50 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-02-11 14:23 --------- d-----w c:\documents and settings\tony\Application Data\U3 2009-02-11 14:03 --------- d-----w c:\program files\Google 2009-01-18 11:49 44,814,336 ----a-w C:\Photoshop.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-21 1932568] "SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 103712] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-07-01 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-07-01 118784] "SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ enhanced keyboard driver.lnk - c:\program files\EnhanceKeyboard\kb_2k.exe [2005-10-29 221184] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-10-29 98304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-21 09:51 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:TCP"= 80:TCP:dll32 "7070:TCP"= 7070:TCP:nfr "7171:TCP"= 7171:TCP:dll32 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-21 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-21 107912] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-21 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-21 298264] R3 ipgd;IC Plus IP1000 Family Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\ipgdnd51.sys [2005-10-26 33792] S2 NFRAgent;NFRAgent;c:\windows\system32\svchost.exe -k nfrsvc [2001-09-07 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nfrsvc REG_MULTI_SZ NFRAgent [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a40fa16-d587-11dc-96fb-00508d7e3c1c}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a40fa23-d587-11dc-96fb-00508d7e3c1c}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2a84950-b0a7-11dd-97c0-00508d7e3c1c}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Inhoud van de 'Gedeelde Taken' map 2009-02-19 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04] 2009-03-22 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04] . - - - - ORPHANS VERWIJDERD - - - - BHO-{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - c:\windows\system32\WinNB58.dll WebBrowser-{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - c:\windows\system32\WinNB58.dll HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe HKLM-Run-Salestart(1) - c:\program files\Common Files\VeiligheidsAgent\stmon.exe . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie mWindow Title = Telenet Internet uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local;<local> uInternet Settings,ProxyServer = http=localhost:7171 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html Trusted Zone: mirarsearch.com\click Trusted Zone: mirarsearch.com\redirect DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-22 18:39:40 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Voltooingstijd: 2009-03-22 18:42:08 - machine werd herstart ComboFix-quarantined-files.txt 2009-03-22 17:42:04 Pre-Run: 104,399,069,184 bytes beschikbaar Post-Run: 105,145,389,056 bytes beschikbaar WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 234 --- E O F --- 2009-03-13 17:30:48 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:43:56, on 22/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\EnhanceKeyboard\kb_2k.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\tony\Bureaublad\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: enhanced keyboard driver.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 7297 bytes

Dit is gelukt. Hij is de recovery console aan het installeren. Combofix heeft de aanwezigheid van rootkit activiteit vastgesteld.

Ik stel eveneens vast dat schijcontrole en defragmentatie ook niet meer kunnen opgestard worden.

TDSSserv.sys of iets dergelijks staat niet in de lijst.

ook combofix wil niet opstarten. Het proces is wel terug te vinden in taakbeheer, maar er gebeurt niets. dit was ook het geval met MBAM.

antivirus 360 lijkt verwijderd te zijn. Geen problmenen meer bij het surfen, maar wat zou de reden kunnen zijn dat MBAM niet wil starten?