erwin969
-
Items
11 -
Registratiedatum
-
Laatst bezocht
erwin969's prestaties
-
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Ok, bedankt voor de hulp. Opgelost. -
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Gelukt: Logfile of The Avenger Version 2.0, © by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Folder "C:\ZZZZZZ" deleted successfully. Completed script processing. ******************* Finished! Terminate. -
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Gedaan, alleen kreeg ik de map C:\Qoobox niet verwijderd. Uiteindelijk wel met TuneUp Schredder, alleen niet alle bestanden maar wel de map. Er staat nu alleen een ander mapje in mij C:\ schijf, namelijk het mapje C:\ZZZZZZ met daarin BackNV die ik vervolgens niet kan openen 'geen toegang tot de map'. Ik dus die hele C:\ZZZZZZ map niet verwijderen. Ik weet ook niet waar het van is, datum van aanmaak is in iedergeval 30-10-2012. -
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Nou, hij hoeft niet persé terug hoor. Gebruikte het ding nooit. Was alleen een vraag. In iedergeval bedankt. -
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Dat gaat goed. Ze zijn al niet meer voorgekomen nadat we de dingetjes die via Hijackthis naar voren kwamen hebben verwijderd. Dus dat kan het probleem misschien al geweest zijn. Overigens valt me wel op dat ik nu die Acer Empowering button (eRecovery Management) op mijn desktop kwijt ben. Die stond er al op sinds de aankoop van deze PC. Is dat ding zo vertragend? -
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Ok, gedaan: # AdwCleaner v2.006 - Verslag gemaakt op 01/11/2012 om 20:49:28 # Geactualiseerd op 30/10/2012 door Xplode # Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits) # Gebruiker : Erwin - WORKGROUP # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Erwin\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Verwijdert : C:\user.js Map Verwijdert : C:\Program Files\AVG Secure Search Map Verwijdert : C:\ProgramData\AVG Secure Search Map Verwijdert : C:\Users\Erwin\AppData\Local\AVG Secure Search Map Verwijdert : C:\Users\Erwin\AppData\Local\Babylon Map Verwijdert : C:\Users\Erwin\AppData\LocalLow\AVG Secure Search Map Verwijdert : C:\Users\Erwin\AppData\Roaming\Babylon Verwijdert bij het opstarten : C:\Program Files\Common Files\AVG Secure Search ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\AppDataLow\Software Sleutel Verwijdert : HKCU\Software\AVG Secure Search Sleutel Verwijdert : HKCU\Software\IGearSettings Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} Sleutel Verwijdert : HKLM\Software\AVG Secure Search Sleutel Verwijdert : HKLM\Software\Babylon Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Sleutel Verwijdert : HKLM\Software\Freeze.com Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB00982.TBSB00982Toolbar Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [browsers] ***** -\\ Internet Explorer v8.0.6001.19328 Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={08301E54-52AF-4069-93ED-B18787203693}&mid=6c924ba3e1e9adefb4b8e68774c045c9-214bf2847130b43465c6bdbc2482bbe2fae2d990〈=nl&ds=AVG&pr=fr&d=2012-06-02 16:13:42&v=12.2.5.32&sap=nt --> hxxp://www.google.com -\\ Mozilla Firefox v16.0.2 (nl) Profielnaam : default File : C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\qln992me.default\prefs.js C:\Users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\qln992me.default\user.js ... Verwijdert ! Verwijdert : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7"); Verwijdert : user_pref("avg.install.userSPSettings", "AVG Secure Search"); Verwijdert : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Verwijdert : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Verwijdert : user_pref("browser.search.order.1", "Search the web (Babylon)"); Verwijdert : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Verwijdert : user_pref("extensions.BabylonToolbar_i.babExt", ""); Verwijdert : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110141"); Verwijdert : user_pref("extensions.BabylonToolbar_i.hardId", "6c6910db00000000000000ff77a4a843"); Verwijdert : user_pref("extensions.BabylonToolbar_i.id", "6c6910db00000000000000ff77a4a843"); Verwijdert : user_pref("extensions.BabylonToolbar_i.instlDay", "15391"); Verwijdert : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Verwijdert : user_pref("extensions.BabylonToolbar_i.newTab", true); Verwijdert : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=110141&babsrc=NT_s[...] Verwijdert : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Verwijdert : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Verwijdert : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Verwijdert : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Verwijdert : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:47:58"); Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Verwijdert : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={08301E54-52AF-4069-93ED-B18787203693}&[...] -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Users\Erwin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [9509 octets] - [01/11/2012 20:48:55] AdwCleaner[s1].txt - [9312 octets] - [01/11/2012 20:49:28] ########## EOF - C:\AdwCleaner[s1].txt - [9372 octets] ########## -
