Vraag & Antwoord

Beveiliging & privacy

laptop loopt vast; foutmelding beveiligingsopties

Anoniem
None
75 antwoorden
 • Eerst de updateproblemen.

  Controleer in Services of onderstaande diensten op de juiste wijze zijn ingesteld:

  - Background Intelligent Transfer Server > Opstarttype=Automatisch
  - DCOM Process Server Launcher > Opstarttype=Automatisch
  - Remote Procedure Call (RPC) > Opstarttype=Automatisch
  - RPC Endpoint Mapper > Opstarttype=Automatisch
  - Windows Update > Opstarttype=Automatisch

  Indien je niet weet hoe in Services te geraken:
  [list:6f611d1b74][*:6f611d1b74] ga daarvoor naar Start - Uitvoeren:
  [*:6f611d1b74] kopieer en plak hierin het volgende: [b:6f611d1b74]services.msc[/b:6f611d1b74]
  [*:6f611d1b74] klik daarna op [b:6f611d1b74]OK[/b:6f611d1b74].
  [list:6f611d1b74][*:6f611d1b74]Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken.[/list:u:6f611d1b74][/list:u:6f611d1b74]
 • Ik heb al eens eerder met succes gebruikt gemaakt van dit forum; kijken of dit nu weer lukt:

  Sinds een paar dagen loopt mijn laptop (Vista, ongeveer 5 jaar oud) vast. Reageert dan ook niet meer op normaal afsluiten. dit doe ik dan met de aan/uit knop. Veilige modus gaat goed.
  Als de laptop vast loopt en ik probeer taakbeheer op te starten, dan komt er een foutmelding: Het maken van het dialoogvester voor beveiligingsopties door het proces voor aan…(meer tekst past niet in het kader) Ik druk op OK; krijg een zwart scherm en sta weer vast.
  Heb verschillende scanners gedraaid: Avast, CCleaner, SuperAntispyware, Malwarebytes. De laatstgenoemde vond niets, dus niet nodig een logje te plaatsen.
  Heb een Hijackthis log gemaakt. Ik hoop dat er iemand is die hier na wil kijken en mij kan helpen! :
  Logfile of Trend Micro HijackThis v2.0.5
  Scan saved at 8:13:42, on 24-8-2013
  Platform: Windows Vista SP2 (WinNT 6.00.1906)
  MSIE: Internet Explorer v9.00 (9.00.8112.16502)
  CHROME: 29.0.1547.57

  Boot mode: Safe mode with network support

  Running processes:
  C:\Windows\Explorer.EXE
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Program Files\Hijackthis\HijackThis.exe
  C:\Windows\system32\DllHost.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alawar.co.nl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O3 - Toolbar: (no name) - {f230d1cd-647f-4856-8538-8c0d39e5ecf2} - (no file)
  O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
  O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
  O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
  O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
  O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
  O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
  O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
  O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [Google Update] "C:\Users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
  O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEEM')
  O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
  O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
  O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
  O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
  O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
  O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
  O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
  O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
  O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
  O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
  O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
  O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
  O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
  O23 - Service: Google Update Service (gupdate1c9f67b409fb1c7) (gupdate1c9f67b409fb1c7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
  O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
  O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
  O23 - Service: Online Games Manager (ogmservice) - RealNetworks, Inc. - C:\Program Files\Online Games Manager\ogmservice.exe
  O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
  O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
  O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
  O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
  O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
  O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
  O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
  O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
  O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


  End of file - 8581 bytes

  (Ik weet het, de laptop verouderd, harde schijf loopt vol…. Maar misschien valt er nog wat te verbeteren alvorens een nieuw exemplaar aan te schaffen)
 • Hallo Eline, we gaan kijken - graag de drie logs in één keer posten.


 • Bedankt voor je hulp! Hier de resultaten:

  # AdwCleaner v3.000 - Report created 24/08/2013 at 10:22:52
  # Updated 20/08/2013 by Xplode
  # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
  # Username : Annelie - PC_VAN_BOUIUS
  # Running from : C:\Users\Annelie\Desktop\adwcleaner.exe
  # Option : Clean

  ***** [ Services ] *****


  ***** [ Files / Folders ] *****

  Folder Deleted : C:\ProgramData\AVG Security Toolbar
  Folder Deleted : C:\ProgramData\boost_interprocess
  Folder Deleted : C:\ProgramData\InstallMate
  Folder Deleted : C:\ProgramData\SoftSafe
  Folder Deleted : C:\ProgramData\Trymedia
  Folder Deleted : C:\ProgramData\Alawar Stargaze
  Folder Deleted : C:\ProgramData\AlawarWrapper
  Folder Deleted : C:\ProgramData\Brrowse2save
  Folder Deleted : C:\Program Files\Bandoo
  Folder Deleted : C:\Program Files\Conduit
  Folder Deleted : C:\Program Files\iMesh Applications
  Folder Deleted : C:\Program Files\Trymedia
  Folder Deleted : C:\Users\Annelie\AppData\Local\Conduit
  Folder Deleted : C:\Users\Annelie\AppData\Local\iMesh
  Folder Deleted : C:\Users\Annelie\AppData\LocalLow\AVG Security Toolbar
  Folder Deleted : C:\Users\Annelie\AppData\LocalLow\Conduit
  Folder Deleted : C:\Users\Annelie\AppData\LocalLow\FunWebProducts
  Folder Deleted : C:\Users\Annelie\AppData\LocalLow\mediabarim
  Folder Deleted : C:\Users\Annelie\AppData\LocalLow\PriceGong
  Folder Deleted : C:\Users\Annelie\AppData\LocalLow\MyAshampoo
  Folder Deleted : C:\Users\Annelie\AppData\Roaming\DriverCure
  Folder Deleted : C:\Users\Annelie\AppData\Roaming\dvdvideosoftiehelpers
  Folder Deleted : C:\Users\Annelie\AppData\Roaming\iWin
  Folder Deleted : C:\Users\Annelie\AppData\Roaming\ParetoLogic
  Folder Deleted : C:\Users\Annelie\AppData\Roaming\Systweak
  Folder Deleted : C:\Users\Annelie\AppData\Roaming\Alawar Stargaze
  Folder Deleted : C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
  Folder Deleted : C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\Extensions\p9n9_awgb@avmav-.net
  File Deleted : C:\Windows\system32\roboot.exe
  File Deleted : C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\user.js

