logjes nakijken

• 

  marianne40

  18-07-2013 22:00

  Ik heb hier een laptop van een vriend van mij en die heeft problemen met het opstarten. Moet hem een aantal keer opstarten voor dat hij goed opstart.

  Hij heeft ook een keer een blauw scherm gehad maar ik weet niet wat de melding daarvan was.

  Ook knippert het scherm soms. Zouden jullie de logjes na willen kijken.

  De online scanner heeft niets gevonden.

  Logfile of random's system information tool 1.09 (written by random/random)

  Run by laptop at 2013-07-18 21:48:39

  Microsoft Windows 7 Ultimate Service Pack 1

  System drive C: has 166 GB (73%) free of 228 GB

  Total RAM: 3070 MB (50% free)

  Logfile of Trend Micro HijackThis v2.0.4

  Scan saved at 21:48:56, on 18-7-2013

  Platform: Windows 7 SP1 (WinNT 6.00.3505)

  MSIE: Internet Explorer v8.00 (8.00.7601.17514)

  Boot mode: Normal

  Running processes:

  C:\Windows\system32\Dwm.exe

  C:\Windows\Explorer.EXE

  C:\Windows\system32\taskhost.exe

  C:\Windows\OEM13Mon.exe

  C:\Program Files\DellTPad\Apoint.exe

  C:\Windows\System32\rundll32.exe

  C:\Windows\System32\rundll32.exe

  C:\Program Files\AVG\AVG9\avgtray.exe

  C:\Program Files\iTunes\iTunesHelper.exe

  C:\Windows\System32\ico.exe

  C:\Windows\System32\FSRremoS.EXE

  C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

  C:\Windows\system32\conhost.exe

  C:\Program Files\DellTPad\ApMsgFwd.exe

  C:\Program Files\DellTPad\HidFind.exe

  C:\Program Files\DellTPad\Apntex.exe

  C:\Windows\system32\conhost.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

  C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Program Files\Google\Chrome\Application\chrome.exe

  C:\Users\laptop\Desktop\RSIT.exe

  C:\Program Files\trend micro\laptop.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

  O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

  O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

  O4 - HKLM\..\Run: C:\Windows\OEM13Mon.exe

  O4 - HKLM\..\Run: OEM13Cfg.exe

  O4 - HKLM\..\Run: C:\Program Files\DellTPad\Apoint.exe

  O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

  O4 - HKLM\..\Run: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

  O4 - HKLM\..\Run: rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  O4 - HKLM\..\Run: C:\PROGRA~1\AVG\AVG9\avgtray.exe

  O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”

  O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime

  O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”

  O4 - HKLM\..\Run: ICO.EXE

  O4 - HKLM\..\RunOnce: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

  O4 - HKCU\..\Run: “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

  O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-19\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)

  O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)

  O4 - HKUS\S-1-5-20\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)

  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

  O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

  O20 - AppInit_DLLs: avgrsstx.dll

  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

  O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

  O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

  O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe

  O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

  O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

  O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

  O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

  O23 - Service: O2FLASH (o2flash) - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe

  O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

  –

  End of file - 7001 bytes

  ======Scheduled tasks folder======

  C:\Windows\tasks\Adobe Flash Player Updater.job

  C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

  ======Registry dump======

  Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

  Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

  {CCC7A320-B3CA-4199-B1A6-9F516DD69829}

  {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

  “OEM13Mon.exe”=C:\Windows\OEM13Mon.exe

  “OEM13Cfg.exe”=C:\Windows\OEM13Cfg.exe

  “Apoint”=C:\Program Files\DellTPad\Apoint.exe

  “NvCplDaemon”=C:\Windows\system32\NvCpl.dll

  “NvMediaCenter”=C:\Windows\system32\NvMcTray.dll

  “NVHotkey”=C:\Windows\system32\nvHotkey.dll

  “Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

  “AVG9_TRAY”=C:\PROGRA~1\AVG\AVG9\avgtray.exe

  “APSDaemon”=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

  “QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe

  “iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe

  “Mouse Suite 98 Daemon”=C:\Windows\system32\ICO.EXE

  “Advanced System Protector”=

  “Malwarebytes Anti-Malware”=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

  “swg”=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

  “AppInit_DLLs”=“avgrsstx.dll”

  WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

  “SecurityProviders”=credssp.dll

  “ConsentPromptBehaviorUser”=3

  “EnableUIADesktopToggle”=0

  “dontdisplaylastusername”=0

  “legalnoticecaption”=

  “legalnoticetext”=

  “shutdownwithoutlogon”=1

  “undockwithoutlogon”=1

  “vidc.mrle”=msrle32.dll

  “vidc.msvc”=msvidc32.dll

  “msacm.imaadpcm”=imaadp32.acm

  “msacm.msg711”=msg711.acm

  “msacm.msgsm610”=msgsm32.acm

  “msacm.msadpcm”=msadp32.acm

  “midimapper”=midimap.dll

  “wavemapper”=msacm32.drv

  “VIDC.UYVY”=msyuv.dll

  “VIDC.YUY2”=msyuv.dll

  “VIDC.YVYU”=msyuv.dll

  “VIDC.IYUV”=iyuv_32.dll

  “vidc.i420”=iyuv_32.dll

  “VIDC.YVU9”=tsbyuv.dll

  “msacm.l3acm”=C:\Windows\System32\l3codeca.acm

  “vidc.cvid”=iccvid.dll

  “wave”=wdmaud.drv

  “midi”=wdmaud.drv

  “mixer”=wdmaud.drv

  “aux”=wdmaud.drv

  “MSVideo8”=VfWWDM32.dll

  ======File associations======

  .js - edit - C:\Windows\System32\Notepad.exe %1

  .js - open - C:\Windows\System32\WScript.exe “%1” %*

  ======List of files/folders created in the last 3 months======

  2013-07-18 21:48:40 —-D—- C:\Program Files\trend micro

  2013-07-18 21:48:39 —-D—- C:\rsit

  2013-07-18 21:13:19 —-D—- C:\Program Files\ESET

  2013-07-18 21:11:18 —-A—- C:\mbam-log-2013-07-18 (21-03-37).txt

  2013-07-18 21:02:20 —-D—- C:\Users\laptop\AppData\Roaming\Malwarebytes

  2013-07-18 21:02:03 —-D—- C:\ProgramData\Malwarebytes

  2013-07-18 21:02:03 —-A—- C:\Windows\system32\drivers\mbam.sys

  2013-07-18 21:02:02 —-D—- C:\Program Files\Malwarebytes' Anti-Malware

  2013-07-18 20:55:34 —-A—- C:\Windows\DeleteOnReboot.bat

  2013-07-18 20:55:20 —-A—- C:\AdwCleaner.txt

  2013-07-18 17:23:06 —-N—- C:\bootsqm.dat

  2013-06-16 22:15:00 —-D—- C:\ProgramData\StarApp

  2013-04-24 14:39:49 —-D—- C:\Program Files\Cisco Systems

  2013-04-24 14:31:44 —-D—- C:\ProgramData\Cisco Systems

  ======List of files/folders modified in the last 3 months======

  2013-07-19 03:14:34 —-SHD—- C:\System Volume Information

  2013-07-18 21:48:52 —-D—- C:\Windows\Temp

  2013-07-18 21:48:40 —-RD—- C:\Program Files

  2013-07-18 21:11:21 —-D—- C:\Windows\system32\drivers

  2013-07-18 21:08:03 —-D—- C:\Windows\system32\config

  2013-07-18 21:02:03 —-HD—- C:\ProgramData

  2013-07-18 20:55:39 —-D—- C:\Windows\system32\Tasks

  2013-07-18 20:55:38 —-D—- C:\Windows\Tasks

  2013-07-18 20:55:38 —-D—- C:\Windows\System32

  2013-07-18 20:55:34 —-D—- C:\Windows

  2013-07-18 20:55:33 —-D—- C:\Program Files\Common Files\AVG Secure Search

  2013-07-18 20:49:42 —-D—- C:\Windows\inf

  2013-07-18 17:52:43 —-D—- C:\Windows\system32\drivers\Avg

  2013-07-18 17:49:00 —-D—- C:\Windows\system32\catroot2

  2013-07-18 06:28:12 —-D—- C:\Windows\winsxs

  2013-07-18 06:28:12 —-D—- C:\Windows\system32\wfp

  2013-07-18 06:28:12 —-D—- C:\Windows\system32\DriverStore

  2013-07-18 06:27:53 —-D—- C:\Windows\system32\wbem

  2013-07-18 06:27:53 —-D—- C:\Windows\system32\drivers\UMDF

  2013-07-18 06:27:53 —-D—- C:\Windows\system32\CodeIntegrity

  2013-07-18 06:27:52 —-D—- C:\Users\laptop\AppData\Roaming\Azureus

  2013-07-18 06:27:41 —-D—- C:\Windows\registration

  2013-07-17 21:37:01 —-SHD—- C:\Windows\Installer

  2013-07-17 21:37:01 —-SHD—- C:\Config.Msi

  2013-07-17 20:43:07 —-A—- C:\Windows\system32\PerfStringBackup.INI

  2013-07-17 19:52:46 —-D—- C:\Windows\Prefetch

  2013-07-17 17:32:39 —-D—- C:\Windows\SoftwareDistribution

  2013-06-12 20:21:16 —-A—- C:\Windows\system32\FlashPlayerApp.exe

  2013-06-07 17:02:21 —-D—- C:\Windows\system32\LogFiles

  2013-06-06 18:25:24 —-D—- C:\Windows\LiveKernelReports

  2013-04-25 19:45:17 —-SD—- C:\Users\laptop\AppData\Roaming\Microsoft

  2013-04-24 14:58:55 —-D—- C:\Windows\system32\NDF

  2013-04-24 14:33:14 —-D—- C:\Program Files\CCleaner

  ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

  R0 AVGIDSErHrw7x;AVG9IDSErHr; C:\Windows\System32\Drivers\AVGIDSwx.sys

  R0 AvgRkx86;avgrkx86.sys; C:\Windows\System32\Drivers\avgrkx86.sys

  R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

  R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys

  R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys

  R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys

  R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys

  R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys

  R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys

  R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys

  R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys

  R3 AVGIDSDriverw7x;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys

  R3 AVGIDSFilterw7x;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys

  R3 AVGIDSShimw7x;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys

  R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys

  R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

  R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys

  R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys

  R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys

  R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM13Vfx.sys

  R3 OEM13Vid;Creative Camera OEM013 Driver; C:\Windows\system32\DRIVERS\OEM13Vid.sys

  R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys

  S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys

  S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys

  S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys

  S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys

  S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys

  S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

  S3 pelmouse;Mouse Suite Driver; C:\Windows\system32\DRIVERS\pelmouse.sys

  S3 pelusblf;USB Mouse Low Filter Driver; C:\Windows\system32\DRIVERS\pelusblf.sys

  S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys

  S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys

  S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys

  S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys

  S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys

  S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys

  S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys

  S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys

  S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys

  S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys

  S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys

  S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys

  S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys

  S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys

  S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys

  S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys

  S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys

  S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys

  ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

  R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

  R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

  R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe

  R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe

  R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe

  R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

  R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe

  R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe

  R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

  R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

  R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe

  R2 o2flash;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe

  R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe

  R3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe

  S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe

  S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe

  S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

  S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe

  S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

  S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

  S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

  S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe

  S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe

  S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

  —————–EOF—————–

  info.txt logfile of random's system information tool 1.09 2013-07-18 21:48:58

  ======Uninstall list======

  Adobe Flash Player 11 ActiveX–>C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -maintain activex

  Adobe Reader X (10.1.7) - Nederlands–>MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AA1000000001}

  Apple Application Support–>MsiExec.exe /I{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}

  Apple Mobile Device Support–>MsiExec.exe /I{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}

  Apple Software Update–>MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

  AVG 9.0–>C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL

  Bonjour–>MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

  CCleaner–>“C:\Program Files\CCleaner\uninst.exe”

  Cisco Connect–>“C:\Program Files\Cisco Systems\Cisco Connect\Cisco Connect.exe” -uninstall

  Dell Touchpad–>C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE

  ESET Online Scanner v3–>C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

  Google Chrome–>“C:\Program Files\Google\Chrome\Application\28.0.1500.72\Installer\setup.exe” –uninstall –multi-install –chrome –system-level

  Google Earth–>MsiExec.exe /X{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}

  Google Toolbar for Internet Explorer–>“C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_80ACC8E3971CD605.exe” /uninstall

  Google Toolbar for Internet Explorer–>MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

  Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

  iTunes–>MsiExec.exe /I{23B8A91D-680B-462B-87AD-3D70F7341731}

  Laptop Integrated Webcam Driver (1.01.01.0529) –>C:\Windows\CtDrvIns.exe -uninstall -script OEM013.uns -plugin OEM13Pin.dll -pluginres OEM13Pin.crl -nodisconprompt -langid 0x0409

  Malwarebytes Anti-Malware versie 1.75.0.1300–>“C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe”

  Microsoft Office Access MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}

  Microsoft Office Excel MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}

  Microsoft Office InfoPath MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0044-0413-0000-0000000FF1CE}

  Microsoft Office Outlook MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}

  Microsoft Office PowerPoint MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}

  Microsoft Office Professional Plus 2007–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL

  Microsoft Office Professional Plus 2007–>MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

  Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

  Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

  Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

  Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

  Microsoft Office Proofing (Dutch) 2007–>MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}

  Microsoft Office Publisher MUI (Dutch) 2007–>MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}

  Microsoft Office Shared MUI (Dutch) 2007–>MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}

  Microsoft Office Word MUI (Dutch) 2007–>MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}

  Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161–>MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

  Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219–>MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

  Mouse Suite–>PMUninst.exe MouseSuite98

  NVIDIA Drivers–>C:\Windows\system32\NVUNINST.EXE UninstallGUI

  O2Micro Flash Memory Card Reader Driver (x86)–>MsiExec.exe /X{E2867240-F889-4D76-9AAF-252D9A1A623E}

  QuickTime–>MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}

  Vuze–>C:\Program Files\Vuze\uninstall.exe

  ======System event log======

  Computer Name: laptop-PC

  Event Code: 7036

  Message: De Application Experience-service heeft nu de status running.

