Verzoek om ook te kijken naar de log'ds van mijn dochter.

MarcelJnl

31-03-2013 10:09

Hoi,
Hier ben ik weer, nadat jullie mijzelf prima hebben geholpen. Mijn dochter van 11 heeft ook problemen, zo wil de on-line scanner niet draaien bij haar.
Kunnen julllie ook naar haar logjes kijken alsjebleift?
# AdwCleaner v2.115 - Verslag gemaakt op 30/03/2013 om 23:19:11
# Geactualiseerd op 17/03/2013 door Xplode
# Besturingssysteem : Windows 7 Starter Service Pack 1 (32 bits)
# Gebruiker : Isabelle - ISABELLE-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Isabelle\Desktop\adwcleaner.exe
# Optie
***** *****
Gestopt & Verwijdert : SrvUpdater
Gestopt & Verwijdert : WajamUpdater
Gestopt & Verwijdert : Zwinky_5qService
***** *****
File Verwijdert : C:\END
Map Verwijdert : C:\Program Files\BrowserCompanion
Map Verwijdert : C:\Program Files\DealPly
Map Verwijdert : C:\Program Files\Wajam
Map Verwijdert : C:\Program Files\Zwinky_5q
Map Verwijdert : C:\ProgramData\Ask
Map Verwijdert : C:\ProgramData\Babylon
Map Verwijdert : C:\ProgramData\Trymedia
Map Verwijdert : C:\Users\Isabelle\AppData\LocalLow\bbrs_002.tb
Map Verwijdert : C:\Users\Isabelle\AppData\LocalLow\Zwinky_5q
Map Verwijdert : C:\Users\Isabelle\AppData\Roaming\Babylon
Map Verwijdert : C:\Users\Isabelle\AppData\Roaming\BrowserCompanion
Map Verwijdert : C:\Users\Isabelle\AppData\Roaming\DealPly
Map Verwijdert : C:\Users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Map Verwijdert : C:\Users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
***** *****
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Zwinky_5q
Sleutel Verwijdert : HKCU\Software\BabylonToolbar
Sleutel Verwijdert : HKCU\Software\Blabbers
Sleutel Verwijdert : HKCU\Software\DataMngr
Sleutel Verwijdert : HKCU\Software\DealPly
Sleutel Verwijdert : HKCU\Software\fedfdae73cbf48
Sleutel Verwijdert : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Sleutel Verwijdert : HKCU\Software\Wajam
Sleutel Verwijdert : HKLM\Software\AVG Secure Search
Sleutel Verwijdert : HKLM\Software\Babylon
Sleutel Verwijdert : HKLM\Software\BrowserCompanion
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{00FB52B5-0779-46DD-AFC6-C6EB55F21A26}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{315C7727-2B4D-4EF9-95FA-EA6CDA9AEB9D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{35DAB87A-026F-4503-B5F1-6774E16EAFFA}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{4A75066C-E359-4CE6-830C-E09830A3CD2D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{61789F17-B8ED-4867-BA4A-DC19DAC8EF5B}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{8C775DBE-2382-4EAB-A48A-6859C3B9EF29}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{A00289B5-2C16-4EC7-9780-2B56977ADC65}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{C6A7154F-EA0E-4DE3-AFB9-144FC620E780}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{D675A74C-29F6-4AA7-A098-66373D746CB9}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{DA4EBFA0-6BA0-4E18-817F-304B4192C393}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F346CF98-FA03-4E7A-81B6-EB19B718F9C1}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F90EAF3D-6A09-4FAF-A84C-E6E91F97561B}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{FBC663ED-1560-421B-BD71-F5B94DCEA09C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{328D6F78-0DBB-4F17-ACD5-26A2EA4EF251}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{06CEAB46-0EFC-479A-B66B-AB6B11E1138A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{3B82BA62-32FD-4623-BB38-464D186E7453}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{644413C0-4090-4A84-BC29-DC69E91A7D73}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{648CEC5D-18E0-4445-9A17-C1589D0C9169}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{782D4CC0-74AE-41B6-B445-3D4C23AE6B9A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{B6CC4C24-962F-4314-9358-C998FD4B4288}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{BD48A3C7-5201-4093-AB66-04BD35BAC3D8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.DynamicBarButton
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.DynamicBarButton.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.FeedManager
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.FeedManager.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.MultipleButton
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.MultipleButton.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.ScriptButton
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.ScriptButton.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.SkinLauncher
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.SkinLauncher.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.ThirdPartyInstaller
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.ThirdPartyInstaller.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.UrlAlertButton
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.UrlAlertButton.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.XMLSessionPlugin
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Zwinky_5q.XMLSessionPlugin.1
Sleutel Verwijdert : HKLM\Software\DataMngr