  ***** [ Shortcuts ] *****


  ***** [ Registry ] *****

  Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [p9n9_awgb@avmav-.net]
  Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
  Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
  Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
  Key Deleted : HKLM\SOFTWARE\Classes\AppID\
  Key Deleted : HKLM\SOFTWARE\Classes\AppID\
  Key Deleted : HKLM\SOFTWARE\Classes\AppID\
  Key Deleted : HKLM\SOFTWARE\Classes\AppID\
  Key Deleted : HKLM\SOFTWARE\Classes\AppID\
  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
  Key Deleted : HKLM\SOFTWARE\Classes\CLSID\
  Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
  Key Deleted : HKLM\SOFTWARE\Classes\Interface\
  Key Deleted : HKLM\SOFTWARE\Classes\Interface\
  Key Deleted : HKLM\SOFTWARE\Classes\Interface\
  Key Deleted : HKLM\SOFTWARE\Classes\Interface\
  Key Deleted : HKLM\SOFTWARE\Classes\Interface\
  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
  Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\
  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\
  Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2DB9E23-17E8-4A40-BF7F-BC17D974E1DD}
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED736C84-975C-4D72-A847-0AB2199C8CB6}
  Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
  Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\
  Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
  Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
  Key Deleted : HKCU\Software\APN PIP
  Key Deleted : HKCU\Software\Softonic
  Key Deleted : HKCU\Software\systweak
  Key Deleted : HKCU\Software\YahooPartnerToolbar
  Key Deleted : HKCU\Software\
  Key Deleted : HKCU\Software\
  Key Deleted : HKLM\Software\AVG Security Toolbar
  Key Deleted : HKLM\Software\Conduit
  Key Deleted : HKLM\Software\conduitEngine
  Key Deleted : HKLM\Software\DataMngr
  Key Deleted : HKLM\Software\MyAshampoo\toolbar
  Key Deleted : HKLM\Software\PIP
  Key Deleted : HKLM\Software\SProtector
  Key Deleted : HKLM\Software\systweak
  Key Deleted : HKLM\Software\
  Key Deleted : HKLM\Software\MyAshampoo
  Key Deleted : HKLM\Software\
  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\
  Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
  Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\

  ***** [ Browsers ] *****

  -\\ Internet Explorer v9.0.8112.16502

  Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

  -\\ Mozilla Firefox v

  [ File : C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\prefs.js ]


  -\\ Google Chrome v

  [ File : C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


  *************************

  AdwCleaner[R0].txt - [11539 octets] - [24/08/2013 10:12:11]
  AdwCleaner[R1].txt - [11600 octets] - [24/08/2013 10:21:08]
  AdwCleaner[S0].txt - [8265 octets] - [24/08/2013 10:22:52]

  ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8325 octets] ##########


  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Junkware Removal Tool (JRT) by Thisisu
  Version: 5.5.4 (08.22.2013:1)
  OS: Windows Vista (TM) Home Premium x86
  Ran by Annelie on za 24-08-2013 at 10:33:47,24
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ~~~ Services  ~~~ Registry Values  ~~~ Registry Keys

  Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
  Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\uniblue
  Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
  Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B33E9814-8BB4-4A1C-9BDD-D5E81BD5C091}  ~~~ Files

  Successfully deleted: [File] C:\Windows\system32\shoB9A8.tmp
  Successfully deleted: [File] C:\Windows\system32\shoF323.tmp  ~~~ Folders

  Successfully deleted: [Folder] "C:\ProgramData\big fish games"
  Successfully deleted: [Folder] "C:\ProgramData\fighters"
  Successfully deleted: [Folder] "C:\Users\Annelie\AppData\Roaming\big fish games"
  Successfully deleted: [Folder] "C:\Users\Annelie\AppData\Roaming\fighters"
  Successfully deleted: [Folder] "C:\Users\Annelie\AppData\Roaming\goforfiles"
  Successfully deleted: [Folder] "C:\Users\Annelie\AppData\Roaming\uniblue\speedupmypc"
  Successfully deleted: [Folder] "C:\Program Files\goforfiles"
  Successfully deleted: [Empty Folder] C:\Users\Annelie\appdata\local\{A2729467-2A7C-4E8D-895F-A60E324BED1F}
  Successfully deleted: [Empty Folder] C:\Users\Annelie\appdata\local\{A8ACDE4D-647B-4C28-B02C-6A3C3194A568}
  Successfully deleted: [Empty Folder] C:\Users\Annelie\appdata\local\{BBC54A1F-83A2-4E88-B0C5-A57F0DA7A451}
  Successfully deleted: [Empty Folder] C:\Users\Annelie\appdata\local\{E40BE0F5-FDEB-4523-89F2-6221F6CFECA9}  ~~~ Event Viewer Logs were cleared

  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Scan was completed on za 24-08-2013 at 10:35:41,55
  End of JRT log
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
  mail : tigzyRK<at>gmail<dot>com
  Feedback : http://www.adlice.com/forum/
  Website : http://www.adlice.com/softwares/roguekiller/
  Blog : http://tigzyrk.blogspot.com/

  besturingssysteem : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
  Gestart vanuit : Veilige modus met netwerk ondersteuning
  Gebruiker : Annelie [Administrator rechten]
  Modus : Scan – Datum : 08/24/2013 10:39:03
  | ARK || FAK || MBR |

  &curren;&curren;&curren; Kwaadaardige processen : 0 &curren;&curren;&curren;

  &curren;&curren;&curren; Register verwijzingen : 7 &curren;&curren;&curren;
  [RUN][SUSP PATH] HKCU\[…]\Run : Google Update ("C:\Users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> gevonden
  [RUN][SUSP PATH] HKUS\S-1-5-21-3664994681-2771770649-958364049-1000\[…]\Run : Google Update ("C:\Users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> gevonden
  [HJ POL] HKCU\[…]\System : DisableTaskMgr (0) -> gevonden
  [HJ POL] HKCU\[…]\System : DisableRegistryTools (0) -> gevonden
  [HJ POL] HKLM\[…]\System : DisableRegistryTools (0) -> gevonden
  [HJ DESK] HKLM\[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
  [HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

  &curren;&curren;&curren; geplande taken : 2 &curren;&curren;&curren;
  [V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job : C:\Users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> gevonden
  [V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job : C:\Users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> gevonden

  &curren;&curren;&curren; Startup Entries : 0 &curren;&curren;&curren;

  &curren;&curren;&curren; webbrowsers : 0 &curren;&curren;&curren;

  &curren;&curren;&curren; Speciale Files / Folders: &curren;&curren;&curren;

  &curren;&curren;&curren; Driver : [Niet geladen 0xc000035f] &curren;&curren;&curren;

  &curren;&curren;&curren; Externe Hives: &curren;&curren;&curren;

  &curren;&curren;&curren; Infectie : &curren;&curren;&curren;

  &curren;&curren;&curren; HOSTS Bestand: &curren;&curren;&curren;
  –> %SystemRoot%\System32\drivers\etc\hosts


  127.0.0.1 localhost


  &curren;&curren;&curren; MBR Controle: &curren;&curren;&curren;

  +++++ PhysicalDrive0: TOSHIBA MK1652GSX +++++
  — User —
  [MBR] 95317f4ed211d593ce5e8f6e58c6d935
  [BSP] 7296854703d6b267fd937391933a27d1 : Windows Vista MBR Code
  Partition table:
  0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
  1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 76154 Mo
  2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 159037440 | Size: 74971 Mo
  User = LL1 … OK!
  User = LL2 … OK!