  Record Number: 125978

  Source Name: Service Control Manager

  Time Written: 20130322133337.473364-000

  Event Type: Informatie

  User:

  Computer Name: laptop-PC

  Event Code: 7036

  Message: De Windows Error Reporting Service-service heeft nu de status running.

  Record Number: 125977

  Source Name: Service Control Manager

  Time Written: 20130322133337.223764-000

  Event Type: Informatie

  User:

  Computer Name: laptop-PC

  Event Code: 206

  Message: De Program Compatibility Assistant-service heeft fase 2 geïnitialiseerd.

  Record Number: 125976

  Source Name: Microsoft-Windows-Application-Experience

  Time Written: 20130322133230.957655-000

  Event Type: Informatie

  User: NT AUTHORITY\SYSTEM

  Computer Name: laptop-PC

  Event Code: 7036

  Message: De Multimedia Class Scheduler-service heeft nu de status stopped.

  Record Number: 125975

  Source Name: Service Control Manager

  Time Written: 20130322132830.145559-000

  Event Type: Informatie

  User:

  Computer Name: laptop-PC

  Event Code: 7036

  Message: De Google Updateservice (gupdate)-service heeft nu de status stopped.

  Record Number: 125974

  Source Name: Service Control Manager

  Time Written: 20130322132800.943133-000

  Event Type: Informatie

  User:

  =====Application event log=====

  Computer Name: laptop-PC

  Event Code: 302

  Message: Windows (3364) Windows: De database-engine heeft de herstelstappen uitgevoerd.

  Record Number: 22540

  Source Name: ESENT

  Time Written: 20121112161723.000000-000

  Event Type: Informatie

  User:

  Computer Name: laptop-PC

  Event Code: 301

  Message: Windows (3364) Windows: De database-engine is begonnen met het opnieuw afspelen van logboekbestand C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

  Record Number: 22539

  Source Name: ESENT

  Time Written: 20121112161721.000000-000

  Event Type: Informatie

  User:

  Computer Name: laptop-PC

  Event Code: 300

  Message: Windows (3364) Windows: De database-engine voert herstelstappen uit.

  Record Number: 22538

  Source Name: ESENT

  Time Written: 20121112161721.000000-000

  Event Type: Informatie

  User:

  Computer Name: laptop-PC

  Event Code: 102

  Message: Windows (3364) Windows: De database-engine (6.01.7601.0000) heeft een nieuwe sessie (0) gestart.

  Record Number: 22537

  Source Name: ESENT

  Time Written: 20121112161721.000000-000

  Event Type: Informatie

  User:

  Computer Name: laptop-PC

  Event Code: 5617

  Message: Subsystemen van Windows Management Instrumentation-service zijn geïnitialiseerd

  Record Number: 22534

  Source Name: Microsoft-Windows-WMI

  Time Written: 20121112161715.000000-000

  Event Type: Informatie

  User:

  =====Security event log=====

  Computer Name: laptop-PC

  Event Code: 4624

  Message: Er is een account aangemeld.

  Onderwerp:

  Beveiligings-id: S-1-5-18

  Accountnaam: LAPTOP-PC$

  Accountdomein: WORKGROUP

  Aanmeldings-id: 0x3e7

  Aanmeldingstype: 2

  Nieuwe aanmelding:

  Beveiligings-id: S-1-5-21-227951160-1578541104-1201672981-1001

  Accountnaam: laptop

  Accountdomein: laptop-PC

  Aanmeldings-id: 0x1518e

  Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

  Procesgegevens:

  Proces-id: 0x48c

  Naam proces: C:\Windows\System32\winlogon.exe

  Netwerkgegevens:

  Naam van werkstation: LAPTOP-PC

  Netwerkadres van bron: 127.0.0.1

  Poort van bron: 0

  Gedetailleerde verificatiegegevens:

  Aanmeldingsproces: User32

  Verificatiepakket: Negotiate

  Doorgezette services: -

  Pakketnaam (alleen NTLM): -

  Sleutellengte: 0

  Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

  De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

  In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

  Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

  In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

  De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

  - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

  - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

  - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

  - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

  Record Number: 23454

  Source Name: Microsoft-Windows-Security-Auditing

  Time Written: 20121127175639.538044-000

  Event Type: Controle geslaagd

  User:

  Computer Name: laptop-PC

  Event Code: 4648

  Message: Poging tot aanmelden met expliciete referenties.

