Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Vreemd bestand/trage laptop/rare meldingen

Abraham54
14 antwoorden
  • Sinds enige tijd is mijn laptop erg traag en verschijnen er ongewenste internetberichten (in een apart scherm). Na zoeken kwam ik op deze site uit bij het onderwerp http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=219161. De problemen kwamen overeen en ik heb de instructies gevolgd die staan stonden t/m malwarebytes. Hier de logjes:

    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.9 (03.06.2013:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by ronaldk on zo 10-03-2013 at 17:03:25,19
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] browser manager
    Successfully deleted: [Service] browser manager
    Successfully stopped: [Service] application updater
    Successfully deleted: [Service] application updater



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\searchsettings
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-206474922-3929276341-13090053-1000\software\microsoft\internet explorer\main\\Start Page
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\application updater
    Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
    Successfully deleted: [Registry Key] hkey_current_user\software\blabbers
    Successfully deleted: [Registry Key] hkey_current_user\software\browsercompanion
    Successfully deleted: [Registry Key] hkey_local_machine\software\browsercompanion
    Failed to delete: [Registry Key] hkey_current_user\software\datamngr
    Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
    Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\search settings
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tdataprotocol.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\updatebho.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wit4ie.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\base64
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\chrome
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\prox
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tdataprotocol.ctdata
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tdataprotocol.ctdata.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\updatebho.timerbho
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\updatebho.timerbho.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wit4ie.witbho
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wit4ie.witbho.2
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00cbb66b-1d3b-46d3-9577-323a336acb50}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{963b125b-8b21-49a2-a3a8-e37092276531}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{963b125b-8b21-49a2-a3a8-e37092276531}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\babylon"
    Successfully deleted: [Folder] "C:\ProgramData\browser manager"
    Successfully deleted: [Folder] "C:\ProgramData\fighters"
    Failed to delete: [Folder] "C:\ProgramData\ginyasbrowsercompanion"
    Failed to delete: [Folder] "C:\ProgramData\application data\ginyasbrowsercompanion"
    Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\ad on multimedia"
    Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\babylon"
    Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\browsercompanion"
    Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\desktopicon"
    Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\fighters"
    Successfully deleted: [Folder] "C:\Users\ronaldk\appdata\locallow\bbrs_002.tb"
    Successfully deleted: [Folder] "C:\Users\ronaldk\appdata\locallow\pdfforge"
    Successfully deleted: [Folder] "C:\Users\ronaldk\appdata\locallow\search settings"
    Successfully deleted: [Folder] "C:\Program Files\application updater"
    Successfully deleted: [Folder] "C:\Program Files\browsercompanion"
    Successfully deleted: [Folder] "C:\Program Files\pdfforge toolbar"
    Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\bprotector_extensions.sqlite
    Successfully deleted: [File] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\bprotector_prefs.js
    Successfully deleted: [Folder] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\extensions\bbrs_002@blabbers.com
    Failed to delete: [Folder] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\extensions\wtxpcom@mybrowserbar.com
    Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}
    Emptied folder: C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\minidumps [9 files]



    ~~~ Chrome

    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgafcinpmmpklohkojmllohdhomoefph



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on zo 10-03-2013 at 17:11:23,09
    Computer was rebooted
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.70.0.1100
    www.malwarebytes.org

    Databaseversie: v2013.03.22.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19019
    ronaldk :: RONALDK-LAPTOP [administrator]

    Bescherming: Ingeschakeld

    22-3-2013 16:03:27
    mbam-log-2013-03-22 (16-03-27).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 227198
    Verstreken tijd: 16 minuut/minuten, 22 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 5
    HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    Graag advies hoe nu verder te gaan, want het probleem lijkt nog niet te zijn opgeloste.

    groetjes,
    Ingeborg.
  • Graag de twee logs in één keer posten.

  • Hi Abraham,

    Dank voor je reactie. Acties zijn uitgevoerd en ik heb de volgende logjes.