  Gereed : << RKreport[0]_S_08242013_103903.txt >>
 • [b:c91f02b485]Download [img:c91f02b485]http://www.imgdumper.nl/uploads6/51c590ce3cf4a/51c590ce361e7-ComboFix_resized_2.png[/img:c91f02b485]
 • Ik heb het e.e.a. nog steeds in de veilige modus gedaan. Kreeg tijdens de uitvoering van combifix wel een waarschuwing dat de realtime scanner van Avast actief zou zijn. Ik zie echter rechtsonderin geen Avast pictogram. Ik heb toen Avast proberen te openen via het pictogram op het bureaublad, maar toen gaf de pc de volgende fout:
  Failed to load language dll [1033/UlLangeRes,dll]. Ik heb Combifix maar gewoon laten draaien. Dit is het resultaat:

  ComboFix 13-08-22.01 - Annelie 24-08-2013 11:09:09.1.2 - x86 NETWORK
  Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2939.2337 [GMT 2:00]
  Gestart vanuit: c:\users\Annelie\Desktop\ComboFix.exe
  AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
  SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
  SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  .
  .
  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  C:\prefs.js
  c:\users\Annelie\AppData\Roaming\Roaming
  c:\windows\unin0413.exe
  c:\windows\wininit.ini
  .
  .
  (((((((((((((((((((( Bestanden Gemaakt van 2013-07-24 to 2013-08-24 ))))))))))))))))))))))))))))))
  .
  .
  2013-08-24 09:17 . 2013-08-24 09:17 ——– d—–w- c:\users\Annelie\AppData\Local\temp
  2013-08-24 08:33 . 2013-08-24 08:33 ——– d—–w- c:\windows\ERUNT
  2013-08-24 08:12 . 2013-08-24 08:23 ——– d—–w- C:\AdwCleaner
  2013-08-23 13:40 . 2013-08-06 07:28 7166848 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15DB44C6-14A4-427F-951C-DFDB1E73128C}\mpengine.dll
  2013-08-22 19:06 . 2013-08-22 19:06 ——– d—–w- c:\program files\Youda Mystery The Stanwick Legacy
  2013-08-22 18:01 . 2013-08-22 18:01 ——– d—–w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
  2013-08-22 18:00 . 2013-08-22 18:37 ——– d—–w- c:\program files\IObit
  2013-08-22 17:57 . 2013-08-22 18:00 ——– d—–w- c:\users\Annelie\AppData\Roaming\Wise Registry Cleaner
  2013-08-22 17:56 . 2013-08-22 17:56 ——– d—–w- c:\program files\Wise
  2013-08-22 15:19 . 2009-06-04 17:43 330264 —-a-w- c:\windows\system32\drivers\iaStor.sys
  2013-08-19 19:38 . 2013-08-19 19:38 ——– d—–w- c:\users\Annelie\AppData\Local\iLinc
  2013-08-17 07:47 . 2013-04-04 12:50 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
  2013-08-17 07:47 . 2013-08-17 07:47 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
  2013-08-15 19:14 . 2013-08-15 19:14 ——– d—–w- c:\users\Annelie\AppData\Roaming\DieselPuppet
  2013-08-14 13:12 . 2013-08-14 13:12 ——– d—–w- C:\Intel
  2013-08-14 13:08 . 2013-08-14 13:08 80488 —-a-w- c:\windows\system32\RtNicProp32.dll
  2013-08-14 13:08 . 2013-08-14 13:08 454288 —-a-w- c:\windows\system32\drivers\Rtlh86.sys
  2013-08-14 13:04 . 2013-08-14 13:04 852824 —-a-w- c:\windows\system32\RTKSMSettingsIPC.dll
  2013-08-14 12:59 . 2013-08-22 18:01 ——– d—–w- c:\programdata\IObit
  2013-08-14 12:59 . 2013-08-22 18:06 ——– d—–w- c:\users\Annelie\AppData\Roaming\IObit
  2013-08-14 12:19 . 2013-06-15 11:23 24064 —-a-w- c:\windows\system32\drivers\tssecsrv.sys
  2013-08-14 12:19 . 2013-06-15 13:22 15872 —-a-w- c:\windows\system32\icaapi.dll
  2013-08-14 12:19 . 2013-07-05 04:53 905664 —-a-w- c:\windows\system32\drivers\tcpip.sys
  2013-08-14 12:19 . 2013-07-17 19:41 2048 —-a-w- c:\windows\system32\tzres.dll
  2013-08-14 12:19 . 2013-07-10 09:47 783360 —-a-w- c:\windows\system32\rpcrt4.dll
  2013-08-14 12:19 . 2013-07-09 12:10 1205168 —-a-w- c:\windows\system32\ntdll.dll
  2013-08-14 12:19 . 2013-07-08 04:55 3603904 —-a-w- c:\windows\system32\ntkrnlpa.exe
  2013-08-14 12:19 . 2013-07-08 04:55 3551680 —-a-w- c:\windows\system32\ntoskrnl.exe
  2013-08-14 12:18 . 2013-07-08 04:16 133120 —-a-w- c:\windows\system32\cryptsvc.dll
  2013-08-14 12:18 . 2013-07-08 04:16 992768 —-a-w- c:\windows\system32\crypt32.dll
  2013-08-14 12:18 . 2013-07-08 04:20 172544 —-a-w- c:\windows\system32\wintrust.dll
  2013-08-14 12:18 . 2013-07-08 04:16 98304 —-a-w- c:\windows\system32\cryptnet.dll
  2013-08-09 19:51 . 2013-08-09 19:51 ——– d—–w- c:\users\Annelie\AppData\Roaming\AlawarEntertainment
  .
  .
  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2013-08-14 13:09 . 2009-07-17 14:48 268832 —-a-w- c:\windows\system32\igfxsrvc.exe
  2013-08-14 13:09 . 2009-07-17 14:48 138784 —-a-w- c:\windows\system32\igfxtray.exe
  2013-08-14 13:09 . 2008-08-19 11:04 57856 —-a-w- c:\windows\system32\igfxsrvc.dll
  2013-08-14 13:09 . 2008-08-19 11:04 261632 —-a-w- c:\windows\system32\igfxTMM.dll
  2013-08-14 13:09 . 2009-07-17 14:48 86016 —-a-w- c:\windows\system32\igfxrnld.lrc
  2013-08-14 13:09 . 2008-08-19 11:04 828928 —-a-w- c:\windows\system32\igfxress.dll
  2013-08-14 13:09 . 2009-07-17 14:48 173600 —-a-w- c:\windows\system32\igfxpers.exe
  2013-08-14 13:09 . 2008-08-19 11:04 228864 —-a-w- c:\windows\system32\igfxdev.dll
  2013-08-14 13:09 . 2009-07-17 14:48 172064 —-a-w- c:\windows\system32\hkcmd.exe
  2013-08-14 13:09 . 2008-08-19 11:04 95232 —-a-w- c:\windows\system32\hccutils.dll
  2013-08-14 13:08 . 2009-11-12 06:24 100896 —-a-w- c:\windows\system32\RTNUninst32.dll
  2013-08-14 13:04 . 2008-11-19 13:01 3237448 —-a-w- c:\windows\system32\RtkAPO.dll
  2013-07-25 07:46 . 2013-07-25 07:46 97008 —-a-w- c:\windows\system32\drivers\RapportKELL.sys
  2013-07-14 07:47 . 2012-03-30 05:56 692104 —-a-w- c:\windows\system32\FlashPlayerApp.exe
  2013-07-14 07:47 . 2011-05-24 13:12 71048 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  2013-06-28 09:59 . 2013-03-05 06:06 175176 —-a-w- c:\windows\system32\drivers\aswVmm.sys
  2013-06-28 09:59 . 2011-04-29 16:02 369584 —-a-w- c:\windows\system32\drivers\aswSP.sys