  Onderwerp:

  Beveiligings-id: S-1-5-18

  Accountnaam: LAPTOP-PC$

  Accountdomein: WORKGROUP

  Aanmeldings-id: 0x3e7

  Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

  Account waarvan de referenties zijn gebruikt:

  Accountnaam: laptop

  Accountdomein: laptop-PC

  Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

  Doelserver:

  Naam van doelserver: localhost

  Aanvullende gegevens: localhost

  Procesgegevens:

  Proces-id: 0x48c

  Procesnaam: C:\Windows\System32\winlogon.exe

  Netwerkgegevens:

  Netwerkadres: 127.0.0.1

  Poort: 0

  Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.

  Record Number: 23453

  Source Name: Microsoft-Windows-Security-Auditing

  Time Written: 20121127175639.538044-000

  Event Type: Controle geslaagd

  User:

  Computer Name: laptop-PC

  Event Code: 5056

  Message: Er is een cryptografische zelftest uitgevoerd.

  Onderwerp:

  Beveiligings-id: S-1-5-18

  Accountnaam: LAPTOP-PC$

  Accountdomein: WORKGROUP

  Aanmeldings-id: 0x3e7

  Module: ncrypt.dll

  Retourcode: 0x0

  Record Number: 23452

  Source Name: Microsoft-Windows-Security-Auditing

  Time Written: 20121127175637.260440-000

  Event Type: Controle geslaagd

  User:

  Computer Name: laptop-PC

  Event Code: 4672

  Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

  Onderwerp:

  Beveiligings-id: S-1-5-18

  Accountnaam: SYSTEM

  Accountdomein: NT AUTHORITY

  Aanmeldings-id: 0x3e7

  Bevoegdheden: SeAssignPrimaryTokenPrivilege

  SeTcbPrivilege

  SeSecurityPrivilege

  SeTakeOwnershipPrivilege

  SeLoadDriverPrivilege

  SeBackupPrivilege

  SeRestorePrivilege

  SeDebugPrivilege

  SeAuditPrivilege

  SeSystemEnvironmentPrivilege

  SeImpersonatePrivilege

  Record Number: 23451

  Source Name: Microsoft-Windows-Security-Auditing

  Time Written: 20121127175635.528836-000

  Event Type: Controle geslaagd

  User:

  Computer Name: laptop-PC

  Event Code: 4624

  Message: Er is een account aangemeld.

  Onderwerp:

  Beveiligings-id: S-1-5-18

  Accountnaam: LAPTOP-PC$

  Accountdomein: WORKGROUP

  Aanmeldings-id: 0x3e7

  Aanmeldingstype: 5

  Nieuwe aanmelding:

  Beveiligings-id: S-1-5-18

  Accountnaam: SYSTEM

  Accountdomein: NT AUTHORITY

  Aanmeldings-id: 0x3e7

  Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

  Procesgegevens:

  Proces-id: 0x21c

  Naam proces: C:\Windows\System32\services.exe

  Netwerkgegevens:

  Naam van werkstation:

  Netwerkadres van bron: -

  Poort van bron: -

  Gedetailleerde verificatiegegevens:

  Aanmeldingsproces: Advapi

  Verificatiepakket: Negotiate

  Doorgezette services: -

  Pakketnaam (alleen NTLM): -

  Sleutellengte: 0

  Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

  De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

  In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

  Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

  In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

  De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

  - Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

  - In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

  - Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

  - Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

  Record Number: 23450

  Source Name: Microsoft-Windows-Security-Auditing

  Time Written: 20121127175635.528836-000

  Event Type: Controle geslaagd

  User:

