Sinds enige tijd is mijn laptop erg traag en verschijnen er ongewenste internetberichten (in een apart scherm). Na zoeken kwam ik op deze site uit bij het onderwerp http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=219161. De problemen kwamen overeen en ik heb de instructies gevolgd die staan stonden t/m malwarebytes. Hier de logjes:

Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by ronaldk on zo 10-03-2013 at 17:03:25,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browser manager
Successfully deleted: [Service] browser manager
Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\searchsettings
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-206474922-3929276341-13090053-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\application updater
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\blabbers
Successfully deleted: [Registry Key] hkey_current_user\software\browsercompanion
Successfully deleted: [Registry Key] hkey_local_machine\software\browsercompanion
Failed to delete: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\search settings
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tdataprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\updatebho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wit4ie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\base64
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\prox
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tdataprotocol.ctdata
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tdataprotocol.ctdata.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\updatebho.timerbho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\updatebho.timerbho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wit4ie.witbho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wit4ie.witbho.2
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00cbb66b-1d3b-46d3-9577-323a336acb50}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{963b125b-8b21-49a2-a3a8-e37092276531}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{963b125b-8b21-49a2-a3a8-e37092276531}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Failed to delete: [Folder] "C:\ProgramData\ginyasbrowsercompanion"
Failed to delete: [Folder] "C:\ProgramData\application data\ginyasbrowsercompanion"
Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\ad on multimedia"
Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\browsercompanion"
Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\desktopicon"
Successfully deleted: [Folder] "C:\Users\ronaldk\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\ronaldk\appdata\locallow\bbrs_002.tb"
Successfully deleted: [Folder] "C:\Users\ronaldk\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\ronaldk\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\application updater"
Successfully deleted: [Folder] "C:\Program Files\browsercompanion"
Successfully deleted: [Folder] "C:\Program Files\pdfforge toolbar"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"



~~~ FireFox

Successfully deleted: [File] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\bprotector_prefs.js
Successfully deleted: [Folder] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\extensions\bbrs_002@blabbers.com
Failed to delete: [Folder] C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\extensions\wtxpcom@mybrowserbar.com
Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}
Emptied folder: C:\Users\ronaldk\AppData\Roaming\mozilla\firefox\profiles\33cnnxka.default\minidumps [9 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgafcinpmmpklohkojmllohdhomoefph



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 10-03-2013 at 17:11:23,09
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (-evaluatieversie-) 1.70.0.1100
www.malwarebytes.org

Databaseversie: v2013.03.22.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19019
ronaldk :: RONALDK-LAPTOP [administrator]

Bescherming: Ingeschakeld

22-3-2013 16:03:27
mbam-log-2013-03-22 (16-03-27).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 227198
Verstreken tijd: 16 minuut/minuten, 22 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 5
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

Graag advies hoe nu verder te gaan, want het probleem lijkt nog niet te zijn opgeloste.

groetjes,
Ingeborg.

Graag de twee logs in één keer posten.

Hi Abraham,

Dank voor je reactie. Acties zijn uitgevoerd en ik heb de volgende logjes.