  2013-06-28 09:59 . 2011-04-29 16:02 770344 —-a-w- c:\windows\system32\drivers\aswSnx.sys
  2013-06-27 18:19 . 2013-06-27 18:19 94632 —-a-w- c:\windows\system32\WindowsAccessBridge.dll
  2013-06-27 18:19 . 2012-06-24 15:01 867240 —-a-w- c:\windows\system32\npdeployJava1.dll
  2013-06-27 18:19 . 2010-06-05 13:13 789416 —-a-w- c:\windows\system32\deployJava1.dll
  2013-06-04 01:50 . 2013-07-10 06:07 2049024 —-a-w- c:\windows\system32\win32k.sys
  2013-06-01 04:06 . 2013-07-10 06:07 505344 —-a-w- c:\windows\system32\qedit.dll
  .
  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
  REGEDIT4
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
  @="{472083B0-C522-11CF-8763-00608CC02F24}"
  [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
  2013-05-09 08:58 121968 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll
  .
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
  "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
  "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-08-14 11930696]
  "WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
  "KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
  "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
  "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
  "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
  "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
  "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
  "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-14 138784]
  "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-14 172064]
  "Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-14 173600]
  .
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "EnableUIADesktopToggle"= 0 (0x0)
  .
  [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
  "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
  .
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
  @=""
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
  @="Driver"
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
  @="Driver"
  .
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
  @="Service"
  .
  [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.83u1.lnk]
  path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FreeRapid 0.83u1.lnk
  backup=c:\windows\pss\FreeRapid 0.83u1.lnk.Startup
  backupExtension=.Startup
  .
  [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
  path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
  backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
  backupExtension=.Startup
  .
  [HKLM\~\startupfolder\C:^Users^Annelie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0 .lnk]
  path=c:\users\Annelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0 .lnk
  backup=c:\windows\pss\OpenOffice.org 3.0 .lnk.Startup
  backupExtension=.Startup
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
  2013-08-17 08:09 5703920 —-a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
  2013-03-22 04:07 248208 —-a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPRO]
  2010-10-26 13:00 1050072 —-a-w- c:\program files\Toshiba TEMPRO\TemproTray.exe
  .
  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  "Google Update"="c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
  "DisableMonitoring"=dword:00000001
  .
  S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
  .
  .
  — Andere Services/Drivers In Geheugen —
  .
  *NewlyCreated* - ECACHE
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
  HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
  hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
  .
  Inhoud van de 'Gedeelde Taken' map
  .
  2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
  - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:47]
  .
  2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29]
  .
  2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 16:29]
  .
  2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000Core.job
  - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15]
  .
  2013-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3664994681-2771770649-958364049-1000UA.job
  - c:\users\Annelie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-06 13:15]
  .
  .
  ——- Bijkomende Scan ——-
  .
  mStart Page = hxxp://alawar.co.nl
  mSearch Bar = hxxp://www.google.com
  uInternet Settings,ProxyOverride = *.local
  Trusted Zone: microsoft.com\www
  TCP: DhcpNameServer = 192.168.1.1
  .
  - - - - ORPHANS VERWIJDERD - - - -
  .
  Toolbar-{f230d1cd-647f-4856-8538-8c0d39e5ecf2} - (no file)
  SafeBoot-SolutoService
  MSConfigStartUp-PowerSuite - c:\program files\Uniblue\PowerSuite\launcher.exe
  .
  .
  .
  **************************************************************************
  .
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2013-08-24 11:17
  Windows 6.0.6002 Service Pack 2 NTFS
  .
  scannen van verborgen processen …
  .
  scannen van verborgen autostart items …
  .
  scannen van verborgen bestanden …
  .
  Scan succesvol afgerond
  verborgen bestanden: 0
  .
  **************************************************************************
  .
  ——————— VERGRENDELDE REGISTER SLEUTELS ———————
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  "MSCurrentCountry"=dword:0000007b
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  Voltooingstijd: 2013-08-24 11:19:51
  ComboFix-quarantined-files.txt 2013-08-24 09:19
  .
  Pre-Run: 15.969.943.552 bytes beschikbaar
  Post-Run: 16.840.736.768 bytes beschikbaar
  .
  - - End Of File - - FE45FED81167A531FD4FB8A68FC8B71A
  5C616939100B85E558DA92B899A0FC36
 • Hoi Eline, verwijder alles wat je van Iobit in jouw Windows hebt.
  Iobit is een Chinese softwareleverancier die het niet bepaald nauw neemt met andermans software eigendommen!