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Nogmaals dan. ComboFix 12-10-31.03 - Erwin 01-11-2012 10:46:29.6.4 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.2545 [GMT 1:00] Gestart vanuit: c:\users\Erwin\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Erwin\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))) . . 2012-11-01 09:55 . 2012-11-01 09:55 -------- d-----w- c:\users\Erwin\AppData\Local\temp 2012-11-01 09:55 . 2012-11-01 09:55 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-01 09:55 . 2012-11-01 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-30 10:32 . 2012-10-30 10:32 388096 ----a-r- c:\users\Erwin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-10-29 14:06 . 2012-10-29 14:06 -------- d-----w- c:\program files\MyRadioPlayer 2012-10-17 11:06 . 2007-02-10 01:29 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2012-10-17 11:06 . 2001-09-05 20:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-10-17 11:06 . 2001-09-05 20:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll 2012-10-17 11:06 . 2001-09-05 20:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-10-17 11:06 . 2001-09-05 20:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-10-16 10:50 . 2012-10-18 12:40 -------- d-----w- c:\windows\system32\Adobe 2012-10-13 08:45 . 2012-10-13 08:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2012-10-09 18:54 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-09 18:54 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-09 18:54 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-09 18:54 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-09 18:54 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-09 18:53 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-09 18:53 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-05 01:26 . 2012-10-05 01:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\users\Erwin\AppData\Roaming\AVG2013 2012-10-04 13:16 . 2012-10-04 13:18 -------- d-----w- c:\programdata\AVG2013 2012-10-04 13:13 . 2012-10-04 13:24 -------- d-----w- c:\users\Erwin\AppData\Local\Avg2013 2012-10-04 13:13 . 2012-10-04 13:13 -------- d-----w- c:\users\Erwin\AppData\Local\MFAData . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 08:43 . 2012-04-03 08:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 08:43 . 2011-05-14 23:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-02 01:30 . 2012-10-02 01:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-09-29 17:54 . 2010-09-20 13:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-24 13:32 . 2012-06-16 14:47 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 13:32 . 2010-05-02 21:46 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-21 01:46 . 2012-09-21 01:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-09-21 01:46 . 2012-09-21 01:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-09-21 01:45 . 2012-09-21 01:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-09-21 01:45 . 2012-09-21 01:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-09-14 01:05 . 2012-09-14 01:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-09-13 01:11 . 2012-09-13 01:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2012-09-03 20:36 . 2012-09-03 20:36 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-25 11:50 . 2012-09-23 20:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-25 11:44 . 2012-09-23 20:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-25 11:44 . 2012-09-23 20:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-25 11:44 . 2012-09-23 20:33 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-08-25 11:44 . 2012-09-23 20:33 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-08-25 10:11 . 2012-09-23 20:33 385024 ----a-w- c:\windows\system32\html.iec 2012-08-25 08:31 . 2012-09-23 20:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-25 08:29 . 2012-09-23 20:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb 1998-09-25 12:16 . 2012-06-20 10:52 270848 ----a-w- c:\program files\UNWISE.EXE 2004-08-04 12:00 . 2012-10-27 00:01 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll 2012-10-27 00:01 . 2012-10-27 00:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-06-16 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808] "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] 2008-01-09 16:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2008-03-04 21:38 526896 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-03-26 13:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-432800224-3185081532-925525682-1000] "EnableNotificationsRef"=dword:00000001 . R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:43] . 2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43] . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.globaltuners.com/ mStart Page = hxxp://www.yahoo.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: onlinereceivers.net TCP: DhcpNameServer = 192.168.178.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll DPF: {200C064B-066D-4D6F-93E8-044231273490} - hxxp://www.umediaserver.net/bin/UMediaControl6.cab FF - ProfilePath - c:\users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\qln992me.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={08301E54-52AF-4069-93ED-B18787203693}&mid=6c924ba3e1e9adefb4b8e68774c045c9-214bf2847130b43465c6bdbc2482bbe2fae2d990〈=nl&ds=AVG&pr=fr&d=2012-06-02 16:13&v=12.2.5.32&sap=ku&q= FF - prefs.js: network.proxy.http - 96.43.130.70 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-01 17:43; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-17 16:46; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 6c6910db00000000000000ff77a4a843 FF - user.js: extensions.BabylonToolbar_i.hardId - 6c6910db00000000000000ff77a4a843 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:47 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-11-01 10:55 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1632) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . Voltooingstijd: 2012-11-01 10:56:54 ComboFix-quarantined-files.txt 2012-11-01 09:56 . Pre-Run: 169,316,921,344 bytes beschikbaar Post-Run: 169,184,948,224 bytes beschikbaar . - - End Of File - - 2E702B665B3865379D3BE7A2F814E235 -