Sleutel Verwijdert : HKLM\Software\DealPly
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{328D6F78-0DBB-4F17-ACD5-26A2EA4EF251}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61789F17-B8ED-4867-BA4A-DC19DAC8EF5B}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7695996F-9846-4A09-A037-632E45737712}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B803084B-B069-485E-B5D0-F9A6D318AF02}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{315C7727-2B4D-4EF9-95FA-EA6CDA9AEB9D}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{35DAB87A-026F-4503-B5F1-6774E16EAFFA}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C775DBE-2382-4EAB-A48A-6859C3B9EF29}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A00289B5-2C16-4EC7-9780-2B56977ADC65}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4bd8e335d84f8dfcc907259b175d244c
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@Zwinky_5q.com/Plugin
Sleutel Verwijdert : HKLM\Software\Wajam
Sleutel Verwijdert : HKLM\Software\Zwinky_5q
Sleutel Verwijdert : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\Extensions
***** *****
-\\ Internet Explorer v9.0.8112.16470
Het register bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner.txt - -
########## EOF - C:\AdwCleaner.txt - ##########
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Databaseversie: v2013.03.30.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Isabelle :: ISABELLE-PC
30-3-2013 23:26:50
mbam-log-2013-03-30 (23-26-50).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 195442
Verstreken tijd: 7 minuut/minuten, 38 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Logfile of random's system information tool 1.09 (written by random/random)
Run by Isabelle at 2013-03-31 09:36:55
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 185 GB (84%) free of 221 GB
Total RAM: 2037 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:37:03, on 31-3-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Updater\iUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Users\Isabelle\Desktop\RSIT.exe
C:\Program Files\trend micro\Isabelle.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Bluetooth Suite\BtvStack.exe”
O4 - HKLM\..\Run: “C:\Program Files\Bluetooth Suite\AthBtTray.exe”
O4 - HKLM\..\Run: C:\Program Files\Acer\Android Manager\AML.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Updater\iUpdate.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2013\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Global Startup: Acer VCM.lnk = ?
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra ‘Tools’ menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
–
End of file - 8291 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\ROC_REG_JAN_DELETE.job
======Registry dump======
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
CIESpeechBHO Class - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
“LManager”=C:\Program Files\Launch Manager\LManager.exe
“IAStorIcon”=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
“RtHDVCpl”=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
“IgfxTray”=C:\Windows\system32\igfxtray.exe
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe
“Persistence”=C:\Windows\system32\igfxpers.exe
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
“AtherosBtStack”=C:\Program Files\Bluetooth Suite\BtvStack.exe
“AthBtTray”=C:\Program Files\Bluetooth Suite\AthBtTray.exe
“AndroidManager”=C:\Program Files\Acer\Android Manager\AML.exe
“iPatchData”=C:\Program Files\Acer\Updater\iUpdate.exe
“Acer ePower Management”=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
“SunJavaUpdateSched”=C:\Program Files\Common Files\Java\Java Update\jusched.exe
“AVG_UI”=C:\Program Files\AVG\AVG2013\avgui.exe
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Acer\Android Manager\iSync.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Isabelle\AppData\Roaming\BROWSE~1\tcbhn.exe -interval=10 -IEhome=0 -IEsearch=0 -FFhome=0 -FFsearch=0 -CHhome=0 -CHsearch=0 -pubId= -affId=
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\igfxdev.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
“SecurityProviders”=credssp.dll
“ConsentPromptBehaviorAdmin”=5
“ConsentPromptBehaviorUser”=3
“EnableUIADesktopToggle”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“vidc.mrle”=msrle32.dll
“vidc.msvc”=msvidc32.dll
“msacm.imaadpcm”=imaadp32.acm
“msacm.msg711”=msg711.acm
“msacm.msgsm610”=msgsm32.acm
“msacm.msadpcm”=msadp32.acm
“midimapper”=midimap.dll
“wavemapper”=msacm32.drv
“VIDC.UYVY”=msyuv.dll
“VIDC.YUY2”=msyuv.dll
“VIDC.YVYU”=msyuv.dll
“VIDC.IYUV”=iyuv_32.dll
“vidc.i420”=iyuv_32.dll
“VIDC.YVU9”=tsbyuv.dll
“msacm.l3acm”=C:\Windows\System32\l3codeca.acm
“vidc.cvid”=iccvid.dll
“MSVideo8”=VfWWDM32.dll
“wave”=wdmaud.drv
“midi”=wdmaud.drv
“mixer”=wdmaud.drv
“aux”=wdmaud.drv
“wave1”=wdmaud.drv
“mixer1”=wdmaud.drv
“midi1”=wdmaud.drv
“msacm.siren”=sirenacm.dll
“wave2”=wdmaud.drv
“mixer2”=wdmaud.drv
“midi2”=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 month======
2013-03-31 09:36:55 —-D—- C:\rsit
2013-03-31 00:25:39 —-D—- C:\Program Files\Malwarebytes' Anti-Malware
2013-03-31 00:25:39 —-A—- C:\Windows\system32\drivers\mbam.sys
2013-03-31 00:19:11 —-A—- C:\AdwCleaner.txt