  Download de [img:74a1a97478]http://www.imgdumper.nl/uploads6/51a46c3b1810a/51a46c3b17d42-HitmanPro-logo16px.png[/img:74a1a97478] [b:74a1a97478]
 • [code:1:7707f6eb86]
  HitmanPro 3.7.7.203
  www.hitmanpro.com

  Computer name . . . . : PC_VAN_BOUIUS
  Windows . . . . . . . : 6.0.2.6002.X86/2
  Safe Mode Boot . . . : NETWORK
  User name . . . . . . : PC_van_bouius\Annelie
  UAC . . . . . . . . . : Disabled
  License . . . . . . . : Trial (30 days left)

  Scan date . . . . . . : 2013-08-24 14:06:28
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 3m 12s
  Disk access mode . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot . . . . . . . : Yes

  Threats . . . . . . . : 6
  Traces . . . . . . . : 201

  Objects scanned . . . : 1.857.722
  Files scanned . . . . : 26.748
  Remnants scanned . . : 377.454 files / 1.453.520 keys

  Suspicious files ____________________________________________________________

  C:\Users\Annelie\AppData\Roaming\LeeGT-Games\Jet Set Go\install\CB98F35\Jet Set Go.exe
  Size . . . . . . . : 8.369.496 bytes
  Age . . . . . . . : 855.3 days (2011-04-22 07:11:18)
  Entropy . . . . . : 7.7
  SHA-256 . . . . . : E3C5367A7C8EC47836DEA122B145C62B4CCB36BA5E16FB942B35D11F3329EFEC
  Version . . . . . : 3.3.0.63135
  RSA Key Size . . . : 1024
  Authenticode . . . : Invalid
  Fuzzy . . . . . . : 27.0
  Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
  Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
  Authors name is missing in version info. This is not common to most programs.
  Program contains PE structure anomalies. This is not typical for most programs.

