Ga naar inhoud

joska

Lid
  • Items

    127
  • Registratiedatum

  • Laatst bezocht

Alles dat geplaatst werd door joska

  1. Na nogmaals meerdere keren te hebben gedownload, en uninstall onverwacht gelukt. ComboFix 12-10-14.03 - Gebruiker 15-10-2012 10:34:50.12.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2940.2313 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_ctypes.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_elementtree.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_hashlib.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_socket.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\_ssl.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\pyexpat.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\pysqlite2._sqlite.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\python26.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\pythoncom26.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\pywintypes26.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\select.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\unicodedata.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32api.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32com.shell.shell.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32crypt.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32event.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32file.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32inet.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32pdh.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32process.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\win32security.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\windows._cacheinvalidation.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._controls_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._core_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._gdi_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._html2.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._misc_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._windows_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wx._wizard.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxbase293u_net_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxbase293u_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxmsw293u_adv_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxmsw293u_core_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxmsw293u_html_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI31962\wxmsw293u_webview_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_ctypes.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_elementtree.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_hashlib.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_socket.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\_ssl.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\pyexpat.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\pysqlite2._sqlite.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\python26.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\pythoncom26.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\pywintypes26.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\select.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\unicodedata.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32api.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32com.shell.shell.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32crypt.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32event.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32file.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32inet.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32pdh.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32process.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\win32security.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\windows._cacheinvalidation.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._controls_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._core_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._gdi_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._html2.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._misc_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._windows_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wx._wizard.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxbase293u_net_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxbase293u_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxmsw293u_adv_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxmsw293u_core_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxmsw293u_html_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI31962\wxmsw293u_webview_vc.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))) . . 2012-10-11 11:53 . 2012-10-13 18:03 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend 2012-10-11 11:43 . 2012-10-11 11:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-10-10 18:47 . 2012-10-10 18:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG 2012-10-07 17:50 . 2012-10-07 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG 2012-10-07 17:50 . 2012-10-07 17:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} 2012-10-07 17:34 . 2012-10-07 17:34 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG2013 2012-10-07 17:33 . 2012-10-07 17:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2013 2012-10-07 17:33 . 2012-10-07 17:33 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TuneUp Software 2012-10-07 17:33 . 2012-10-07 17:33 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\AVG Secure Search 2012-10-07 17:32 . 2012-10-07 17:32 -------- d-----w- c:\documents and settings\All Users\AVG Secure Search 2012-10-07 17:30 . 2012-10-07 17:34 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013 2012-10-07 17:30 . 2012-10-07 17:30 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\MFAData . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 16:21 . 2012-04-05 13:42 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 16:21 . 2011-08-10 07:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-28 15:17 . 2009-02-17 09:25 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:17 . 2009-02-17 09:24 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:17 . 2009-02-17 09:24 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2009-02-17 09:24 385024 ------w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2009-02-17 09:25 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-23 06:27 . 2009-02-17 09:25 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-23 06:27 . 2009-02-17 09:25 2032128 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-09-06 13:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Registry Reviver"="c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe" [2012-04-05 1736520] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-09-06 15668432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-13 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-13 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-13 141848] "RTHDCPL"="RTHDCPL.EXE" [2009-02-13 16860672] "ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2012-01-17 520544] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [7-2-2012 20:54 822624] R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [8-6-2011 18:35 18240] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24-10-2009 3:18 360224] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [1-10-2011 1:30 508776] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [9-6-2011 9:05 40960] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [1-10-2011 1:30 584680] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [1-10-2011 1:30 209512] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [1-10-2011 1:30 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [1-10-2011 1:30 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [1-10-2011 1:30 219496] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [17-2-2009 11:25 20160] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5-4-2012 15:42 250808] S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18-10-2011 2:43 78136] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [7-10-2009 22:32 21888] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11-10-2012 13:43 40776] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5-11-2009 3:31 4640000] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [18-10-2011 2:43 181432] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-2-2010 13:37 517096] . Inhoud van de 'Gedeelde Taken' map . 2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:21] . 2012-10-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-36DCC4F78D5444B-Gebruiker.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-26 04:09] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09] . 2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004Core.job - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 19:44] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004UA.job - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 19:44] . 2012-10-15 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20] . 2012-10-15 c:\windows\Tasks\Registry Reviver-Gebruiker-Startup.job - c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2011-02-04 08:37] . 2012-10-14 c:\windows\Tasks\User_Feed_Synchronization-{02361792-D5A7-4357-9E1C-AADB8871148C}.job - c:\windows\system32\msfeedssync.exe [2009-02-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.igoogle.nl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local Trusted Zone: 127.0.0.1 Trusted Zone: localhost TCP: DhcpNameServer = 64.111.80.5 64.111.80.8 DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://imst.selfip.net:88/LNetCam.cab DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-10-15 11:01 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(500) c:\program files\Google\Drive\googledrivesync32.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\System32\SCardSvr.exe c:\windows\system32\acs.exe c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe c:\program files\Windows Desktop Search\WindowsSearch.exe c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Voltooingstijd: 2012-10-15 11:07:43 - machine werd herstart ComboFix-quarantined-files.txt 2012-10-15 09:07 . Pre-Run: 90.556.370.944 bytes beschikbaar Post-Run: 91.739.070.464 bytes beschikbaar . - - End Of File - - D22319670421404BC2D16180AB3CD9B5
  2. Zie combofix nergens terug, niet bij download niet in C:, verder AVG en Malware is er af. Ook na ComboFix /Uninstall lukt het niet !