2013-03-31 00:12:32 —-D—- C:\Program Files\CCleaner
2013-03-30 23:37:28 —-D—- C:\Windows\pss
2013-03-30 22:15:35 —-D—- C:\Users\Isabelle\AppData\Roaming\AVG2013
2013-03-30 22:12:38 —-D—- C:\Users\Isabelle\AppData\Roaming\TuneUp Software
2013-03-30 22:09:19 —-D—- C:\ProgramData\AVG2013
2013-03-30 21:39:44 —-A—- C:\Windows\system32\drivers\usb8023.sys
2013-03-30 21:39:21 —-D—- C:\Program Files\Common Files\Java
2013-03-30 21:39:04 —-A—- C:\Windows\system32\javaws.exe
2013-03-30 21:38:34 —-A—- C:\Windows\system32\WindowsAccessBridge.dll
2013-03-30 21:38:34 —-A—- C:\Windows\system32\javaw.exe
2013-03-30 21:38:34 —-A—- C:\Windows\system32\java.exe
2013-03-30 21:29:34 —-D—- C:\Program Files\Common Files\Skype
2013-03-17 16:08:09 —-A—- C:\Windows\system32\mshtmled.dll
2013-03-17 16:08:07 —-A—- C:\Windows\system32\vbscript.dll
2013-03-17 16:08:06 —-A—- C:\Windows\system32\jsproxy.dll
2013-03-17 16:08:04 —-A—- C:\Windows\system32\ieUnatt.exe
2013-03-17 16:08:04 —-A—- C:\Windows\system32\ieui.dll
2013-03-17 16:08:03 —-A—- C:\Windows\system32\msfeeds.dll
2013-03-17 16:08:01 —-A—- C:\Windows\system32\wininet.dll
2013-03-17 16:08:01 —-A—- C:\Windows\system32\jscript.dll
2013-03-17 16:07:58 —-A—- C:\Windows\system32\jscript9.dll
2013-03-17 16:07:57 —-A—- C:\Windows\system32\url.dll
2013-03-17 16:07:55 —-A—- C:\Windows\system32\iertutil.dll
2013-03-17 16:07:51 —-A—- C:\Windows\system32\urlmon.dll
2013-03-17 16:07:47 —-A—- C:\Windows\system32\mshtml.dll
2013-03-17 16:07:42 —-A—- C:\Windows\system32\ieframe.dll
2013-03-02 14:48:39 —-RD—- C:\Program Files\Skype
2013-03-02 14:44:13 —-D—- C:\Windows\system32\Extensions
2013-03-02 14:44:11 —-D—- C:\Windows\system32\searchplugins
2013-03-02 14:43:38 —-D—- C:\Program Files\Mozilla Firefox
2013-03-02 14:43:09 —-D—- C:\Program Files\SoftwareUpdater
2013-03-01 11:32:20 —-A—- C:\Windows\system32\drivers\avgidsshimx.sys
======List of files/folders modified in the last 1 month======
2013-03-31 09:37:03 —-D—- C:\Program Files\Trend Micro
2013-03-31 09:22:43 —-D—- C:\Windows\system32\config
2013-03-31 09:22:42 —-D—- C:\Windows\Temp
2013-03-31 09:19:16 —-D—- C:\ProgramData\MFAData
2013-03-31 09:16:36 —-D—- C:\Windows\System32
2013-03-31 09:16:36 —-D—- C:\Windows\inf
2013-03-31 09:16:36 —-A—- C:\Windows\system32\PerfStringBackup.INI
2013-03-31 00:35:11 —-D—- C:\Windows\system32\drivers
2013-03-31 00:25:46 —-D—- C:\Program Files\MALWAREBYTES ANTI-MALWARE
2013-03-31 00:25:39 —-RD—- C:\Program Files
2013-03-31 00:20:51 —-D—- C:\Windows
2013-03-31 00:19:50 —-D—- C:\Windows\system32\catroot2
2013-03-31 00:19:40 —-SHD—- C:\System Volume Information
2013-03-31 00:19:16 —-HD—- C:\ProgramData
2013-03-31 00:18:04 —-SHD—- C:\Windows\Installer
2013-03-31 00:16:09 —-D—- C:\Windows\winsxs
2013-03-31 00:15:47 —-D—- C:\Windows\debug
2013-03-31 00:15:41 —-D—- C:\ProgramData\Adobe
2013-03-31 00:15:11 —-SHD—- C:\Config.Msi
2013-03-31 00:13:12 —-D—- C:\Program Files\Common Files\Adobe
2013-03-31 00:12:38 —-D—- C:\Windows\system32\Tasks
2013-03-31 00:09:03 —-D—- C:\Windows\system32\catroot
2013-03-30 23:50:28 —-D—- C:\Windows\Downloaded Program Files
2013-03-30 23:36:49 —-D—- C:\Users\Isabelle\AppData\Roaming\Skype
2013-03-30 22:09:02 —-D—- C:\Program Files\AVG
2013-03-30 21:55:49 —-D—- C:\Windows\Tasks
2013-03-30 21:48:43 —-D—- C:\Windows\system32\DriverStore
2013-03-30 21:39:21 —-D—- C:\Program Files\Common Files
2013-03-30 21:38:12 —-A—- C:\Windows\system32\npdeployJava1.dll
2013-03-30 21:38:12 —-A—- C:\Windows\system32\deployJava1.dll
2013-03-30 21:38:07 —-D—- C:\Program Files\Java
2013-03-30 21:32:36 —-D—- C:\Firefox
2013-03-30 21:29:52 —-D—- C:\ProgramData\Skype
2013-03-30 21:28:30 —-D—- C:\Windows\Prefetch
2013-03-17 18:27:51 —-D—- C:\Windows\rescache
2013-03-17 17:23:34 —-D—- C:\Program Files\Microsoft Silverlight
2013-03-17 17:22:28 —-D—- C:\Windows\system32\migration
2013-03-17 17:22:27 —-D—- C:\Program Files\Internet Explorer
2013-03-17 16:15:56 —-A—- C:\Windows\system32\MRT.exe
2013-03-17 16:15:50 —-D—- C:\ProgramData\Microsoft Help
2013-03-17 16:07:22 —-D—- C:\Windows\AppPatch
2013-03-17 16:01:07 —-D—- C:\Windows\system32\wdi
2013-03-13 19:33:42 —-D—- C:\Users\Isabelle\AppData\Roaming\Liteon
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys
R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x86.sys
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys
S3 ATHDFU;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys
S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys
S3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys
S3 EUCR;EUCR; C:\Windows\system32\drivers\EUCR6SK.SYS
S3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys
S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys
S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AtherosSvc;AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe
R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe
R2 DsiWMIService;Dritek WMI Service; C:\Program Files\Launch Manager\dsiwmis.exe
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
R2 GREGService;GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
—————–EOF—————–
Dankjewel voor de moeite en Vrolijke Pasen.
Marcel.
Ben