  C:\Windows\system32\igfxdev.dll -> Quarantined
  Size . . . . . . . : 228.864 bytes
  Age . . . . . . . : 10.0 days (2013-08-14 15:09:43)
  Entropy . . . . . : 6.5
  SHA-256 . . . . . : D8A4AD4FFAB2C0F9A8E5DB8985CC9D0C25C9B7BB03B981249DB812B81E90748C
  Product . . . . . : Intel(R) Common User Interface
  Publisher . . . . : Intel Corporation
  Description . . . : igfxdev Module
  Version . . . . . : 8.15.10.2869
  Copyright . . . . : Copyright 1999-2006, Intel Corporation
  Fuzzy . . . . . . : 24.0
  This file was most recently added as automatic startup.
  Automatically starts as notification package during interactive logon. Malware tends to start this way.
  Program starts automatically without user intervention.
  The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
  Time indicates that the file appeared recently on this computer.
  Startup
  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\
  Forensic Cluster
  -27.9s C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_14fa1fff\
  -27.9s C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_14fa1fff\component.man
  -27.9s C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_14fa1fff\component.man
  -27.9s C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_14fa1fff\component.man
  -27.0s C:\Windows\inf\oem31.inf
  -26.4s C:\Windows\inf\oem31.PNF
  -26.4s C:\Windows\inf\oem31.PNF
  -26.4s C:\Windows\inf\oem31.PNF
  -24.4s C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem31.CAT
  -23.7s C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_14fa1fff\netrtx32.PNF
  -23.7s C:\Windows\System32\DriverStore\FileRepository\netrtx32.inf_14fa1fff\netrtx32.PNF
  -11.1s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\d3dx10_40.dll
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.de-DE.resources
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.da-DK.resources
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.ar-SA.resources
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.cs-CZ.resources
  -10.8s C:\Windows\System32\Gfxres.ar-SA.resources
  -10.8s C:\Windows\System32\Gfxres.cs-CZ.resources
  -10.8s C:\Windows\System32\Gfxres.cs-CZ.resources
  -10.8s C:\Windows\System32\Gfxres.cs-CZ.resources
  -10.8s C:\Windows\System32\Gfxres.da-DK.resources
  -10.8s C:\Windows\System32\Gfxres.de-DE.resources
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.el-GR.resources
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.en-US.resources
  -10.8s C:\Windows\System32\Gfxres.el-GR.resources
  -10.8s C:\Windows\System32\Gfxres.en-US.resources
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.fi-FI.resources
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.he-IL.resources
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.es-ES.resources
  -10.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.fr-FR.resources
  -10.8s C:\Windows\System32\Gfxres.es-ES.resources
  -10.8s C:\Windows\System32\Gfxres.fi-FI.resources
  -10.8s C:\Windows\System32\Gfxres.fr-FR.resources
  -10.8s C:\Windows\System32\Gfxres.he-IL.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.hu-HU.resources
  -10.7s C:\Windows\System32\Gfxres.hu-HU.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.it-IT.resources
  -10.7s C:\Windows\System32\Gfxres.it-IT.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.ja-JP.resources
  -10.7s C:\Windows\System32\Gfxres.ja-JP.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.nb-NO.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.ko-KR.resources
  -10.7s C:\Windows\System32\Gfxres.ko-KR.resources
  -10.7s C:\Windows\System32\Gfxres.nb-NO.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.nl-NL.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.pl-PL.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.pt-BR.resources
  -10.7s C:\Windows\System32\Gfxres.nl-NL.resources
  -10.7s C:\Windows\System32\Gfxres.pl-PL.resources
  -10.7s C:\Windows\System32\Gfxres.pt-BR.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.sk-SK.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.pt-PT.resources
  -10.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.ru-RU.resources
  -10.7s C:\Windows\System32\Gfxres.pt-PT.resources
  -10.7s C:\Windows\System32\Gfxres.ru-RU.resources
  -10.7s C:\Windows\System32\Gfxres.sk-SK.resources
  -10.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.th-TH.resources
  -10.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.sl-SI.resources
  -10.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.sv-SE.resources
  -10.6s C:\Windows\System32\Gfxres.sl-SI.resources
  -10.6s C:\Windows\System32\Gfxres.sv-SE.resources
  -10.6s C:\Windows\System32\Gfxres.th-TH.resources
  -10.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.zh-CN.resources
  -10.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.tr-TR.resources
  -10.6s C:\Windows\System32\Gfxres.tr-TR.resources
  -10.6s C:\Windows\System32\Gfxres.zh-CN.resources
  -10.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\gfxSrvc.dll
  -10.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\Gfxres.zh-TW.resources
  -10.6s C:\Windows\System32\gfxSrvc.dll
  -10.6s C:\Windows\System32\Gfxres.zh-TW.resources
  -10.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\GfxUI.exe
  -10.6s C:\Windows\System32\GfxUI.exe
  -9.4s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\GfxUI.exe.config
  -9.4s C:\Windows\System32\GfxUI.exe.config
  -9.4s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\hccutils.dll
  -9.4s C:\Windows\System32\hccutils.dll
  -9.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\hkcmd.exe
  -9.3s C:\Windows\System32\hkcmd.exe
  -9.3s C:\Windows\System32\hkcmd.exe
  -8.9s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\ig4icd32.dll
  -8.9s C:\Windows\System32\ig4icd32.dll
  -5.9s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igcompkrng500.bin
  -5.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igd10umd32.dll
  -5.7s C:\Windows\System32\igd10umd32.dll
  -4.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igdkmd32.sys
  -4.3s C:\Windows\System32\drivers\igdkmd32.sys
  -2.0s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igdumd32.dll
  -2.0s C:\Windows\System32\igdumd32.dll
  -0.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igdumdx32.dll
  -0.2s C:\Windows\System32\igdumdx32.dll
  -0.0s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfcg500m.bin
  -0.0s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxcpl.cpl
  -0.0s C:\Windows\System32\igfxcpl.cpl
  0.0s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxdev.dll
  0.0s C:\Windows\System32\igfxdev.dll
  0.1s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\IGFXDEVLib.dll
  0.1s C:\Windows\System32\IGFXDEVLib.dll
  0.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxdo.dll
  0.2s C:\Windows\System32\igfxdo.dll
  0.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxexps.dll
  0.2s C:\Windows\System32\igfxexps.dll
  0.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxext.exe
  0.2s C:\Windows\System32\igfxext.exe
  0.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxpers.exe
  0.3s C:\Windows\System32\igfxpers.exe
  0.3s C:\Windows\System32\igfxpers.exe
  0.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxpph.dll
  0.3s C:\Windows\System32\igfxpph.dll
  0.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrara.lrc
  0.3s C:\Windows\System32\igfxrara.lrc
  0.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrchs.lrc
  0.3s C:\Windows\System32\igfxrchs.lrc
  0.4s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrcht.lrc
  0.4s C:\Windows\System32\igfxrcht.lrc
  0.4s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrcsy.lrc
  0.4s C:\Windows\System32\igfxrcsy.lrc
  0.4s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrdan.lrc
  0.4s C:\Windows\System32\igfxrdan.lrc
  0.4s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrdeu.lrc
  0.4s C:\Windows\System32\igfxrdeu.lrc
  0.5s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrell.lrc
  0.5s C:\Windows\System32\igfxrell.lrc
  0.5s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrenu.lrc
  0.5s C:\Windows\System32\igfxrenu.lrc
  0.5s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxresn.lrc
  0.5s C:\Windows\System32\igfxresn.lrc
  0.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxress.dll
  0.6s C:\Windows\System32\igfxress.dll
  0.9s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrfin.lrc
  0.9s C:\Windows\System32\igfxrfin.lrc
  0.9s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrfra.lrc
  0.9s C:\Windows\System32\igfxrfra.lrc
  0.9s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrheb.lrc
  0.9s C:\Windows\System32\igfxrheb.lrc
  1.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrhun.lrc
  1.2s C:\Windows\System32\igfxrhun.lrc
  1.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrita.lrc
  1.2s C:\Windows\System32\igfxrita.lrc
  1.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrjpn.lrc
  1.2s C:\Windows\System32\igfxrjpn.lrc
  1.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrkor.lrc
  1.2s C:\Windows\System32\igfxrkor.lrc
  1.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrnld.lrc
  1.3s C:\Windows\System32\igfxrnld.lrc
  1.3s C:\Windows\System32\igfxrnld.lrc
  1.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrnor.lrc
  1.3s C:\Windows\System32\igfxrnor.lrc
  1.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrplk.lrc
  1.3s C:\Windows\System32\igfxrplk.lrc
  1.3s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrptb.lrc
  1.3s C:\Windows\System32\igfxrptb.lrc
  1.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrptg.lrc
  1.6s C:\Windows\System32\igfxrptg.lrc
  1.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrrus.lrc
  1.6s C:\Windows\System32\igfxrrus.lrc
  1.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrsky.lrc
  1.6s C:\Windows\System32\igfxrsky.lrc
  1.6s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrslv.lrc
  1.6s C:\Windows\System32\igfxrslv.lrc
  1.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrsve.lrc
  1.7s C:\Windows\System32\igfxrsve.lrc
  1.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrtha.lrc
  1.8s C:\Windows\System32\igfxrtha.lrc
  1.8s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxrtrk.lrc
  1.8s C:\Windows\System32\igfxrtrk.lrc
  1.9s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxsrvc.dll
  1.9s C:\Windows\System32\igfxsrvc.dll
  1.9s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxsrvc.exe
  1.9s C:\Windows\System32\igfxsrvc.exe
  1.9s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxTMM.dll
  1.9s C:\Windows\System32\igfxTMM.dll
  2.0s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igfxtray.exe
  2.0s C:\Windows\System32\igfxtray.exe
  2.0s C:\Windows\System32\igfxtray.exe
  2.9s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igkrng500.bin
  3.4s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\iglhcp32.dll
  3.4s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\iglhsip32.dll
  3.4s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\iglhxa32.cpa
  4.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\iglhxg32.vp
  4.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\iglhxa32.vp
  4.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\iglhxc32.vp
  4.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\iglhxo32.vp
  4.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\iglhxs32.vp
  4.2s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\igxpco32.dll
  4.2s C:\Windows\System32\iglhxs32.vp
  4.2s C:\Windows\System32\igfxCoIn_v2869.dll
  4.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\kit49659.inf
  4.7s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\kit49659.cat
  6.1s C:\Windows\System32\DriverStore\FileRepository\kit49659.inf_b4c6ff77\TVWSetup.exe
  6.1s C:\Windows\System32\TVWSetup.exe


  Malware remnants ____________________________________________________________

  HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}\ (Adware.MyWebSearch) -> Deleted

  Cookies _____________________________________________________________________

  C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
  C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
  C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
  C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
  C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
  C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com
  C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\Cookies:tpgpost.122.2o7.net
  C:\Users\Annelie\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\1BRFTBMX.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\2MFSCW7Y.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\342Y21YC.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\4B9ZMF5S.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\4SMYKCD5.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\7MASH8IU.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\8NVU0Q8N.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\9WRWXEJ7.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\D8QHVRHV.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\F241CBXD.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\FE70F8UP.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\HZ8WEXH8.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\N5UE1LXV.txt
  C:\Users\Annelie\AppData\Roaming\Microsoft\Windows\Cookies\YVT3IJ2G.txt


  [/code:1:7707f6eb86]
 • Ik heb overigens alleen een lege map van Iobit kunnen vinden en verwijdert. Zou niet weten wat er nog meer van Iobit op mijn pc staat!
 • [quote:ab4c18ffdb="eline"]Ik heb overigens alleen een lege map van Iobit kunnen vinden en verwijdert. Zou niet weten wat er nog meer van Iobit op mijn pc staat![/quote:ab4c18ffdb]

  O sorry, ik snap het al. Heb in de combifix log gekeken en alles met Iobit opgezocht en verwijderd. Neem aan dat je het zo bedoelde. :oops:
 • Ik wil graag dat jij nu een Schijfcontrole gaat doen.