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Ok, hier is ie. Op dezelfde manier gedaan als bij de vorige, in veilige modus. ComboFix 12-10-31.03 - Erwin 31-10-2012 17:40:40.5.4 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.2541 [GMT 1:00] Gestart vanuit: c:\users\Erwin\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\users\Erwin\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))) . . 2012-10-31 16:49 . 2012-10-31 16:49 -------- d-----w- c:\users\Erwin\AppData\Local\temp 2012-10-31 16:49 . 2012-10-31 16:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-31 16:49 . 2012-10-31 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-30 10:32 . 2012-10-30 10:32 388096 ----a-r- c:\users\Erwin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-10-29 14:06 . 2012-10-29 14:06 -------- d-----w- c:\program files\MyRadioPlayer 2012-10-17 11:06 . 2007-02-10 01:29 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2012-10-17 11:06 . 2001-09-05 20:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-10-17 11:06 . 2001-09-05 20:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll 2012-10-17 11:06 . 2001-09-05 20:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-10-17 11:06 . 2001-09-05 20:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-10-16 10:50 . 2012-10-18 12:40 -------- d-----w- c:\windows\system32\Adobe 2012-10-13 08:45 . 2012-10-13 08:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2012-10-09 18:54 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-09 18:54 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-09 18:54 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-09 18:54 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-09 18:54 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-09 18:53 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-09 18:53 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-05 01:26 . 2012-10-05 01:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\users\Erwin\AppData\Roaming\AVG2013 2012-10-04 13:16 . 2012-10-04 13:18 -------- d-----w- c:\programdata\AVG2013 2012-10-04 13:13 . 2012-10-04 13:24 -------- d-----w- c:\users\Erwin\AppData\Local\Avg2013 2012-10-04 13:13 . 2012-10-04 13:13 -------- d-----w- c:\users\Erwin\AppData\Local\MFAData 2012-10-02 01:30 . 2012-10-02 01:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 08:43 . 2012-04-03 08:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 08:43 . 2011-05-14 23:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 17:54 . 2010-09-20 13:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-24 13:32 . 2012-06-16 14:47 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 13:32 . 2010-05-02 21:46 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-21 01:46 . 2012-09-21 01:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-09-21 01:46 . 2012-09-21 01:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-09-21 01:45 . 2012-09-21 01:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-09-21 01:45 . 2012-09-21 01:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-09-14 01:05 . 2012-09-14 01:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-09-13 01:11 . 2012-09-13 01:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2012-09-03 20:36 . 2012-09-03 20:36 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-25 11:50 . 2012-09-23 20:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-25 11:44 . 2012-09-23 20:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-25 11:44 . 2012-09-23 20:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-25 11:44 . 2012-09-23 20:33 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-08-25 11:44 . 2012-09-23 20:33 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-08-25 10:11 . 2012-09-23 20:33 385024 ----a-w- c:\windows\system32\html.iec 2012-08-25 08:31 . 2012-09-23 20:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-25 08:29 . 2012-09-23 20:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb 1998-09-25 12:16 . 2012-06-20 10:52 270848 ----a-w- c:\program files\UNWISE.EXE 2004-08-04 12:00 . 2012-10-27 00:01 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll 2012-10-27 00:01 . 2012-10-27 00:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-06-16 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808] "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] 2008-01-09 16:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2008-03-04 21:38 526896 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-03-26 13:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-432800224-3185081532-925525682-1000] "EnableNotificationsRef"=dword:00000001 . R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:43] . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43] . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.globaltuners.com/ mStart Page = hxxp://www.yahoo.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: onlinereceivers.net TCP: DhcpNameServer = 192.168.178.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll DPF: {200C064B-066D-4D6F-93E8-044231273490} - hxxp://www.umediaserver.net/bin/UMediaControl6.cab FF - ProfilePath - c:\users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\qln992me.