31-03-2013 19:13

Hallo,
Download ComboFix
>>Hier<<, kunt u daar lezen hoe u Combofix dient te gebruiken.
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
*. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
Hier is een handleiding over hoe je ze kan uitschakelen: hier of hier
*. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
*. Dubbelklik op “Combofix.exe” om de tool te starten.
*. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de ‘tool’ vastlopen.
* Noot !!! Als er een error wordt getoond met de melding “Illegal operation attempted on a registery key that has been marked for deletion”, herstart dan de computer.
*. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Gr.Ben
MarcelJnl

01-04-2013 10:24

There we go Ben;
ComboFix 13-03-31.01 - Isabelle 01-04-2013 9:52.4.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.31.1043.18.2037.1134
Gestart vanuit: c:\users\Isabelle\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Isabelle\Desktop\Internet Explorer.lnk
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-03-01 to 2013-04-01 ))))))))))))))))))))))))))))))
.
.
2013-04-01 08:04 . 2013-04-01 08:04 ——– d—–w- c:\users\Default\AppData\Local\temp
2013-03-31 08:20 . 2013-03-31 08:20 ——– d—–w- c:\program files\ESET
2013-03-31 07:36 . 2013-03-31 07:37 ——– d—–w- C:\rsit
2013-03-30 22:25 . 2013-03-30 22:25 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2013-03-30 22:25 . 2012-12-14 15:49 21104 —-a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 22:25 . 2013-03-30 22:25 ——– d—–w- c:\users\Isabelle\AppData\Local\Programs
2013-03-30 22:12 . 2013-03-30 22:12 ——– d—–w- c:\program files\CCleaner
2013-03-30 20:15 . 2013-03-30 20:15 ——– d—–w- c:\users\Isabelle\AppData\Roaming\AVG2013
2013-03-30 20:12 . 2013-03-30 20:12 ——– d—–w- c:\users\Isabelle\AppData\Roaming\TuneUp Software
2013-03-30 20:09 . 2013-03-30 20:14 ——– d—–w- c:\programdata\AVG2013
2013-03-30 20:05 . 2013-03-30 20:23 ——– d—–w- c:\users\Isabelle\AppData\Local\Avg2013
2013-03-30 20:05 . 2013-03-30 20:05 ——– d—–w- c:\users\Isabelle\AppData\Local\MFAData
2013-03-30 19:39 . 2013-02-12 03:32 15872 —-a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-30 19:39 . 2013-03-30 19:39 ——– d—–w- c:\program files\Common Files\Java
2013-03-30 19:38 . 2013-03-30 19:38 94112 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-30 19:29 . 2013-03-30 19:29 ——– d—–w- c:\program files\Common Files\Skype
2013-03-17 14:08 . 2013-02-02 03:23 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2013-03-17 14:08 . 2013-02-02 04:19 149552 —-a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-03-17 14:08 . 2013-02-02 03:26 420864 —-a-w- c:\windows\system32\vbscript.dll
2013-03-17 14:08 . 2013-02-02 03:27 194048 —-a-w- c:\program files\Internet Explorer\IEShims.dll
2013-03-17 14:08 . 2013-02-02 03:26 142848 —-a-w- c:\windows\system32\ieUnatt.exe
2013-03-17 14:08 . 2013-02-02 03:28 194560 —-a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-03-17 14:08 . 2013-02-02 03:30 1129472 —-a-w- c:\windows\system32\wininet.dll
2013-03-17 14:07 . 2013-02-02 03:38 1800704 —-a-w- c:\windows\system32\jscript9.dll
2013-03-17 14:07 . 2013-02-02 04:19 757296 —-a-w- c:\program files\Internet Explorer\iexplore.exe
2013-03-17 14:07 . 2013-02-02 03:31 387584 —-a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-03-17 14:07 . 2013-02-02 03:32 678912 —-a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-03-17 14:07 . 2013-02-02 03:30 1427968 —-a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 12:48 . 2013-03-30 19:29 ——– d—–r- c:\program files\Skype
2013-03-02 12:44 . 2013-03-02 12:44 ——– d—–w- c:\windows\system32\Extensions
2013-03-02 12:44 . 2013-03-02 12:44 ——– d—–w- c:\windows\system32\searchplugins
2013-03-02 12:43 . 2013-03-02 12:43 ——– d—–w- c:\program files\SoftwareUpdater
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-30 19:38 . 2012-06-25 16:39 861088 —-a-w- c:\windows\system32\npdeployJava1.dll
2013-03-30 19:38 . 2011-11-29 12:37 782240 —-a-w- c:\windows\system32\deployJava1.dll
2013-03-01 09:32 . 2013-03-01 09:32 22328 —-a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-26 22:40 . 2013-02-26 22:40 208184 —-a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-22 12:56 . 2012-04-14 18:25 691568 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-22 12:56 . 2011-09-14 05:37 71024 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-14 02:52 . 2013-02-14 02:52 182072 —-a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 04:48 . 2013-03-13 17:23 474112 —-a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 17:23 2176512 —-a-w- c:\windows\apppatch\AcGenral.dll
2013-02-08 03:37 . 2013-02-08 03:37 96568 —-a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 03:37 . 2013-02-08 03:37 245048 —-a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 03:37 . 2013-02-08 03:37 60216 —-a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 03:37 . 2013-02-08 03:37 170808 —-a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 03:37 . 2013-02-08 03:37 39224 —-a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-01-13 21:17 . 2013-02-27 15:08 9728 —ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 15:08 2560 —ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 15:08 10752 —ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 15:08 3584 —ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:08 4096 —ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:08 5632 —ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:08 3072 —ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:08 5632 —ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 15:08 3072 —ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 15:08 1247744 —-a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30 . 2013-02-27 15:08 906240 —-a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22 . 2013-02-27 15:08 1988096 —-a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 15:08 293376 —-a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09 . 2013-02-27 15:08 249856 —-a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 15:08 220160 —-a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 15:08 1504768 —-a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54 . 2013-02-27 15:08 604160 —-a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 15:08 207872 —-a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 15:09 187392 —-a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48 . 2013-02-27 15:08 161792 —-a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 15:08 1080832 —-a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43 . 2013-02-27 15:08 1230336 —-a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37 . 2013-02-27 15:08 3419136 —-a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 15:08 417792 —-a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 15:08 364544 —-a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 15:08 1158144 —-a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:00 . 2013-02-20 18:44 3967848 —-a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-20 18:44 3913064 —-a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 15:08 2284544 —-a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 04:50 . 2013-02-20 18:44 169984 —-a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-22 13:05 2347008 —-a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-20 18:44 1293672 —-a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-20 18:44 187752 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“LManager”=“c:\program files\Launch Manager\LManager.exe”
“IAStorIcon”=“c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“AtherosBtStack”=“c:\program files\Bluetooth Suite\BtvStack.exe”
“AthBtTray”=“c:\program files\Bluetooth Suite\AthBtTray.exe”
“AndroidManager”=“c:\program files\Acer\Android Manager\AML.exe”
“iPatchData”=“c:\program files\Acer\Updater\iUpdate.exe”
“Acer ePower Management”=“c:\program files\Acer\Acer ePower Management\ePowerTray.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“AVG_UI”=“c:\program files\AVG\AVG2013\avgui.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
@=“”
.
path=c:\users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
backup=c:\windows\pss\tcbhn.lnk.Startup
backupExtension=.Startup
.
2010-01-08 09:53 407416 —-a-w- c:\program files\Acer\Android Manager\iSync.exe
.
2012-12-14 15:49 824232 —-a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
2012-03-08 16:50 4280184 —-a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
2013-02-28 17:50 18642024 —-a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys
R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.SYS
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys
.
.
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhoud van de ‘Gedeelde Taken’ map
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2013-01-31 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.startpagina.nl/
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.Email.1”
.
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.VCard.1”
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-04-01 10:07:33
ComboFix-quarantined-files.txt 2013-04-01 08:07
ComboFix2.txt 2013-03-31 19:06
ComboFix3.txt 2013-03-31 13:29
.
Pre-Run: 192.298.086.400 bytes beschikbaar
Post-Run: 192.258.035.712 bytes beschikbaar
.
- - End Of File - - 84D02433AA155C11B7FE59AC31728884
Ben

01-04-2013 10:57

Hallo,
Download zoek.exe naar het bureaublad.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
firefoxlook;
chromelook;
standardsearch;
filesrcm;
autoclean;
startupall;
*Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post nu de inhoud van het geopende logje in het volgende bericht.
Gr.Ben
MarcelJnl