    # AdwCleaner v2.115 - Verslag gemaakt op 23/03/2013 om 14:40:12
    # Geactualiseerd op 17/03/2013 door Xplode
    # Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Gebruiker : ronaldk - RONALDK-LAPTOP
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\ronaldk\Downloads\adwcleaner (1).exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Verwijdert : C:\Users\ronaldk\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    File Verwijdert : C:\Users\ronaldk\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
    File Verwijdert : C:\Users\ronaldk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
    File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
    File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
    File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Runner.job
    File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
    File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
    Map Verwijdert : C:\Program Files\AVG Secure Search
    Map Verwijdert : C:\Program Files\OCS
    Map Verwijdert : C:\ProgramData\AVG Secure Search
    Map Verwijdert : C:\Users\ronaldk\AppData\Local\AVG Secure Search
    Map Verwijdert : C:\Users\ronaldk\AppData\Local\AVG Security Toolbar
    Map Verwijdert : C:\Users\ronaldk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
    Map Verwijdert : C:\Users\ronaldk\AppData\Local\PackageAware
    Map Verwijdert : C:\Users\ronaldk\AppData\LocalLow\AVG Secure Search
    Map Verwijdert : C:\Users\ronaldk\AppData\LocalLow\AVG Security Toolbar
    Map Verwijdert : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}
    Map Verwijdert : C:\Windows\system32\bProtectorForWindows
    Map Verwijdert : C:\Windows\system32\Browser Manager
    Verwijdert bij het opstarten : C:\Program Files\Common Files\AVG Secure Search
    Verwijdert bij het opstarten : C:\ProgramData\GinyasBrowserCompanion

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\59578fd1b56eba42
    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\pdfforge
    Sleutel Verwijdert : HKCU\Software\AVG Secure Search
    Sleutel Verwijdert : HKCU\Software\AVG Security Toolbar
    Sleutel Verwijdert : HKCU\Software\DataMngr
    Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijdert : HKCU\Software\pdfforge
    Sleutel Verwijdert : HKCU\Software\Search Settings
    Sleutel Verwijdert : HKLM\SOFTWARE\59578fd1b56eba42
    Sleutel Verwijdert : HKLM\Software\AVG Secure Search
    Sleutel Verwijdert : HKLM\Software\AVG Security Toolbar
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Sleutel Verwijdert : HKLM\Software\DataMngr
    Sleutel Verwijdert : HKLM\Software\GinyasBrowserCompanion
    Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
    Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Sleutel Verwijdert : HKLM\Software\pdfforge
    Sleutel Verwijdert : HKLM\Software\Search Settings
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
    Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Browsers] *****

    -\\ Internet Explorer v8.0.6001.19019

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Mozilla Firefox v16.0.1 (nl)

    File : C:\Users\ronaldk\AppData\Roaming\Mozilla\Firefox\Profiles\33cnnxka.default\prefs.js

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    -\\ Google Chrome v25.0.1364.172

    File : C:\Users\ronaldk\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [381 octets] - [23/03/2013 14:37:48]
    AdwCleaner[S2].txt - [10786 octets] - [23/03/2013 14:40:12]

    ########## EOF - C:\AdwCleaner[S2].txt - [10847 octets] ##########

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com
    oguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    besturingssysteem : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Gestart vanuit : Normale modus
    Gebruiker : ronaldk [Administrator rechten]
    Modus : Scan – Datum : 03/23/2013 15:06:37
    | ARK || FAK || MBR |

    ¤¤¤ Kwaadaardige processen : 0 ¤¤¤

    ¤¤¤ Register verwijzingen : 6 ¤¤¤
    [HJPOL] HKCU\[…]\System : DisableTaskMgr (0) -> gevonden
    [HJPOL] HKCU\[…]\System : DisableRegistryTools (0) -> gevonden
    [HJ] HKLM\[…]\System : EnableLUA (0) -> gevonden
    [HJ SMENU] HKCU\[…]\Advanced : Start_ShowRun (0) -> gevonden
    [HJ DESK] HKLM\[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
    [HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

    ¤¤¤ Speciale Files / Folders: ¤¤¤

    ¤¤¤ Driver : [Geladen] ¤¤¤

    ¤¤¤ HOSTS Bestand: ¤¤¤
    –> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Controle: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
    — User —
    [MBR] 7f8c920ef524d73e4e0f13b69f6da472
    [BSP] 542233c9b9232c8522bf58bc7eb5b0ca : Acer MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482875 | Size: 52234 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 127459710 | Size: 52234 Mo
    User = LL1 … OK!
    User = LL2 … OK!

    +++++ PhysicalDrive1: Samsung G2 Portable +++++
    — User —
    [MBR] 3dac689a20ee02be2b940a79556353c1
    [BSP] 87d7a2399f0f8396abab0e0ad9840603 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2 | Size: 305245 Mo
    User = LL1 … OK!
    Error reading LL2 MBR!