  ======Environment variables======

  “ComSpec”=%SystemRoot%\system32\cmd.exe

  “FP_NO_HOST_CHECK”=NO

  “OS”=Windows_NT

  “Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\

  “PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

  “PROCESSOR_ARCHITECTURE”=x86

  “TEMP”=%SystemRoot%\TEMP

  “TMP”=%SystemRoot%\TEMP

  “USERNAME”=SYSTEM

  “windir”=%SystemRoot%

  “PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

  “NUMBER_OF_PROCESSORS”=2

  “PROCESSOR_LEVEL”=6

  “PROCESSOR_IDENTIFIER”=x86 Family 6 Model 15 Stepping 13, GenuineIntel

  “PROCESSOR_REVISION”=0f0d

  “windows_tracing_logfile”=C:\BVTBin\Tests\installpackage\csilogfile.log

  “windows_tracing_flags”=3

  “CLASSPATH”=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

  “QTJAVA”=C:\Program Files\QuickTime\QTSystem\QTJava.zip

  “asl.log”=Destination=file

  —————–EOF—————–

  # AdwCleaner v2.305 - Logfile created 07/18/2013 at 20:55:20

  # Updated 11/07/2013 by Xplode

  # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

  # User : laptop - LAPTOP-PC

  # Boot Mode : Normal

  # Running from : C:\Users\laptop\Desktop\adwcleaner.exe

  # Option

  ***** *****

  ***** *****

  Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

  File Deleted : C:\Windows\system32\roboot.exe

  File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job

  File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job

  Folder Deleted : C:\Program Files\AVG Secure Search

  Folder Deleted : C:\Program Files\Conduit

  Folder Deleted : C:\Program Files\RewardsArcade

  Folder Deleted : C:\Program Files\Vuze_Remote

  Folder Deleted : C:\ProgramData\AVG Secure Search

  Folder Deleted : C:\ProgramData\AVG Security Toolbar

  Folder Deleted : C:\ProgramData\InstallMate

  Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector

  Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro

  Folder Deleted : C:\ProgramData\Premium

  Folder Deleted : C:\Users\laptop\AppData\Local\AVG Secure Search

  Folder Deleted : C:\Users\laptop\AppData\Local\Conduit

  Folder Deleted : C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

  Folder Deleted : C:\Users\laptop\AppData\Local\RewardsArcade

  Folder Deleted : C:\Users\laptop\AppData\LocalLow\AVG Secure Search

  Folder Deleted : C:\Users\laptop\AppData\LocalLow\Conduit

  Folder Deleted : C:\Users\laptop\AppData\LocalLow\PriceGong

  Folder Deleted : C:\Users\laptop\AppData\LocalLow\Vuze_Remote

  ***** *****

  Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

  Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

  Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

  Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

  Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

  Key Deleted : HKCU\Software\AppDataLow\Software\RewardsArcade

  Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

  Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote

  Key Deleted : HKCU\Software\AppDataLow\Toolbar

  Key Deleted : HKCU\Software\AVG Secure Search

  Key Deleted : HKCU\Software\Conduit

  Key Deleted : HKCU\Software\Cr_Installer

  Key Deleted : HKCU\Software\InstalledBrowserExtensions

  Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

  Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041198}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041198}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}

  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

  Key Deleted : HKCU\Software\Softonic

  Key Deleted : HKCU\Software\systweak

  Key Deleted : HKLM\Software\AVG Secure Search

  Key Deleted : HKLM\Software\AVG Security Toolbar

  Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

  Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

  Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

  Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

  Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

  Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

  Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

  Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011041198}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022042298}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033043398}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

  Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000498.BHO

  Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000498.BHO.1

  Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000498.FBApi

  Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000498.FBApi.1

  Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000498.Sandbox

  Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000498.Sandbox.1

  Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

  Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

  Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055045598}

  Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066046698}

  Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077047798}

  Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

  Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

  Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

  Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

  Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

  Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044044498}

  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

  Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

  Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

  Key Deleted : HKLM\Software\Conduit

  Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011041198}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16B98832-A6AF-42A0-8A7D-E89A113CAB90}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F528F9F-70C3-409E-B3C3-76E8309F624C}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041198}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041198}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

  Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade

  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar

  Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

  Key Deleted : HKLM\Software\systweak

  Key Deleted : HKLM\Software\Vuze_Remote

  Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

  Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

  Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks

  Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

  Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

  Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks

  Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions

  ***** *****

  -\\ Internet Explorer v8.0.7601.17514

  Replaced : = hxxp://search.conduit.com?SearchSource=10&ctid=CT2504091 –> hxxp://www.google.com

  Replaced : = hxxp://isearch.avg.com/tab?cid={B75E9BF1-5EA9-4F02-BF33-A4F5B8729933}&mid=6d1046c99faa47d0977ed15565b11193-b602d594afd2b0b327e07a06f36ca6a7e42546d0&lang=nl&ds=AVG&pr=pa&d=2012-05-30 22:24:12&pid=avg&sg=0&v=15.3.0.11&sap=nt –> hxxp://www.google.com

  -\\ Google Chrome v28.0.1500.72

  File : C:\Users\laptop\AppData\Local\Google\Chrome\User Data\Default\Preferences

  File is clean.