01-04-2013 11:21

Zoek.exe Version 4.0.0.2 Updated 31-03-2013
Tool run by Isabelle on ma 01-04-2013 at 11:05:34,05.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
==== Creating Sample_01-04-2013_1111.zip ======================
Process iexplore.exe killed
Copied file C:\Users\Isabelle\wlsetup-web.exe to sample
sample\wlsetup-web.exe renamed to 0F5FBD63A50CB19C13EB111D3C3A7E40
C:\Users\Public\Desktop\sample_01-04-2013_1111.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-960908946-2532823063-3732405439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95} deleted successfully
HKEY_USERS\S-1-5-21-960908946-2532823063-3732405439-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AB65DED3-FF4A-4B78-936B-A1C8CF82CBEA} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Acer\Updater\iUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Users\Isabelle\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
==== Deleting Files \ Folders ======================
“C:\Users\Isabelle\wlsetup-web.exe” deleted
“C:\Windows\System32\searchplugins” deleted
“C:\Windows\System32\Extensions” deleted
==== System Specs ======================
Windows: Windows XP Starter Edition Service Pack 2 (Build 2600)
Internet Explorer: 9.0.8112.16421
Memory (RAM): 2038 MB
CPU Info: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
CPU Speed: 640.6 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel(R) Graphics Media Accelerator 3150 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1024 X 600 - 32 bit
Network: Network Present
Network Adapters: Atheros AR5B95 Wireless Network Adapter | Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20)
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 215.8GB | D: 4.0GB
Hard Disks - Free: C: 178.9GB | D: 2.7GB
Manufacturer *: Acer
BIOS Info: AT/AT COMPATIBLE | 11/03/10 | ACRSYS - 1
Time Zone: West-Europa (standaardtijd)
Motherboard *: Acer JE02_PT
Sun Java version: 1.7.0_17
Country: Nederland
Language: NLD
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-03-31 13:11:16 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2013-03-31 13:11:16 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2013-03-31 13:11:16 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2013-03-31 13:11:16 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
2013-03-31 13:11:16 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
====== C:\Users\Isabelle\AppData\Local\Temp ====
====== C:\Windows\system32 =====
2013-03-30 19:38:34 350C713C2D9B9F5549C50A8D3924E789 94112 —-a-w- C:\Windows\System32\WindowsAccessBridge.dll
====== C:\Windows\system32\drivers =====
2013-03-30 22:25:39 629CABB0421668C9D3D402A3C3D77E14 21104 —-a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-30 19:39:44 FE8A57C8E04EDD3AA8ADD8F3C8F65297 15872 —-a-w- C:\Windows\System32\drivers\usb8023.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-03-31 08:20:42 ——– d—–w- C:\Program Files\ESET
2013-03-30 19:29:34 ——– d—–w- C:\Program Files\Common Files\Skype
2013-03-02 12:48:39 ——– d—–r- C:\Program Files\Skype
2013-03-02 12:43:09 ——– d—–w- C:\Program Files\SoftwareUpdater
======= C: =====
2013-03-30 22:19:11 32A63138EB79C8BE3EA6CF0484E5B302 16111 —-a-w- C:\AdwCleaner.txt
====== C:\Users\Isabelle\AppData\Roaming ======
2013-04-01 08:07:35 ——– d—–w- C:\users\Public\AppData\Local\temp
2013-04-01 08:07:35 ——– d—–w- C:\users\Default\AppData\Local\temp
2013-04-01 08:07:35 ——– d—–w- C:\users\Default User\AppData\Local\temp
2013-03-30 22:25:23 ——– d—–w- C:\users\Isabelle\AppData\Local\Programs
2013-03-30 20:15:35 ——– d—–w- C:\users\Isabelle\AppData\Roaming\AVG2013
2013-03-30 20:12:38 ——– d—–w- C:\users\Isabelle\AppData\Roaming\TuneUp Software
2013-03-30 20:05:51 ——– d—–w- C:\users\Isabelle\AppData\Local\MFAData
2013-03-30 20:05:51 ——– d—–w- C:\users\Isabelle\AppData\Local\Avg2013
====== C:\Users\Isabelle ======
2013-03-31 13:29:22 ——– d—–w- C:\Users\Public\AppData
2013-03-30 20:09:19 ——– d—–w- C:\ProgramData\AVG2013
====== C: exe-files ==
2013-04-01 08:34:08 A69FDD7512D1CBD60225558083BFCCD8 1017464 —-a-w- C:\Users\Isabelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2P40EZ90\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe
2013-03-31 13:11:16 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe
2013-03-31 13:11:16 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe
2013-03-31 13:11:16 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe
2013-03-31 13:11:16 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe
2013-03-31 13:11:16 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe
2013-03-31 08:20:42 CE0D0B11986FD2C0247AE88A59B36A6E 579904 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-03-31 08:20:42 BDB7D97012F9B3102DB72AA76A24942A 546944 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
2013-03-31 08:20:42 7C9EEC809FB9CDA26EFC245C001EA980 2347384 —-a-w- C:\Program Files\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2013-03-31 08:20:42 7ABF8849E76732C357F419B1AF5668F2 546944 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2013-03-31 08:20:42 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 —-a-w- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2013-03-31 08:18:15 EBCC2CEFDA0CE9F8DBFD7F4E380AF081 352960 —-a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
2013-03-31 07:36:56 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Program Files\Trend Micro\Isabelle.exe
2013-03-30 22:36:50 69CA82A7482A00D8EE063D2B97FC4338 781383 —-a-w- C:\Users\Isabelle\Desktop\RSIT.exe
2013-03-30 22:25:07 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 —-a-w- C:\Users\Isabelle\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-30 22:18:18 EC4961D7E0F6ACEF4E8446E062048D88 609993 —-a-w- C:\Users\Isabelle\Desktop\adwcleaner.exe
2013-03-30 22:11:35 9941443D6A4C2DAE26582731B61444D4 4316280 —-a-w- C:\Users\Isabelle\Downloads\ccsetup400.exe
2013-03-30 20:05:41 A996A3FCBD1DD86F908A6304120B3FE6 7548744 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe
2013-03-30 20:05:41 9F96249A7823C7C2B9E0B6D46A77CAE6 15920 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgrdtestx.exe
2013-03-30 20:05:41 7DDB04EFCA15BEE73286D67270894303 44080 —-a-w- C:\ProgramData\MFAData\SelfUpd\avguirux.exe
2013-03-30 20:05:36 E6FED737854FF6D1A4FB2486753CFEA2 278064 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgrunasx.exe
2013-03-30 20:05:36 69D812B395637F8FCFEA7C7CC1660AE1 628272 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe
2013-03-30 20:05:31 9A5F8F497F5698288007484FCF15E34D 378720 —-a-w- C:\ProgramData\MFAData\SelfUpd\fixcfg.exe
2013-03-30 20:05:31 2AE999EC5269B489F5B9986F82C79FDD 648544 —-a-w- C:\ProgramData\MFAData\SelfUpd\idpfixx.exe
2013-03-30 20:05:30 EA1145DEBCD508FD25BD1E95C4346929 193288 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgwdsvc.exe
2013-03-30 20:05:30 66BC4A7C73DF8AC00F38F2085878F750 714736 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgwsc.exe
2013-03-30 20:05:29 DC904E6BC7024F32EB8E0EE578433774 768632 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgrsx.exe
2013-03-30 20:05:29 4AE532194AE7D2FE6378C1166B006B49 990840 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgscanx.exe
2013-03-30 20:05:29 406D3F757C9E75101E6E51835AAC312B 793952 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgsrmax.exe
2013-03-30 20:05:29 371BA71B566260932DCCCF843BF6C7E7 2598520 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgtray.exe
2013-03-30 20:05:29 2DD7A30B6FB4CB90C40F77E560CB3125 4373552 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgui.exe
2013-03-30 20:05:29 0D082FB144AC46B0ADC63E5B223E7597 11383392 —-a-w- C:\ProgramData\MFAData\SelfUpd\AVGTBInstall.exe
2013-03-30 20:05:28 3C9B25C38E7A2BA07FB4F7DB351D6FF0 146784 —-a-w- C:\ProgramData\MFAData\SelfUpd\avglscanx.exe
2013-03-30 20:05:28 231B6AD3DB2866BC3FDB9979E6B2B61E 5174392 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgidsagent.exe
2013-03-30 20:05:28 084A67A4090798F931CAA08C02B31F88 1259568 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgnsx.exe
2013-03-30 20:05:27 F3EBE5508BC9EA8AB88DB5A46397EE09 686712 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgdumpx.exe
2013-03-30 20:05:27 ECC96985954185DFCF455FBBB8037A1B 338784 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgcsrvx.exe
2013-03-30 20:05:27 B082D1AA020008B26D08B838C5B1E6BB 2698112 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgdiagex.exe
2013-03-30 20:05:27 9F0678A35B06CA75A8495762CE274495 493920 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgcfgex.exe
2013-03-30 20:05:27 9CE7E61E07EBD3CCF05055CC3FBC0C19 979840 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgemcx.exe
2013-03-30 20:05:27 73BE2813C0517F625CAF29F8124A5E39 4260472 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgcremx.exe
2013-03-30 20:05:27 343083A60B4B41C35E3F739F469763A0 879736 —-a-w- C:\ProgramData\MFAData\SelfUpd\avgcmgr.exe
2013-03-30 19:40:27 A9ADBB9CF5EB800CA3D3A7D08136269A 69784 —-a-w- C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZZIP760\wajam_update.exe
=== C: other files ==
2013-04-01 09:11:09 848CCEC57510FAAF8C7AE3FDDEEE76E1 674446 —-a-w- C:\Users\Public\Desktop\sample_01-04-2013_1111.zip