    Gereed : << RKreport[1]_S_03232013_02d1506.txt >>
    RKreport[1]_S_03232013_02d1506.txt

    groetjes,
    Ingeborg.
  • Je hoeft RogueKiller niet nogmaals te gebruiken.
    Wel wil ik graag weten waarom jij Gebruikersaccountbeheer hebt gedeactiveerd.

    We gaan verder kijken:

    [b:e610f3fe2f]Welk programma[/b:e610f3fe2f]:
  • Ik heb Combofix geïnstalleerd en gestart volgens de procedure. Kreeg tussentijds nog wel een melding van AVG ondanks dat ik deze heb uitgeschakeld. Programma toegestaan en melding gsloten.

    Combofix draait nu al 1.5 uur en er staat alleen nog de eerste melding in het blauwe scherm. Klopt dit wel?

    groetjes Ingeborg.
  • Waarom het gebrukersaccountbeheer stond uitgeschakeld heb ik geen idee van. Ik heb deze laptop langdurig in bruikleen van mijn broer en vermoed dat hij dit gedaan heeft. Ik heb hem inmiddels weer ingeschakeld.
  • Hallo Ingeborg, verwijder ComboFix maar van het bureaublad en leeg vervolgens de prullenbak.

    Start je notebook dan opnieuw op naar Veilige modus met netwerkmogelijkheid.
    http://users.telenet.be/marcvn/spyware/veilige-modus.html

    Download vervolgens ComboFix opnieuw en start dan de scan.



    Post aansluitend de inhoud van het log.
  • Als een zonnetje via de veilige modus.