# AdwCleaner v2.115 - Verslag gemaakt op 23/03/2013 om 14:40:12
# Geactualiseerd op 17/03/2013 door Xplode
# Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Gebruiker : ronaldk - RONALDK-LAPTOP
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\ronaldk\Downloads\adwcleaner (1).exe
# Optie [Verwijderen]


***** [Diensten] *****


***** [Files / Mappen] *****

File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Verwijdert : C:\Users\ronaldk\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Verwijdert : C:\Users\ronaldk\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Verwijdert : C:\Users\ronaldk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Runner.job
File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
File Verwijdert : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
Map Verwijdert : C:\Program Files\AVG Secure Search
Map Verwijdert : C:\Program Files\OCS
Map Verwijdert : C:\ProgramData\AVG Secure Search
Map Verwijdert : C:\Users\ronaldk\AppData\Local\AVG Secure Search
Map Verwijdert : C:\Users\ronaldk\AppData\Local\AVG Security Toolbar
Map Verwijdert : C:\Users\ronaldk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Map Verwijdert : C:\Users\ronaldk\AppData\Local\PackageAware
Map Verwijdert : C:\Users\ronaldk\AppData\LocalLow\AVG Secure Search
Map Verwijdert : C:\Users\ronaldk\AppData\LocalLow\AVG Security Toolbar
Map Verwijdert : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}
Map Verwijdert : C:\Windows\system32\bProtectorForWindows
Map Verwijdert : C:\Windows\system32\Browser Manager
Verwijdert bij het opstarten : C:\Program Files\Common Files\AVG Secure Search
Verwijdert bij het opstarten : C:\ProgramData\GinyasBrowserCompanion

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\59578fd1b56eba42
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\pdfforge
Sleutel Verwijdert : HKCU\Software\AVG Secure Search
Sleutel Verwijdert : HKCU\Software\AVG Security Toolbar
Sleutel Verwijdert : HKCU\Software\DataMngr
Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserCompanion
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKCU\Software\pdfforge
Sleutel Verwijdert : HKCU\Software\Search Settings
Sleutel Verwijdert : HKLM\SOFTWARE\59578fd1b56eba42
Sleutel Verwijdert : HKLM\Software\AVG Secure Search
Sleutel Verwijdert : HKLM\Software\AVG Security Toolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Sleutel Verwijdert : HKLM\Software\DataMngr
Sleutel Verwijdert : HKLM\Software\GinyasBrowserCompanion
Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Sleutel Verwijdert : HKLM\Software\pdfforge
Sleutel Verwijdert : HKLM\Software\Search Settings
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Browsers] *****

-\\ Internet Explorer v8.0.6001.19019

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v16.0.1 (nl)

File : C:\Users\ronaldk\AppData\Roaming\Mozilla\Firefox\Profiles\33cnnxka.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\ronaldk\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[S1].txt - [381 octets] - [23/03/2013 14:37:48]
AdwCleaner[S2].txt - [10786 octets] - [23/03/2013 14:40:12]

########## EOF - C:\AdwCleaner[S2].txt - [10847 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Gestart vanuit : Normale modus
Gebruiker : ronaldk [Administrator rechten]
Modus : Scan – Datum : 03/23/2013 15:06:37
| ARK || FAK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Register verwijzingen : 6 ¤¤¤
[HJPOL] HKCU\[…]\System : DisableTaskMgr (0) -> gevonden
[HJPOL] HKCU\[…]\System : DisableRegistryTools (0) -> gevonden
[HJ] HKLM\[…]\System : EnableLUA (0) -> gevonden
[HJ SMENU] HKCU\[…]\Advanced : Start_ShowRun (0) -> gevonden
[HJ DESK] HKLM\[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
[HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

¤¤¤ Speciale Files / Folders: ¤¤¤

¤¤¤ Driver : [Geladen] ¤¤¤

¤¤¤ HOSTS Bestand: ¤¤¤
–> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Controle: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++
— User —
[MBR] 7f8c920ef524d73e4e0f13b69f6da472
[BSP] 542233c9b9232c8522bf58bc7eb5b0ca : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482875 | Size: 52234 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 127459710 | Size: 52234 Mo
User = LL1 … OK!
User = LL2 … OK!

+++++ PhysicalDrive1: Samsung G2 Portable +++++
— User —
[MBR] 3dac689a20ee02be2b940a79556353c1
[BSP] 87d7a2399f0f8396abab0e0ad9840603 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2 | Size: 305245 Mo
User = LL1 … OK!
Error reading LL2 MBR!

Gereed : << RKreport[1]_S_03232013_02d1506.txt >>
RKreport[1]_S_03232013_02d1506.txt

groetjes,
Ingeborg.

Je hoeft RogueKiller niet nogmaals te gebruiken.
Wel wil ik graag weten waarom jij Gebruikersaccountbeheer hebt gedeactiveerd.

We gaan verder kijken:

[b:e610f3fe2f]Welk programma[/b:e610f3fe2f]:

Ik heb Combofix geïnstalleerd en gestart volgens de procedure. Kreeg tussentijds nog wel een melding van AVG ondanks dat ik deze heb uitgeschakeld. Programma toegestaan en melding gsloten.

Combofix draait nu al 1.5 uur en er staat alleen nog de eerste melding in het blauwe scherm. Klopt dit wel?