2013-03-30 22:25:39 629CABB0421668C9D3D402A3C3D77E14 21104 —-a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-30 20:17:33 2A2E26A26BCE65BA0F90CE9398810149 323 —-a-w- C:\ProgramData\AVG2013\IDS\config\quarantinedList.zip
2013-03-30 20:14:29 A024E6A14F2DB7B937B54D19F7297E1F 1394398 —-a-w- C:\Program Files\AVG\AVG2013\banners\banners.zip
2013-03-30 20:10:05 61A7E0B02F82CFF3DB2445BBE50B3589 24144 —-a-w- C:\Program Files\AVG\AVG2013\Drivers\avgidsfilterx.sys
2013-03-30 20:10:05 0F293406F64B48D5D2F0D3A1117F3A83 29776 —-a-w- C:\Program Files\AVG\AVG2013\Drivers\avgidsfiltera.sys
2013-03-30 19:39:44 FE8A57C8E04EDD3AA8ADD8F3C8F65297 15872 —-a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-30 19:39:44 BE444D443F424E3146534BA98978D68A 15872 —-a-w- C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_x86_neutral_1c5becb2deac08f0\usb80236.sys
2013-03-30 19:39:44 AF77716205C97E902E6C5B78DECE2CCA 15872 —-a-w- C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_x86_neutral_1c5becb2deac08f0\usb8023x.sys
==== Startup Registry Enabled ======================
“LManager”=“C:\Program Files\Launch Manager\LManager.exe”
“IAStorIcon”=“C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe”
“RtHDVCpl”=“C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s”
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“IgfxTray”=“C:\Windows\system32\igfxtray.exe”
“HotKeysCmds”=“C:\Windows\system32\hkcmd.exe”
“Persistence”=“C:\Windows\system32\igfxpers.exe”
“AtherosBtStack”=“C:\Program Files\Bluetooth Suite\BtvStack.exe”
“AthBtTray”=“C:\Program Files\Bluetooth Suite\AthBtTray.exe”
“AndroidManager”=“C:\Program Files\Acer\Android Manager\AML.exe”
“iPatchData”=“C:\Program Files\Acer\Updater\iUpdate.exe”
“Acer ePower Management”=“C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe”
“SunJavaUpdateSched”=“C:\Program Files\Common Files\Java\Java Update\jusched.exe”
“AVG_UI”=“C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY”
“Adobe ARM”=“C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SynTPEnh”=“%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe ”
==== Startup Registry Disabled ======================
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“iSyncData”
“hkey”=“HKLM”
“command”=“C:\\Program Files\\Acer\\Android Manager\\iSync.exe”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Malwarebytes' Anti-Malware (reboot)”
“hkey”=“HKLM”
“command”=“\”C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\“ /runcleanupscript”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“msnmsgr”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\“ /background”
“key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”
“item”=“Skype”
“hkey”=“HKCU”
“command”=“\”C:\\Program Files\\Skype\\Phone\\Skype.exe\“ /minimized /regrun”
“path”=“C:\\Users\\Isabelle\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\tcbhn.lnk”
“backup”=“C:\\Windows\\pss\\tcbhn.lnk.Startup”
“backupExtension”=“.Startup”
“command”=“C:\\Users\\Isabelle\\AppData\\Roaming\\BROWSE~1\\tcbhn.exe -interval=10 -IEhome=0 -IEsearch=0 -FFhome=0 -FFsearch=0 -CHhome=0 -CHsearch=0 -pubId= -affId=”
“item”=“tcbhn”
==== Startup Folders ======================
2010-09-17 07:39:38 1728 —-a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\ROC_REG_JAN_DELETE.job –a—— C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.startpagina.nl/”
New Values:
“Start Page”=“http://www.startpagina.nl/”
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
“DefaultScope”=“{0633EE93-D776-472f-A0FF-E1416B8B2E3A}”
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url=“http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC”
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== HijackThis Entries ======================
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: “C:\Program Files\Bluetooth Suite\BtvStack.exe”
O4 - HKLM\..\Run: “C:\Program Files\Bluetooth Suite\AthBtTray.exe”
O4 - HKLM\..\Run: C:\Program Files\Acer\Android Manager\AML.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Updater\iUpdate.exe
O4 - HKLM\..\Run: C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\AVG\AVG2013\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - Global Startup: Acer VCM.lnk = ?
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra ‘Tools’ menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
==== Empty IE Cache ======================
C:\Users\Isabelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Isabelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Isabelle\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Isabelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not found
Ben