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={08301E54-52AF-4069-93ED-B18787203693}&mid=6c924ba3e1e9adefb4b8e68774c045c9-214bf2847130b43465c6bdbc2482bbe2fae2d990〈=nl&ds=AVG&pr=fr&d=2012-06-02 16:13&v=12.2.5.32&sap=ku&q= FF - prefs.js: network.proxy.http - 96.43.130.70 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-01 17:43; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-17 16:46; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 6c6910db00000000000000ff77a4a843 FF - user.js: extensions.BabylonToolbar_i.hardId - 6c6910db00000000000000ff77a4a843 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:47 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-10-31 17:49 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1384) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . Voltooingstijd: 2012-10-31 17:50:58 ComboFix-quarantined-files.txt 2012-10-31 16:50 . Pre-Run: 169,782,030,336 bytes beschikbaar Post-Run: 169,650,003,968 bytes beschikbaar . - - End Of File - - D2DC6F2C97810183BE3E6F37A37F09D8 -
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Ok, in de normale modus duurde het weer erg lang. Heb ik nog nooit gehad dat ComboFix zo lang duurt om een logje aan te maken, meestal binnen 10 minuten. In de Veilige Modus was het binnen enkele minuten klaar. Dit is het log: ComboFix 12-10-31.01 - Erwin 31-10-2012 12:45:50.3.4 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.2542 [GMT 1:00] Gestart vanuit: c:\users\Erwin\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\users\Erwin\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))) . . 2012-10-31 11:54 . 2012-10-31 11:54 -------- d-----w- c:\users\Erwin\AppData\Local\temp 2012-10-31 11:54 . 2012-10-31 11:54 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-31 11:54 . 2012-10-31 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-30 10:32 . 2012-10-30 10:32 388096 ----a-r- c:\users\Erwin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-10-29 14:06 . 2012-10-29 14:06 -------- d-----w- c:\program files\MyRadioPlayer 2012-10-17 11:06 . 2007-02-10 01:29 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2012-10-17 11:06 . 2001-09-05 20:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-10-17 11:06 . 2001-09-05 20:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll 2012-10-17 11:06 . 2001-09-05 20:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-10-17 11:06 . 2001-09-05 20:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-10-16 10:50 . 2012-10-18 12:40 -------- d-----w- c:\windows\system32\Adobe 2012-10-13 08:45 . 2012-10-13 08:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2012-10-09 18:54 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-09 18:54 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-09 18:54 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-09 18:54 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-10-09 18:54 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-09 18:53 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-09 18:53 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-05 01:26 . 2012-10-05 01:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2012-10-04 13:20 . 2012-10-04 13:20 -------- d-----w- c:\users\Erwin\AppData\Roaming\AVG2013 2012-10-04 13:16 . 2012-10-04 13:18 -------- d-----w- c:\programdata\AVG2013 2012-10-04 13:13 . 2012-10-04 13:24 -------- d-----w- c:\users\Erwin\AppData\Local\Avg2013 2012-10-04 13:13 . 2012-10-04 13:13 -------- d-----w- c:\users\Erwin\AppData\Local\MFAData 2012-10-02 01:30 . 2012-10-02 01:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 08:43 . 2012-04-03 08:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 08:43 . 2011-05-14 23:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 17:54 . 2010-09-20 13:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-24 13:32 . 2012-06-16 14:47 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 13:32 . 2010-05-02 21:46 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-21 01:46 . 2012-09-21 01:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-09-21 01:46 . 2012-09-21 01:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys 2012-09-21 01:45 . 2012-09-21 01:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2012-09-21 01:45 . 2012-09-21 01:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2012-09-14 01:05 . 2012-09-14 01:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2012-09-13 01:11 . 2012-09-13 01:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2012-09-03 20:36 . 2012-09-03 20:36 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-25 11:50 . 2012-09-23 20:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-25 11:44 . 2012-09-23 20:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-25 11:44 . 2012-09-23 20:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-25 11:44 . 2012-09-23 20:33 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-08-25 11:44 . 2012-09-23 20:33 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-08-25 10:11 . 2012-09-23 20:33 385024 ----a-w- c:\windows\system32\html.iec 2012-08-25 08:31 . 2012-09-23 20:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-25 08:29 . 2012-09-23 20:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb 1998-09-25 12:16 . 2012-06-20 10:52 270848 ----a-w- c:\program files\UNWISE.EXE 2004-08-04 12:00 . 2012-10-27 00:01 413696 ----a-w- c:\program files\mozilla firefox\plugins\msvcp60.dll 2012-10-27 00:01 . 