  3. Kan het zijn dat ik geen email heb ontvangen, kijk nu op de site en staat er wel een reactie, dacht dat ik vergeten was ! Maar goed ga direct aan de slag.
  4. Nu wordt ie ineens ook nog super traag. Als ie vast loopt met aan uit knop verder. Dan weer opstarten en soms weer vast.
  5. Laptop loopt ineens elke keer vast, durf muis niet meer te bewegen. Kan heel kort werken, en dan alleen met aan uit knop verder. Dan opstarten en soms lukt dat ook niet. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:47:15, on 11-10-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Atheros\ACU.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Gebruiker\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://imst.selfip.net:88/LNetCam.cab O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - http://www.crtvg.es/camweb/camera.cab O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- End of file - 9979 bytes
  6. De D schijf kan ik gebruiken. Langzaam blijft alles nog wel.
  7. Q kan ik niet openen : Q is niet toegankelijk, toegang geweigerd. Dit komt als ik Q wil openen. D staan en stond bij "deze computer" en is na openen leeg.
  8. Weet niks van een Q schijf af, alleen bij mijn computer staat ie erbij.
  9. Heb trouwens ook naast die D partitie ook nog een lokaal station Q.
  10. Als het goed is dan is de screen verzonden, alleen de laatste handeling van "klik klaar" ging niet ! Heb de afbeelding kleiner gemaakt van 3,72 mb naar 79 kb, toen wel gelukt maar weet niet of je er wat mee kunt. Is wel gedeeld in 2 delen de harde schijf, is vreemd ! pchelp 2.bmp
  11. Is gelukt dit is de link : http://speccy.piriform.com/results/zZIkBtS83V6x8VJGmUhDVuX
  12. Elke 2 maanden heb ik problemen met trage laptop of andere klachten. Elke week virusscan, malware, ccleaner 2 x per week en 2 x per week register reviver Toch elke keer traag !! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:56:27, on 4-9-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Atheros\ACU.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.6\ScriptHelper.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Gebruiker\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&barid={512A3F45-4A00-4CB7-9CFD-72B1B6E8D3DE} R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://imst.selfip.net:88/LNetCam.cab O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - http://www.crtvg.es/camweb/camera.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- End of file - 10956 bytes
  13. Na elke malwere scan toch weer 2 foute objecten, steed verwijderd maar bleven gewoon staan, heb ze nu zelf handmatig verwijderd en nu is na de scan alles ok !