    Hier de logggegevens:
    ComboFix 13-03-24.03 - ronaldk 25-03-2013 9:37.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2045.1556 [GMT 1:00]
    Gestart vanuit: c:\users\ronaldk\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\ronaldk\AppData\Local\assembly\tmp
    c:\windows\security\Database\tmp.edb
    c:\windows\system32\html
    c:\windows\system32\html\calendar.html
    c:\windows\system32\html\calendarbottom.html
    c:\windows\system32\html\calendartop.html
    c:\windows\system32\html\crystalexportdialog.htm
    c:\windows\system32\html\crystalprinthost.html
    c:\windows\system32\images
    c:\windows\system32\images\toolbar\calendar.gif
    c:\windows\system32\images\toolbar\crlogo.gif
    c:\windows\system32\images\toolbar\export.gif
    c:\windows\system32\images\toolbar\export_over.gif
    c:\windows\system32\images\toolbar\exportd.gif
    c:\windows\system32\images\toolbar\First.gif
    c:\windows\system32\images\toolbar\first_over.gif
    c:\windows\system32\images\toolbar\Firstd.gif
    c:\windows\system32\images\toolbar\gotopage.gif
    c:\windows\system32\images\toolbar\gotopage_over.gif
    c:\windows\system32\images\toolbar\gotopaged.gif
    c:\windows\system32\images\toolbar\grouptree.gif
    c:\windows\system32\images\toolbar\grouptree_over.gif
    c:\windows\system32\images\toolbar\grouptreed.gif
    c:\windows\system32\images\toolbar\grouptreepressed.gif
    c:\windows\system32\images\toolbar\Last.gif
    c:\windows\system32\images\toolbar\last_over.gif
    c:\windows\system32\images\toolbar\Lastd.gif
    c:\windows\system32\images\toolbar\Next.gif
    c:\windows\system32\images\toolbar
    ext_over.gif
    c:\windows\system32\images\toolbar\Nextd.gif
    c:\windows\system32\images\toolbar\Prev.gif
    c:\windows\system32\images\toolbar\prev_over.gif
    c:\windows\system32\images\toolbar\Prevd.gif
    c:\windows\system32\images\toolbar\print.gif
    c:\windows\system32\images\toolbar\print_over.gif
    c:\windows\system32\images\toolbar\printd.gif
    c:\windows\system32\images\toolbar\Refresh.gif
    c:\windows\system32\images\toolbar\refresh_over.gif
    c:\windows\system32\images\toolbar\refreshd.gif
    c:\windows\system32\images\toolbar\Search.gif
    c:\windows\system32\images\toolbar\search_over.gif
    c:\windows\system32\images\toolbar\searchd.gif
    c:\windows\system32\images\toolbar\up.gif
    c:\windows\system32\images\toolbar\up_over.gif
    c:\windows\system32\images\toolbar\upd.gif
    c:\windows\system32\images\tree\begindots.gif
    c:\windows\system32\images\tree\beginminus.gif
    c:\windows\system32\images\tree\beginplus.gif
    c:\windows\system32\images\tree\blank.gif
    c:\windows\system32\images\tree\blankdots.gif
    c:\windows\system32\images\tree\dots.gif
    c:\windows\system32\images\tree\lastdots.gif
    c:\windows\system32\images\tree\lastminus.gif
    c:\windows\system32\images\tree\lastplus.gif
    c:\windows\system32\images\tree\Magnify.gif
    c:\windows\system32\images\tree\minus.gif
    c:\windows\system32\images\tree\minusbox.gif
    c:\windows\system32\images\tree\plus.gif
    c:\windows\system32\images\tree\plusbox.gif
    c:\windows\system32\images\tree\singleminus.gif
    c:\windows\system32\images\tree\singleplus.gif
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-02-25 to 2013-03-25 ))))))))))))))))))))))))))))))
    .
    .
    2013-03-25 08:50 . 2013-03-25 08:52 ——– d—–w- c:\users\ronaldk\AppData\Local\temp
    2013-03-25 08:50 . 2013-03-25 08:50 ——– d—–w- c:\users\Default\AppData\Local\temp
    2013-03-23 13:28 . 2013-03-23 13:35 ——– d—–w- c:\program files\PrintKey2000
    2013-03-22 13:46 . 2013-03-22 13:46 ——– d—–w- c:\users\ronaldk\AppData\Roaming\Malwarebytes
    2013-03-22 13:44 . 2013-03-22 13:44 ——– d—–w- c:\programdata\Malwarebytes
    2013-03-22 13:44 . 2012-12-14 15:49 21104 —-a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-22 13:44 . 2013-03-22 13:45 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2013-03-10 15:09 . 2013-03-10 15:09 ——– d—–w- c:\windows\ERUNT
    2013-03-10 15:09 . 2013-03-10 15:09 ——– d—–w- C:\JRT
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-17 09:31 . 2012-05-03 16:20 693976 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-17 09:31 . 2011-06-07 08:50 73432 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-19 06:42 . 2012-09-04 16:19 33112 —-a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-10-12 00:39 . 2012-10-12 00:38 261600 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
    "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
    "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
    "PrestigoSync"="d:\program files\Philips\PrestigoSync\1.0.15.0\PSDetectorLauncher.exe" [2009-02-06 455544]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform
    mctxth.exe" [2009-07-07 647216]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "STO Backup Service"="c:\program files\SmarThru Office\BackUpSvr.exe" [2009-07-01 184320]
    "STO Launcher Service"="c:\program files\SmarThru Office\LegacyLauncher.exe" [2009-07-01 331776]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-23 614400]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390712]
    "SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-20 2536752]
    "TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-21 5459136]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    .
    c:\users\ronaldk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\ronaldk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-30 719664]
    Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2013-3-23 869376]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiSpywareOverride"=dword:00000001
    .
    R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]
    R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - ECACHE
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-17 08:35 1629648 —-a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 09:31]
    .
    2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-11 17:34]
    .
    2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-11 17:34]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://nl.intl.acer.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
    IE: Afbeelding van selectie - c:\program files\SmarThru Office\WebCapture.dll2.htm
    IE: Capture Selection - c:\program files\SmarThru Office\WebCapture.dll2.htm
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Geselecteerde tekst opslaan - c:\program files\SmarThru Office\WebCapture.dll.htm
    IE: Opslaan als HTML - c:\program files\SmarThru Office\WebCapture.dll1.htm
    IE: Save as HTML - c:\program files\SmarThru Office\WebCapture.dll1.htm
    IE: Save Selected Text - c:\program files\SmarThru Office\WebCapture.dll.htm
    IE: Send image to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Web Capture - c:\program files\SmarThru Office\WebCapture.dll
    TCP: DhcpNameServer = 192.168.2.254
    FF - ProfilePath - c:\users\ronaldk\AppData\Roaming\Mozilla\Firefox\Profiles\33cnnxka.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
    FF - ExtSQL: !HIDDEN! 2009-07-09 10:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
    AddRemove-Aangifte inkomstenbelasting 2011 - c:\users\ronaldk\Dropbox\Zaak\Administratie\2011\ib2011u.exe
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    AddRemove-UPC Fiber Power Optimizer - c:\programdata\{27B0A538-DF16-44D6-820D-D0B042C42C20}\upc optimizer.exe
    AddRemove-{631141AD-79AA-447F-B403-21C704D39B8C} - c:\programdata\{27B0A538-DF16-44D6-820D-D0B042C42C20}\upc optimizer.exe
    AddRemove-{A2B58B18-5D04-4006-9713-B6945880746E} - c:\users\ronaldk\AppData\Local\{65B1AA84-C1DF-4A2E-A28C-E242BD7DE4B3}\Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-25 09:52
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'Explorer.exe'(628)
    c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    c:\program files\Pure Networks\Network Magic
    mrsrc.dll
    c:\program files\Common Files\Intel\WirelessCommon\PsRegApi.dll
    c:\program files\Common Files\Intel\WirelessCommon\CustomUIResource.dll
    c:\program files\Intel\WiFi\bin\LangResources\NLD\iPCPlNLD.dll
    .
    Voltooingstijd: 2013-03-25 09:56:26
    ComboFix-quarantined-files.txt 2013-03-25 08:56
    .
    Pre-Run: 2.588.438.528 bytes beschikbaar
    Post-Run: 2.703.847.424 bytes beschikbaar
    .
    - - End Of File - - 5824C620937507A1BD3C03FAB18AB7CD