groetjes Ingeborg.

Waarom het gebrukersaccountbeheer stond uitgeschakeld heb ik geen idee van. Ik heb deze laptop langdurig in bruikleen van mijn broer en vermoed dat hij dit gedaan heeft. Ik heb hem inmiddels weer ingeschakeld.

Hallo Ingeborg, verwijder ComboFix maar van het bureaublad en leeg vervolgens de prullenbak.

Start je notebook dan opnieuw op naar Veilige modus met netwerkmogelijkheid.
http://users.telenet.be/marcvn/spyware/veilige-modus.html

Download vervolgens ComboFix opnieuw en start dan de scan.



Post aansluitend de inhoud van het log.

Als een zonnetje via de veilige modus.

Hier de logggegevens:
ComboFix 13-03-24.03 - ronaldk 25-03-2013 9:37.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2045.1556 [GMT 1:00]
Gestart vanuit: c:\users\ronaldk\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\ronaldk\AppData\Local\assembly\tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-02-25 to 2013-03-25 ))))))))))))))))))))))))))))))
.
.
2013-03-25 08:50 . 2013-03-25 08:52 ——– d—–w- c:\users\ronaldk\AppData\Local\temp
2013-03-25 08:50 . 2013-03-25 08:50 ——– d—–w- c:\users\Default\AppData\Local\temp
2013-03-23 13:28 . 2013-03-23 13:35 ——– d—–w- c:\program files\PrintKey2000
2013-03-22 13:46 . 2013-03-22 13:46 ——– d—–w- c:\users\ronaldk\AppData\Roaming\Malwarebytes
2013-03-22 13:44 . 2013-03-22 13:44 ——– d—–w- c:\programdata\Malwarebytes
2013-03-22 13:44 . 2012-12-14 15:49 21104 —-a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 13:44 . 2013-03-22 13:45 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2013-03-10 15:09 . 2013-03-10 15:09 ——– d—–w- c:\windows\ERUNT
2013-03-10 15:09 . 2013-03-10 15:09 ——– d—–w- C:\JRT
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-17 09:31 . 2012-05-03 16:20 693976 —-a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-17 09:31 . 2011-06-07 08:50 73432 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-19 06:42 . 2012-09-04 16:19 33112 —-a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-12 00:39 . 2012-10-12 00:38 261600 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 —-a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 —-a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 —-a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 —-a-w- c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"PrestigoSync"="d:\program files\Philips\PrestigoSync\1.0.15.0\PSDetectorLauncher.exe" [2009-02-06 455544]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"STO Backup Service"="c:\program files\SmarThru Office\BackUpSvr.exe" [2009-07-01 184320]
"STO Launcher Service"="c:\program files\SmarThru Office\LegacyLauncher.exe" [2009-07-01 331776]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-23 614400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390712]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-20 2536752]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-21 5459136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\ronaldk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ronaldk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-30 719664]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2013-3-23 869376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - ECACHE
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-17 08:35 1629648 —-a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 09:31]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-11 17:34]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-11 17:34]
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://nl.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: Afbeelding van selectie - c:\program files\SmarThru Office\WebCapture.dll2.htm
IE: Capture Selection - c:\program files\SmarThru Office\WebCapture.dll2.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Geselecteerde tekst opslaan - c:\program files\SmarThru Office\WebCapture.dll.htm
IE: Opslaan als HTML - c:\program files\SmarThru Office\WebCapture.dll1.htm
IE: Save as HTML - c:\program files\SmarThru Office\WebCapture.dll1.htm
IE: Save Selected Text - c:\program files\SmarThru Office\WebCapture.dll.htm
IE: Send image to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Web Capture - c:\program files\SmarThru Office\WebCapture.dll
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\ronaldk\AppData\Roaming\Mozilla\Firefox\Profiles\33cnnxka.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
FF - ExtSQL: !HIDDEN! 2009-07-09 10:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-Aangifte inkomstenbelasting 2011 - c:\users\ronaldk\Dropbox\Zaak\Administratie\2011\ib2011u.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-UPC Fiber Power Optimizer - c:\programdata\{27B0A538-DF16-44D6-820D-D0B042C42C20}\upc optimizer.exe
AddRemove-{631141AD-79AA-447F-B403-21C704D39B8C} - c:\programdata\{27B0A538-DF16-44D6-820D-D0B042C42C20}\upc optimizer.exe
AddRemove-{A2B58B18-5D04-4006-9713-B6945880746E} - c:\users\ronaldk\AppData\Local\{65B1AA84-C1DF-4A2E-A28C-E242BD7DE4B3}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-25 09:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > 'Explorer.exe'(628)
c:\users\ronaldk\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\Common Files\Intel\WirelessCommon\PsRegApi.dll
c:\program files\Common Files\Intel\WirelessCommon\CustomUIResource.dll
c:\program files\Intel\WiFi\bin\LangResources\NLD\iPCPlNLD.dll
.