  14. Hier dan toch het combofix bestand, probleem zat bij AVG ondanks dat die uit stond. ComboFix 12-07-11.03 - Gebruiker 14-07-2012 12:34:40.10.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2940.2137 [GMT 2:00] Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\COMBOFIX.EXE AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_ctypes.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_elementtree.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_hashlib.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_socket.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_ssl.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\pyexpat.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\pysqlite2._sqlite.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\python26.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\pythoncom26.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\PyWinTypes26.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\select.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\unicodedata.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32api.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32com.shell.shell.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32crypt.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32event.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32file.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32inet.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32pdh.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32process.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\windows._cacheinvalidation.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._controls_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._core_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._gdi_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._html2.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._misc_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._windows_.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._wizard.pyd c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxbase293u_net_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxbase293u_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxmsw293u_adv_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxmsw293u_core_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxmsw293u_html_vc.dll c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxmsw293u_webview_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_ctypes.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_elementtree.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_hashlib.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_socket.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_ssl.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\pyexpat.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\pysqlite2._sqlite.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\python26.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\pythoncom26.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\PyWinTypes26.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\select.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\unicodedata.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32api.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32com.shell.shell.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32crypt.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32event.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32file.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32inet.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32pdh.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32process.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\windows._cacheinvalidation.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._controls_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._core_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._gdi_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._html2.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._misc_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._windows_.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._wizard.pyd c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxbase293u_net_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxbase293u_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxmsw293u_adv_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxmsw293u_core_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxmsw293u_html_vc.dll c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxmsw293u_webview_vc.dll C:\Install.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))) . . 2012-07-13 20:28 . 2012-07-14 10:37 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend 2012-07-13 18:36 . 2012-07-13 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications 2012-07-13 16:45 . 2012-07-13 16:45 -------- d-----r- C:\MSOCache 2012-07-13 16:23 . 2012-07-13 16:23 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\SoftGrid Client 2012-07-13 16:23 . 2012-07-14 10:41 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\SoftGrid Client 2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\program files\Microsoft Application Virtualization Client 2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\documents and settings\All Users\Microsoft 2012-07-13 16:18 . 2012-07-13 16:37 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TP 2012-07-13 06:30 . 2012-07-14 10:11 -------- d-----w- c:\program files\VS Revo Group 2012-07-11 20:11 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\HIDSERV.DLL 2012-07-11 20:11 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll 2012-06-26 13:39 . 2012-06-26 13:39 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\PDAppFlex 2012-06-26 13:37 . 2012-06-26 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe 2012-06-26 13:34 . 2012-06-26 13:35 -------- d-----w- C:\Wouter 2012-06-26 12:58 . 2012-06-26 12:58 -------- d-----w- c:\documents and settings\Gebruiker\Wouter 2012-06-26 12:56 . 2012-06-26 12:56 -------- d-----w- c:\program files\Adobe Download Assistant 2012-06-19 20:04 . 2012-06-19 20:04 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-06-19 12:23 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe 2012-06-19 12:23 . 2012-07-11 05:39 -------- d-----w- c:\program files\The Logo Creator v5 2012-06-19 12:07 . 2012-06-19 12:07 -------- d-----w- c:\program files\Babylon 2012-06-19 12:06 . 2012-07-13 16:37 513 ----a-w- C:\user.js 2012-06-19 12:05 . 2012-06-19 12:18 -------- d-----w- c:\program files\PC Speed Up 2012-06-19 12:00 . 2012-06-19 12:21 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Box Shot 3D 2012-06-19 12:00 . 2012-06-19 12:00 -------- d-----w- c:\program files\BoxShot3D 2012-06-18 16:11 . 2012-06-18 16:11 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Nitro PDF 2012-06-18 16:11 . 2012-06-18 16:11 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\FileOpen 2012-06-18 16:11 . 2012-06-18 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FileOpen 2012-06-18 16:10 . 2012-06-18 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF 2012-06-18 16:09 . 2012-06-18 16:09 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Downloaded Installations 2012-06-17 13:46 . 2012-06-17 13:46 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\PrimoPDF 2012-06-16 18:29 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll 2012-06-16 18:29 . 2012-06-21 21:51 -------- d-----w- c:\program files\Nitro PDF . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 12:21 . 2012-04-05 13:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 12:21 . 2011-08-10 07:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-13 13:55 . 2009-02-17 09:25 1866240 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49 . 2009-02-17 09:25 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:49 . 2009-02-17 09:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2009-02-17 09:25 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19 . 