  • Laat nu eerst weten hoe het inmiddels met jouw Windows gaat.
  • Mwah, niet echt om over naar huis te schrijven. Google Chrome werkte niet meer, heb ik inmiddels verwijderd en zit nu via internet explorer. Vanuit Adobe probeer ik nu te printen (snelknop) en deze loopt vast. Deze problemen had ik voorheen niet. Ik ga opnieuw opstarten en kijken wat er dan gebeurt.
  • Heeft het heropstarten inmiddels geholpen?
    Chrome kan je overigens herinstalleren.

    [b:dcdd288008][/b:dcdd288008]
    [list:dcdd288008]
    [*:dcdd288008]Klik op de knop [b:dcdd288008]
  • Wederom bedankt voor je hulp en antwoord. Hierbij de log van Eset.

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6920
    # api_version=3.0.2
    # EOSSerial=ade6f7bf19dc334aad07a00b9e1efc64
    # engine=13497
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-03-27 11:13:56
    # local_time=2013-03-28 12:13:56 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1039 16777213 100 99 29272 51556420 0 0
    # compatibility_mode=5892 16776574 100 100 93335843 201958764 0 0
    # scanned=260417
    # found=6
    # cleaned=6
    # scan_time=17005
    sh=2FA20142767ADFA3D34FD2B8408069CD5DC6D107 ft=1 fh=aaac964b3323feac vn="Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\ronaldk\Downloads\installer_ccleaner_Dutch.exe"
    sh=C9BB19324790C4367F9D9D0CB0EB4C926943D1E8 ft=1 fh=87fc7a750880b3cd vn="a variant of Win32/MessengerPlus.A application (deleted - quarantined)" ac=C fn="C:\Users\ronaldk\Downloads\Setup.exe"
    sh=9FF44FBC3631DEE8E084C1F7B3C798A9826EBD28 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Toolbar.Widgi application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\50cb752.msi"
    sh=EC3AC8118C371C72085D2594714DD0C2E0F8EA2C ft=1 fh=3f56712372ca3f9c vn="Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt5FB3.tmp"
    sh=A17BF4722A7BE0C41D706C21FA97F1DB0A18CE33 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="D:\Downloads\W\AInDesign CS5.rar"
    sh=EE12993C42E6A6D7E1B4D76C51306E0BB91AC4AE ft=0 fh=0000000000000000 vn="Win32/TrojanDropper.Agent.PUJ trojan (deleted - quarantined)" ac=C fn="D:\Downloads\W\Microsoft Office 2010 Professional+ 32bit (AKTIVATED)\MS-Office-2010.iso"
  • Vertel nu hoe jouw Windows inmiddels draait.
  • Ik heb het even aangekeken en heb het idee dat alles weer werkt zoals het zou moeten werken. Geen rare pop-up sites meer en geen rare meldingen. Dank voor al je hulp, chapeau voor je kennis en dat je hiermee anderen belangeloos wilt helpen. Je zult me vast snel terugzien, want heb nog een PC die niet lekker werkt en vast en zeker een opschoning kan gebruiken. Heb de laatste week iedere keer dat internet (LAN) het niet doet (bij andere PC's wel) en pas weer gaat werken na het restarten van de router. Wil je dat ik hier een nieuw topic voor open?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.