  *************************

  AdwCleaner.txt - -

  ########## EOF - C:\AdwCleaner.txt - ##########

  Malwarebytes Anti-Malware (-evaluatieversie-) 1.75.0.1300

  www.malwarebytes.org

  Databaseversie: v2013.07.18.04

  Windows 7 Service Pack 1 x86 NTFS

  Internet Explorer 8.0.7601.17514

  laptop :: LAPTOP-PC

  Bescherming: Ingeschakeld

  18-7-2013 21:03:37

  mbam-log-2013-07-18 (21-03-37).txt

  Scan type: Snelle scan

  Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

  Uitgeschakelde scan opties: P2P

  Objecten gescand: 202849

  Verstreken tijd: 6 minuut/minuten, 27 seconde(n)

  Geheugenprocessen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Geheugenmodulen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registersleutels gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerwaarden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Registerdata gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Mappen gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  Bestanden gedetecteerd: 0

  (Geen kwaadaardige objecten gedetecteerd)

  (einde)

  Rapporteren
• 

  fazantje

  18-07-2013 23:45

  Hoi Marianne,

  ADW Cleaner heeft het nodige al verwijderd.

  Pas op met het downloaden bij Softsonic, dit is in de meeste gevallen onverantwoord.

  Een bleu screen kan 1001 oorzaken zijn, lastig om te achterhalen, ondanks de codes die e.v.t. bekend zijn.

  Download Combofix hier en plaats het op jou bureaublad.

  Schakel nu eerst jou virusscanner uit. Deze gaat weer aan nadat computer opnieuw is opgestart.

  Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,

  want Combofix wordt dagelijks geupdate.

  OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt

  van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

  Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  Dubbelklik op Combofix.exe

  Volg de instructies, aanvaard de disclaimer.

  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

  De scan kan, afhankelijk van de besmetting 40 tot wel 100 minuten duren, dus denk niet van hij zit vast.

  Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

  Plaats in jou volgende bericht het logje van Combofix en vertel hoe het nu gaat.

  Succes,

  Huib;)

  

  Rapporteren
• 

  marianne40

  19-07-2013 20:06

  Ik dacht dat ik avg goed had uitgeschakeld maar ik kreeg op het laatste moment een melding van de identity protection.

  Deze heb ik toegestaan en combofix ging gewoon verder.

  Hieronder het logje.

  Moet ik nu evengoed combofix opnieuw downloaden en laten draaien?

  Verder gaat het naar mijn idee goed met de laptop. Ik heb nog geen opstartproblemen gehad.

  Groetjes Marianne

  ComboFix 13-07-18.04 - laptop 19-07-2013 19:46:39.1.2 - x86

  Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1974

  Running from: c:\users\laptop\Desktop\ComboFix.exe

  AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

  FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

  SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

  SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

  * Created a new restore point

  .

  .

  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  c:\users\Public\sdelevURL.tmp

  D:\AUTORUN.INF

  .

  .

  ((((((((((((((((((((((((( Files Created from 2013-06-19 to 2013-07-19 )))))))))))))))))))))))))))))))

  .

  .

  2013-07-19 17:53 . 2013-07-19 17:53 ——– d—–w- c:\users\Default\AppData\Local\temp

  2013-07-18 19:48 . 2013-07-18 19:48 ——– d—–w- c:\program files\trend micro

  2013-07-18 19:48 . 2013-07-18 19:48 ——– d—–w- C:\rsit

  2013-07-18 19:13 . 2013-07-18 19:13 ——– d—–w- c:\program files\ESET

  2013-07-18 19:02 . 2013-07-18 19:02 ——– d—–w- c:\users\laptop\AppData\Roaming\Malwarebytes

  2013-07-18 19:02 . 2013-07-18 19:02 ——– d—–w- c:\programdata\Malwarebytes

  2013-07-18 19:02 . 2013-04-04 12:50 22856 —-a-w- c:\windows\system32\drivers\mbam.sys

  2013-07-18 19:02 . 2013-07-18 19:02 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware

  2013-07-18 19:01 . 2013-07-18 19:01 ——– d—–w- c:\users\laptop\AppData\Local\Programs

  2013-07-18 18:55 . 2013-07-18 18:55 115 —-a-w- c:\windows\DeleteOnReboot.bat

  .

  .

  .

  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  2013-06-26 15:07 . 2012-09-03 21:47 37664 —-a-w- c:\windows\system32\drivers\avgtpx86.sys

  2013-06-12 18:21 . 2012-11-04 12:34 71048 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

  2013-06-12 18:21 . 2012-11-04 12:34 692104 —-a-w- c:\windows\system32\FlashPlayerApp.exe

  2013-04-28 07:46 . 2013-04-20 08:07 163504 —-a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin

  .

  .

  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

  .

  .

  *Note* empty entries & legit default entries are not shown

  REGEDIT4

  .

  “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”

  .