  Klik daarvoor Computer open en vraag vervolgens de [b:276c52a131]Eigenschappen[/b:276c52a131] van –> "C" op.
  Klik nu op de tab [b:276c52a131]Extra[/b:276c52a131]

  Klik vervolgens op de knop [b:276c52a131]Nu controleren[/b:276c52a131] in het gedeelte waar staat "Hiermee kunt u het station op fouten controleren".

  In het nieuwe venstertje zorg je ervoor dat beide opties aangevinkt zijn.
  Vervolgens krijg je de melding dat Windows voor die actie moet herstarten.

  Doe dat dan ook.

  Hierdoor wordt de systeemschijf niet alleen op clusterfouten gecontroleerd, maar ook op fouten in het bestandssysteem die dan gerepareerd worden.

  Afhankelijk van de omvanggrootte van Windows en de grootte van de schijven, kan deze scan enige tijd in beslag nemen!
 • Ik heb schijfcontrole uitgevoerd. Zowel van de C-schijf als de E-schijf.
  Heb nu de pc normaal opgestart, maar Int Expl werkt niet (wèl in veilige modus) en Avast werkt ook niet. Daarvan krijg ik die foutmelding: Failed to load language dll [1033\UlLangeRes.dll]
  Wat is er toch allemaal aan de hand? :o
 • [b:d7b0492daa]Doe de [img:d7b0492daa]http://www.imgdumper.nl/uploads7/51e818553fadd/51e818553f6fd-EsetCanned.png[/img:d7b0492daa][/b:d7b0492daa]
  [list:d7b0492daa]
  [*:d7b0492daa]Klik op de blauwe knop [b:d7b0492daa]Run ESET Online Scanner[/b:d7b0492daa]
  [*:d7b0492daa]Zet een vinkje bij [b:d7b0492daa]YES, I accept the Terms of Use[/b:d7b0492daa]
  [*:d7b0492daa]Klik op [b:d7b0492daa]Start[/b:d7b0492daa]
  [*:d7b0492daa]Sta het [b:d7b0492daa]ActiveX control[/b:d7b0492daa] toe om te installeren.
  [*:d7b0492daa]Zet een vinkje bij de volgende opties:
  [list:d7b0492daa][*:d7b0492daa][b:d7b0492daa][i:d7b0492daa]Remove found threats[/i:d7b0492daa][/b:d7b0492daa]
  [*:d7b0492daa][b:d7b0492daa][i:d7b0492daa]Scan archives[/i:d7b0492daa][/b:d7b0492daa][/list:u:d7b0492daa]
  [*:d7b0492daa]Klik vervolgens op [b:d7b0492daa]Advanced Settings[/b:d7b0492daa]
  [list:d7b0492daa][*:d7b0492daa][b:d7b0492daa][i:d7b0492daa]Scan for potentially unwanted applications[/i:d7b0492daa][/b:d7b0492daa]
  [*:d7b0492daa][b:d7b0492daa][i:d7b0492daa]Scan for potentially unsafe applications[/i:d7b0492daa][/b:d7b0492daa]
  [*:d7b0492daa][b:d7b0492daa][i:d7b0492daa]Enable Anti-Stealth technology[/i:d7b0492daa][/b:d7b0492daa][/list:u:d7b0492daa]
  [*:d7b0492daa]Klik op [b:d7b0492daa]Start[/b:d7b0492daa][/list:u:d7b0492daa]

  [list:d7b0492daa][*:d7b0492daa]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
  [*:d7b0492daa]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
  [*:d7b0492daa]Ga vervolgens naar [b:d7b0492daa]C:\Program Files\ESET\ESET Online Scanner[/b:d7b0492daa] (Windows 64-bit: [b:d7b0492daa]C:\Program Files (x86)\ESET\ESET Online Scanner[/b:d7b0492daa]) en klik daar op [b:d7b0492daa]log.txt[/b:d7b0492daa]
  [*:d7b0492daa]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.
  [*:d7b0492daa][b:d7b0492daa]
 • Ik heb bovenstaande wijzigingen aangebracht. Stonden niet allemaal op Automatisch. Alleen RPC Endpoint Mapper staat er niet bij, wél RPC locator. Is dat hetzelfde?

  Helaas hebben deze wijzigingen niet geholpen.
 • Gisteravond heb ik deze Eset Online scanner al gedraaid. Dit kwam er uit:

  ESETSmartInstaller@High as downloader log:
  all ok
  # version=8
  # OnlineScannerApp.exe=1.0.0.1
  # OnlineScanner.ocx=1.0.0.6920
  # api_version=3.0.2
  # EOSSerial=048dfceec70424458d62b35a22c1cb99
  # engine=14863
  # end=finished
  # remove_checked=true
  # archives_checked=true
  # unwanted_checked=true
  # unsafe_checked=true
  # antistealth_checked=true
  # utc_time=2013-08-22 01:46:36
  # local_time=2013-08-22 03:46:36 (+0100, West-Europa (zomertijd))
  # country="Netherlands"
  # lang=1033
  # osver=6.0.6002 NT Service Pack 2
  # compatibility_mode=774 16777214 85 93 1058338 153889068 0 0
  # compatibility_mode=5892 16776573 100 100 10457 214711924 0 0
  # scanned=188170
  # found=3
  # cleaned=3
  # scan_time=6762
  sh=2378F9E258834CAD29B65B8EAE83E438F6868C72 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\extensions\gdce@oqleiu.net\content\bg.js"
  sh=0B63EB5603886EAE6D23D4F4DAE8B9D54FB933B2 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\extensions\p9n9_awgb@avmav-.net\content\bg.js"
  sh=B936A79935B3945FAE972E0648D0517C49BAD4A6 ft=1 fh=9df2c62a28bf4a96 vn="Win32/DriverBooster.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Annelie\Downloads\driver_booster_setup_beta_1.0.exe"
  ESETSmartInstaller@High as downloader log:
  all ok
  # version=8
  # OnlineScannerApp.exe=1.0.0.1
  # OnlineScanner.ocx=1.0.0.6920
  # api_version=3.0.2
  # EOSSerial=048dfceec70424458d62b35a22c1cb99
  # engine=14881
  # end=finished
  # remove_checked=false
  # archives_checked=true
  # unwanted_checked=true
  # unsafe_checked=true
  # antistealth_checked=true
  # utc_time=2013-08-23 05:54:57
  # local_time=2013-08-23 07:54:57 (+0100, West-Europa (zomertijd))
  # country="Netherlands"
  # lang=1033
  # osver=6.0.6002 NT Service Pack 2
  # compatibility_mode=774 16777214 85 93 1159639 153990369 0 0
  # compatibility_mode=5892 16776573 100 100 15269 214813225 0 0
  # scanned=188754
  # found=0
  # cleaned=0
  # scan_time=6718