Voltooingstijd: 2013-03-25 09:56:26
ComboFix-quarantined-files.txt 2013-03-25 08:56
.
Pre-Run: 2.588.438.528 bytes beschikbaar
Post-Run: 2.703.847.424 bytes beschikbaar
.
- - End Of File - - 5824C620937507A1BD3C03FAB18AB7CD

Laat nu eerst weten hoe het inmiddels met jouw Windows gaat.

Mwah, niet echt om over naar huis te schrijven. Google Chrome werkte niet meer, heb ik inmiddels verwijderd en zit nu via internet explorer. Vanuit Adobe probeer ik nu te printen (snelknop) en deze loopt vast. Deze problemen had ik voorheen niet. Ik ga opnieuw opstarten en kijken wat er dan gebeurt.

Heeft het heropstarten inmiddels geholpen?
Chrome kan je overigens herinstalleren.

[b:dcdd288008][/b:dcdd288008]
[list:dcdd288008]
[*:dcdd288008]Klik op de knop [b:dcdd288008]

Wederom bedankt voor je hulp en antwoord. Hierbij de log van Eset.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ade6f7bf19dc334aad07a00b9e1efc64
# engine=13497
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-27 11:13:56
# local_time=2013-03-28 12:13:56 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1039 16777213 100 99 29272 51556420 0 0
# compatibility_mode=5892 16776574 100 100 93335843 201958764 0 0
# scanned=260417
# found=6
# cleaned=6
# scan_time=17005
sh=2FA20142767ADFA3D34FD2B8408069CD5DC6D107 ft=1 fh=aaac964b3323feac vn="Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\ronaldk\Downloads\installer_ccleaner_Dutch.exe"
sh=C9BB19324790C4367F9D9D0CB0EB4C926943D1E8 ft=1 fh=87fc7a750880b3cd vn="a variant of Win32/MessengerPlus.A application (deleted - quarantined)" ac=C fn="C:\Users\ronaldk\Downloads\Setup.exe"
sh=9FF44FBC3631DEE8E084C1F7B3C798A9826EBD28 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Toolbar.Widgi application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\50cb752.msi"
sh=EC3AC8118C371C72085D2594714DD0C2E0F8EA2C ft=1 fh=3f56712372ca3f9c vn="Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wt5FB3.tmp"
sh=A17BF4722A7BE0C41D706C21FA97F1DB0A18CE33 ft=0 fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="D:\Downloads\W\AInDesign CS5.rar"
sh=EE12993C42E6A6D7E1B4D76C51306E0BB91AC4AE ft=0 fh=0000000000000000 vn="Win32/TrojanDropper.Agent.PUJ trojan (deleted - quarantined)" ac=C fn="D:\Downloads\W\Microsoft Office 2010 Professional+ 32bit (AKTIVATED)\MS-Office-2010.iso"

Vertel nu hoe jouw Windows inmiddels draait.

Ik heb het even aangekeken en heb het idee dat alles weer werkt zoals het zou moeten werken. Geen rare pop-up sites meer en geen rare meldingen. Dank voor al je hulp, chapeau voor je kennis en dat je hiermee anderen belangeloos wilt helpen. Je zult me vast snel terugzien, want heb nog een PC die niet lekker werkt en vast en zeker een opschoning kan gebruiken. Heb de laatste week iedere keer dat internet (LAN) het niet doet (bij andere PC's wel) en pas weer gaat werken na het restarten van de router. Wil je dat ik hier een nieuw topic voor open?