  “OEM13Mon.exe”=“c:\windows\OEM13Mon.exe”

  “OEM13Cfg.exe”=“OEM13Cfg.exe”

  “Apoint”=“c:\program files\DellTPad\Apoint.exe”

  “NvCplDaemon”=“c:\windows\system32\NvCpl.dll”

  “NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”

  “NVHotkey”=“c:\windows\system32\nvHotkey.dll”

  “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

  “AVG9_TRAY”=“c:\progra~1\AVG\AVG9\avgtray.exe”

  “APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”

  “QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”

  “iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”

  “Mouse Suite 98 Daemon”=“ICO.EXE”

  .

  “ConsentPromptBehaviorUser”= 3 (0x3)

  “EnableUIADesktopToggle”= 0 (0x0)

  .

  “AppInit_DLLs”=c:\windows\System32\avgrsstx.dll

  .

  “aux”=wdmaud.drv

  .

  @=“Driver”

  .

  R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe

  R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys

  R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys

  R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys

  R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys

  R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys

  R3 TsUsbFlt;TsUsbFlt;

  S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys

  S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys

  S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys

  S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys

  S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys

  S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys

  S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe

  S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe

  S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe

  S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent

  S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe

  S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

  S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys

  S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys

  S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys

  S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

  S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys

  S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys

  S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys

  S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys

  .

  .

  2013-07-18 16:38 1173456 —-a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

  .

  Contents of the ‘Scheduled Tasks’ folder

  .

  2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job

  - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

  .

  2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

  - c:\program files\Google\Update\GoogleUpdate.exe

  .

  2013-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

  - c:\program files\Google\Update\GoogleUpdate.exe

  .

  .

  ——- Supplementary Scan ——-

  .

  uStart Page = hxxp://www.google.com

  uInternet Settings,ProxyOverride = *.local

  IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

  TCP: DhcpNameServer = 192.168.178.1

  .

  - - - - ORPHANS REMOVED - - - -

  .

  Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

  WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

  HKLM-Run-Advanced System Protector - (no file)

  .

  .

  .

  ——————— LOCKED REGISTRY KEYS ———————

  .

  @Denied: (A 2) (Everyone)

  @=“FlashBroker”

  “LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101”

  .

  “Enabled”=dword:00000001

  .

  @=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe”

  .

  @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

  .

  @Denied: (A 2) (Everyone)

  @=“IFlashBroker5”

  .

  @=“{00020424-0000-0000-C000-000000000046}”

  .

  @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

  “Version”=“1.0”

  .

  @Denied: (Full) (Everyone)

  .

  Completion time: 2013-07-19 20:01:47

  ComboFix-quarantined-files.txt 2013-07-19 18:01

  .

  Pre-Run: 174.049.693.696 bytes beschikbaar

  Post-Run: 173.975.990.272 bytes beschikbaar

  .

  - - End Of File - - B9BB3BAC2DC3B4CA0448A09AE97C78C2

  A36C5E4F47E84449FF07ED3517B43A31

  Rapporteren
• 

  fazantje

  20-07-2013 16:16

  Hoi Marianne,

  de logjes zien er goed uit.

  Als jij zegt dat de computer weer goed draait, dan kijken we niet verder meer;)

  Met het onderstaande tooltje ruim je o.a. alle gebruikte tools op:

  Download Delfix by Xplode naar het bureaublad.

  Dubbelklik op Delfix.exe om de tool te starten.

  Zet nu vinkjes voor de volgende items:

  Activate UAC

  Remove disinfection tools

  Create registry backup

  Purge System Restore

  Reset system settings

  Klik nu op “Run” en wacht geduldig tot de tool gereed is.

  Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft je echter niet te plaatsen.

  Mochten er nog tools overgebleven zijn dan kan je die zelf verwijderen.

  Succes,

  Huib;)

  

  Rapporteren
• 

  marianne40

  22-07-2013 17:49

  Hoi Huib

  Sorry voor de late reactie maar ik was aan het genieten van het mooie weer.

  Ik heb de programma`s verwijderd. En volgens mij draait de laptop weer goed.

  Ik zal de laptop weer terugbrengen.

  Jullie weer super bedankt voor de hulp.

  Groetjes Marianne

  Rapporteren
• 

  fazantje

  22-07-2013 19:49

  Hoi Marianne,

  Geeft niks hoor, ik geniet er ook van(tu)

  Bedankt,

  Huib;)

  

  Rapporteren
• 

  fazantje

  28-07-2013 00:11

  Omdat dit topic is opgelost word het gesloten.

  Wilt U Uw topic als nog weer openen, stuur dan een privé bericht naar Ben of Huib (fazantje).

  Zij zullen dan het “slotje” er van af halen en het topic is weer geopend.

  Het AV team.

  Rapporteren

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.