  Maar misschien wil je een recentere versie? Dan moet ik helaas tot morgen wachten. Ik ben nu in een jachthaven en de internetverbinding is hier niet zo stabiel
 • Doe de scan nogmaals, als het goed is moet hij deze keer niks vinden.
  Hoe je dat nu op eenvoudige wijze doet:

  gebruik Eset nu als [img:e8da7f07b9]http://www.imgdumper.nl/uploads7/51e818553fadd/51e818553f6fd-EsetCanned.png[/img:e8da7f07b9]
 • Eset scan heeft inderdaad niets gevonden:

  ESETSmartInstaller@High as downloader log:
  all ok
  # version=8
  # OnlineScannerApp.exe=1.0.0.1
  # OnlineScanner.ocx=1.0.0.6920
  # api_version=3.0.2
  # EOSSerial=048dfceec70424458d62b35a22c1cb99
  # engine=14863
  # end=finished
  # remove_checked=true
  # archives_checked=true
  # unwanted_checked=true
  # unsafe_checked=true
  # antistealth_checked=true
  # utc_time=2013-08-22 01:46:36
  # local_time=2013-08-22 03:46:36 (+0100, West-Europa (zomertijd))
  # country="Netherlands"
  # lang=1033
  # osver=6.0.6002 NT Service Pack 2
  # compatibility_mode=774 16777214 85 93 1058338 153889068 0 0
  # compatibility_mode=5892 16776573 100 100 10457 214711924 0 0
  # scanned=188170
  # found=3
  # cleaned=3
  # scan_time=6762
  sh=2378F9E258834CAD29B65B8EAE83E438F6868C72 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\extensions\gdce@oqleiu.net\content\bg.js"
  sh=0B63EB5603886EAE6D23D4F4DAE8B9D54FB933B2 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Annelie\AppData\Roaming\Mozilla\Firefox\Profiles\beel0usz.default\extensions\p9n9_awgb@avmav-.net\content\bg.js"
  sh=B936A79935B3945FAE972E0648D0517C49BAD4A6 ft=1 fh=9df2c62a28bf4a96 vn="Win32/DriverBooster.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Annelie\Downloads\driver_booster_setup_beta_1.0.exe"
  ESETSmartInstaller@High as downloader log:
  all ok
  # version=8
  # OnlineScannerApp.exe=1.0.0.1
  # OnlineScanner.ocx=1.0.0.6920
  # api_version=3.0.2
  # EOSSerial=048dfceec70424458d62b35a22c1cb99
  # engine=14881
  # end=finished
  # remove_checked=false
  # archives_checked=true
  # unwanted_checked=true
  # unsafe_checked=true
  # antistealth_checked=true
  # utc_time=2013-08-23 05:54:57
  # local_time=2013-08-23 07:54:57 (+0100, West-Europa (zomertijd))
  # country="Netherlands"
  # lang=1033
  # osver=6.0.6002 NT Service Pack 2
  # compatibility_mode=774 16777214 85 93 1159639 153990369 0 0
  # compatibility_mode=5892 16776573 100 100 15269 214813225 0 0
  # scanned=188754
  # found=0
  # cleaned=0
  # scan_time=6718
  # version=8
  # OnlineScannerApp.exe=1.0.0.1
  # OnlineScanner.ocx=1.0.0.6920
  # api_version=3.0.2
  # EOSSerial=048dfceec70424458d62b35a22c1cb99
  # engine=14890
  # end=finished
  # remove_checked=false
  # archives_checked=true
  # unwanted_checked=true
  # unsafe_checked=true
  # antistealth_checked=true
  # utc_time=2013-08-25 09:09:20
  # local_time=2013-08-25 11:09:20 (+0100, West-Europa (zomertijd))
  # country="Netherlands"
  # lang=1043
  # osver=6.0.6002 NT Service Pack 2
  # compatibility_mode=771 16777214 33 81 89085 154131632 0 0
  # compatibility_mode=5892 16776574 100 100 137634 214954488 0 0
  # scanned=186569
  # found=0
  # cleaned=0
  # scan_time=6702
 • Mooi zo.
  En laat maar weten hoe jou Windows inmiddels draait.
 • Internet Explorer werkt niet meer en Avast ook niet. Krijg dus die foutmelding
  van Avast: Failed tot load language dll [1033\UlLangeRes.dll]

  Misschien Avast verwijderen en opnieuw installeren? En Int Expl?

  Voor de rest lijkt alles weer oké. Ik ontdekte bij computer, vaste schijfstation ook een lokaal station (Q)???!!! :?
 • Dan doen we het middels ComboFix:

  Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:851758dd89]Kladblok (of Notepad)[/b:851758dd89]".

  Kopieer en plak de volgende (blauwe tekst in het code-venster) in het lege kladblokvenster.


  [code:1:851758dd89][B][color=#0000FF]ClearJavaCache::

  File::
  c:\windows\system32\drivers\hitmanpro37.sys

  Folder::

  c:\program files\HitmanPro
  c:\programdata\HitmanPro

  Driver::
  hitmanpro37

  Registry::
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
  @=""
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
  @=""
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
  @=""
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
  @=""


  [/COLOR][/B][/code:1:851758dd89]

  Sla dit kladblokbestand op je bureaublad op als [b:851758dd89]CFScript.txt[/b:851758dd89].

  [b:851758dd89]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.