2012-10-27 00:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 21:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2012-06-16 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-06 203296] "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808] "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor] 2008-01-09 16:43 326176 ----a-w- c:\acer\Empowering Technology\SysMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2008-03-04 21:38 526896 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-03-26 13:21 5369856 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "PCMMediaSharing"=c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-432800224-3185081532-925525682-1000] "EnableNotificationsRef"=dword:00000001 . R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:43] . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43] . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-08-05 14:43] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.globaltuners.com/ mStart Page = hxxp://www.yahoo.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: onlinereceivers.net TCP: DhcpNameServer = 192.168.178.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll DPF: {200C064B-066D-4D6F-93E8-044231273490} - hxxp://www.umediaserver.net/bin/UMediaControl6.cab FF - ProfilePath - c:\users\Erwin\AppData\Roaming\Mozilla\Firefox\Profiles\qln992me.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={08301E54-52AF-4069-93ED-B18787203693}&mid=6c924ba3e1e9adefb4b8e68774c045c9-214bf2847130b43465c6bdbc2482bbe2fae2d990〈=nl&ds=AVG&pr=fr&d=2012-06-02 16:13&v=12.2.5.32&sap=ku&q= FF - prefs.js: network.proxy.http - 96.43.130.70 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-01 17:43; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-17 16:46; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 6c6910db00000000000000ff77a4a843 FF - user.js: extensions.BabylonToolbar_i.hardId - 6c6910db00000000000000ff77a4a843 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:47 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) MSConfigStartUp-Apanel - c:\acersw\config\SetApanel.cmd MSConfigStartUp-FilmOn HDi Player - d:\filmon hdi player\FilmOn HDi Player.exe MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe AddRemove-FileHunter - c:\users\Erwin\AppData\Roaming\FileHunter\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-10-31 12:54 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(992) c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll . Voltooingstijd: 2012-10-31 12:56:46 ComboFix-quarantined-files.txt 2012-10-31 11:56 . Pre-Run: 169,363,804,160 bytes beschikbaar Post-Run: 169,189,957,632 bytes beschikbaar . - - End Of File - - 39C22EC223C84BB0EA64B43308CD2458 -
Computer blijft soms hangen na het opstarten
erwin969 reageerde op erwin969's topic in Archief Bestrijding malware & virussen
Hoi, Gedaan. Bij deze de laatste hijackthis log: De comboFix.txt kreeg ik niet. Hij bleef een hele tijd hangen op "log aan het voorbereiden, open geen andere programma's". Dat duurde zo lang dat ik mijn PC handmatig heb moeten aan en uit zetten. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:28:45, on 30-10-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19328) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\nvraidservice.exe C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe C:\Windows\RtHDVCpl.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Spotify\Data\SpotifyWebHelper.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GlobalTuners - On-line remotely controlled tuners R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Program Files\Spotify\Data\SpotifyWebHelper.exe" O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {200C064B-066D-4D6F-93E8-044231273490} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl6.cab O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- End of file - 7991 bytes -
Computer blijft soms hangen na het opstarten
erwin969 plaatste een topic in Archief Bestrijding malware & virussen
Als ik mijn computer op start en op mijn bureaublad is aangekomen, blijft hij soms hangen. Soms na firefox te hebben opgestart en ik er een ander programma erbij opstart reageert hij niet, ook ctrl-alt-del doet niets dus handmatig uitzetten en weer aan is het enige wat het doet. Nu heb ik AVG 2013 Free geinstalleerd. Wellicht dat het daar iets mee te maken heeft? Bij deze de HijackThis log. Alvast dank Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:33:31, on 30-10-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19328) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\nvraidservice.exe C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe C:\Windows\RtHDVCpl.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spotify\Data\SpotifyWebHelper.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\System32\mobsync.exe C:\Program Files\TweetDeck\TweetDeck.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\TapinRadio\TapinRadio.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GlobalTuners - On-line remotely controlled tuners R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Nederland R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Nederland R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Program Files\Spotify\Data\SpotifyWebHelper.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: ASETRES.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {200C064B-066D-4D6F-93E8-044231273490} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl6.cab O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- End of file - 9495 bytes