01-04-2013 11:46

Hallo,
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
* Dubbelklik op Zoek.exe om de tool te starten.
* Kopieer nu het onderstaande vet gedrukte code en plak die in het grote invulvenster:
* Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
;r
C:\Users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk;fs
C:\Windows\pss;fs
C:\Users\Isabelle\AppData\Roaming\BROWSE~1;fs
;r
;r
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0};c
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1};c
*Klik nu op de knop "Run script".
* Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
* Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
* Post nu de inhoud van het geopende logje in het volgende bericht.
Download de Junkware Removal Tool by Thisisu naar je bureaublad
*Het is aanbevolen om beveiligingssoftware tijdelijk uit te schakelen, deze kan namelijk conflicteren met JRT.exe
*Windows XP: Start de tool doormiddel van dubbelklik.
*Windows Vista/7/8: Rechtsklik JRT.exe en kies voor “Uitvoeren als administrator”.
*De tool zal daarna je systeem scannen.
*De scan kan afhankelijk van je systeemspecificaties soms vrij lang duren, wacht geduldig af.
*Als de scan voltooid is zal een logje (JRT.txt) op je bureaublad opgeslagen worden en automatisch openen.
*Post de inhoud van deze log in je volgende bericht.
Gr.Ben
MarcelJnl

02-04-2013 10:23

Eerst de log van zoek.exe;
Zoek.exe Version 4.0.0.2 Updated 31-03-2013
Tool run by Isabelle on di 02-04-2013 at 10:01:39,37.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-960908946-2532823063-3732405439-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
==== Deleting Files \ Folders ======================
“C:\Users\Isabelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk” not found
“C:\Users\Isabelle\AppData\Roaming\BROWSE~1” not found
“C:\Windows\pss” deleted
MarcelJnl

02-04-2013 10:37

En de volgende;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.9 (04.01.2013:1)
OS: Windows 7 Starter x86
Ran by Isabelle on di 02-04-2013 at 10:25:04,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on di 02-04-2013 at 10:30:54,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ben

02-04-2013 10:41

Hallo,
Dat ziet er netjes uit, hoe gaat het nu met de pc?
Gr.Ben
MarcelJnl

02-04-2013 12:06

Hij draait lekker Ben als alles eenmaal is opgestart, maar bijv. Internet doet er lang over om geheel op te starten,voordat je iets kunt doen.

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Verzoek om ook te kijken naar de log'ds van mijn dochter.

MarcelJnl

Ben

MarcelJnl

Ben

MarcelJnl

Ben

MarcelJnl

MarcelJnl

Ben

MarcelJnl