2009-02-17 09:25 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2009-02-17 09:25 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-02-17 09:25 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-02-17 09:25 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-02-17 09:25 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2009-02-17 09:25 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-02-17 09:25 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-02-17 09:24 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-02-17 09:25 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-02-17 09:25 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-02-17 09:25 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2009-02-17 09:25 24088 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-02-17 09:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:19 . 2010-02-10 04:22 18160 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2010-02-10 04:22 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2010-02-10 04:22 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2009-02-17 09:24 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2009-02-17 09:25 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44 . 2009-02-17 09:24 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2009-02-17 09:24 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39 . 2009-02-17 09:24 385024 ------w- c:\windows\system32\html.iec 2012-05-05 03:15 . 2009-02-17 09:25 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2009-02-17 09:25 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47 . 2009-02-17 09:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Registry Reviver"="c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe" [2012-04-05 1736520] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-06-20 12163848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-13 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-13 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-13 141848] "RTHDCPL"="RTHDCPL.EXE" [2009-02-13 16860672] "ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152] "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2012-01-17 520544] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 8:13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 16:03 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 6:41 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5-4-2011 0:59 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 7:25 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 7:09 192776] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [7-2-2012 20:54 822624] R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [8-6-2011 18:35 18240] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24-10-2009 3:18 360224] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [1-10-2011 1:30 508776] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [10-7-2012 9:50 935008] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14-4-2011 21:28 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 7:53 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 7:53 16720] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [1-10-2011 1:30 584680] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [1-10-2011 1:30 209512] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [1-10-2011 1:30 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [1-10-2011 1:30 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [1-10-2011 1:30 219496] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [17-2-2009 11:25 20160] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5-4-2012 15:42 250056] S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18-10-2011 2:43 78136] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [7-10-2009 22:32 21888] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176] S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [9-6-2011 9:05 40960] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5-11-2009 3:31 4640000] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [18-10-2011 2:43 181432] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-2-2010 13:37 517096] S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [11-5-2011 0:03 1025352] . Inhoud van de 'Gedeelde Taken' map . 2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 12:21] . 2012-07-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-36DCC4F78D5444B-Gebruiker.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-26 04:09] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004Core.job - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 19:44] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004UA.job - c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 19:44] . 2012-07-14 c:\windows\Tasks\Registry Reviver-Gebruiker-Startup.job - c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2011-02-04 08:37] . 2012-07-13 c:\windows\Tasks\User_Feed_Synchronization-{02361792-D5A7-4357-9E1C-AADB8871148C}.job - c:\windows\system32\msfeedssync.exe [2009-02-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.igoogle.nl/ mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={512A3F45-4A00-4CB7-9CFD-72B1B6E8D3DE} uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local Trusted Zone: 127.0.0.1 Trusted Zone: localhost Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://imst.selfip.net:88/LNetCam.cab DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-07-14 12:44 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(2548) c:\program files\Google\Drive\googledrivesync32.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\acs.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe . ************************************************************************** . Voltooingstijd: 2012-07-14 13:24:33 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-14 11:24 ComboFix2.txt 2012-07-11 20:26 . Pre-Run: 90.146.824.192 bytes beschikbaar Post-Run: 90.228.396.032 bytes beschikbaar . - - End Of File - - 38B2774F9A9516374EF6AF83A7D0E3DC
  15. In C:\ zie ik een lege map (combofix) en in downloads niks.
  16. Na download combofix vind ik deze nergens terug. AVG staat uit en Malwere is verwijderd.
  17. Open hier een nieuw topic want na malware scan, wordt elke keer PUP Blabbers gedetecteerd als twee objecten. Dat is nu al de derde keer (gisteren) dus vermoed dat het nog niet goed zit. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:53:03, on 14-7-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Atheros\ACU.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Gebruiker\Bureaublad\HijackThis.exe C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&barid={512A3F45-4A00-4CB7-9CFD-72B1B6E8D3DE} R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://imst.selfip.net:88/LNetCam.cab O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - http://www.crtvg.es/camweb/camera.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- End of file - 11087 bytes
  18. Documenten van Polaris die ik op mijn PC gezet heb, kan ik niet openen, en zelfs met word krijg ik een melding dat er wat fout is.
  19. Heb nu een proefversie van microsoft word daar kan ik alvast tijdelijk mijn probleem mee oplossen, maar ik wacht zeker op andere oplossingen. Google docs is ook een optie maar met mijn tab heb ik geen internet, gebruik deze om elke dag te schrijven. Dus dan moet ik die documenten naar mijn PC loaden, en dat gaat dan weer mis. Hoor wel of er nog een aanvulling of oplossing komt.
  20. Kan bij open office wel opslaan als in "word" en kan ook "word' documenten openen van anderen met open office. Maar goed ik heb er geen verstand van, maar moet er af en toe mee werken. Microsoft office waar kan ik dat aanschaffen ?
  21. Nou is gelukt heb nu open office 3.4, maar nu kan ik nog steeds geen documenten openen die op de PC staan. Heb honderden documenten die ik graag 1 keer zou kunnen in zien, kun je mij daar ook nog mee helpen ??
  22. Kan open office niet verwijderen via configuratiescherm
  23. Kom hier niet verder mee, maar open office is gecrasht. Jammer dat niemand mij verder kan helpen.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.