xxmartijnxx

18 oktober 2012

Beste kape,

Ik heb het een paar dagen aangekeken en alle problemen zijn opgelost.

bedankt,

Martijn

15 oktober 2012

tot dus ver geen enkel probleem, alles draait weer naar wens.

Wel heb ik nog een vraag hoe ik deze problemen in de toekomst kan voorkomen? mede door dat dit mijn zakelijk laptop is en ook alleen maar zakelijk gebruik! Je begrijpt dat ik spyware op dit systeem niet kan gebruiken...

Ik wil je nogmaals bedanken voor moeite.

15 oktober 2012

# AdwCleaner v2.005 - Verslag gemaakt op 15/10/2012 om 19:52:38

# Geactualiseerd op 14/10/2012 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : martijn-VaK - MARTIJN-VAK-PC

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\martijn-VaK\Desktop\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

Map Verwijdert : C:\Program Files (x86)\AVG Secure Search

Map Verwijdert : C:\Program Files (x86)\Conduit

Map Verwijdert : C:\ProgramData\AVG Secure Search

Map Verwijdert : C:\ProgramData\Tarma Installer

Map Verwijdert : C:\Users\martijn-VaK\AppData\Local\AVG Secure Search

Map Verwijdert : C:\Users\martijn-VaK\AppData\Local\Conduit

Map Verwijdert : C:\Users\martijn-VaK\AppData\Local\Software

Map Verwijdert : C:\Users\martijn-VaK\AppData\LocalLow\AVG Secure Search

Map Verwijdert : C:\Users\martijn-VaK\AppData\LocalLow\Conduit

Map Verwijdert : C:\Users\martijn-VaK\AppData\Roaming\Mozilla\Firefox\Profiles\lblalmwx.default\ConduitCommon

Map Verwijdert : C:\Users\martijn-VaK\AppData\Roaming\Mozilla\Firefox\Profiles\lblalmwx.default\CT2865317

Map Verwijdert : C:\Users\martijn-VaK\AppData\Roaming\Mozilla\Firefox\Profiles\lblalmwx.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}

Map Verwijdert : C:\Users\martijn-VaK\AppData\Roaming\Mozilla\Firefox\Profiles\lblalmwx.default\extensions\bbrs_002@blabbers.com

Verwijdert bij het opstarten : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar

Sleutel Verwijdert : HKCU\Software\AVG Secure Search

Sleutel Verwijdert : HKCU\Software\BrowserCompanion

Sleutel Verwijdert : HKCU\Software\IGearSettings

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Sleutel Verwijdert : HKCU\Software\Softonic

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijdert : HKLM\Software\AVG Secure Search

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2865317

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Sleutel Verwijdert : HKLM\Software\Conduit

Sleutel Verwijdert : HKLM\Software\Iminent

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v16.0.1 (nl)

Profielnaam : default

File : C:\Users\martijn-VaK\AppData\Roaming\Mozilla\Firefox\Profiles\lblalmwx.default\prefs.js

C:\Users\martijn-VaK\AppData\Roaming\Mozilla\Firefox\Profiles\lblalmwx.default\user.js ... Verwijdert !

Verwijdert : user_pref("CT2865317..clientLogIsEnabled", true);

Verwijdert : user_pref("CT2865317..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Verwijdert : user_pref("CT2865317..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Verwijdert : user_pref("CT2865317.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Verwijdert : user_pref("CT2865317.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Verwijdert : user_pref("CT2865317.CTID", "CT2865317");

Verwijdert : user_pref("CT2865317.CurrentServerDate", "15-10-2012");

Verwijdert : user_pref("CT2865317.DSInstall", false);

Verwijdert : user_pref("CT2865317.DialogsAlignMode", "LTR");

Verwijdert : user_pref("CT2865317.DialogsGetterLastCheckTime", "Fri Oct 12 2012 13:29:45 GMT+0200");

Verwijdert : user_pref("CT2865317.DownloadReferralCookieData", "");

Verwijdert : user_pref("CT2865317.EMailNotifierPollDate", "Fri Jul 20 2012 16:40:28 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedLastCount5397019970362056034", 466);

Verwijdert : user_pref("CT2865317.FeedPollDate2429156812186649977", "Fri Jul 20 2012 16:40:29 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156813040823546", "Fri Jul 20 2012 16:40:29 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156813130095866", "Fri Jul 20 2012 16:40:28 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156813224203613", "Fri Jul 20 2012 16:40:28 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156813230837251", "Fri Jul 20 2012 16:40:29 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156813454291735", "Fri Jul 20 2012 16:40:29 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156813729834876", "Fri Jul 20 2012 16:40:28 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156813860870021", "Fri Jul 20 2012 16:41:46 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156814264681793", "Fri Jul 20 2012 16:40:29 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156814863075366", "Fri Jul 20 2012 16:40:29 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedPollDate2429156815257761081", "Fri Jul 20 2012 16:40:28 GMT+0200");

Verwijdert : user_pref("CT2865317.FeedTTL2429156813040823546", 15);

Verwijdert : user_pref("CT2865317.FeedTTL2429156813130095866", 10);

Verwijdert : user_pref("CT2865317.FeedTTL2429156813454291735", 5);

Verwijdert : user_pref("CT2865317.FeedTTL2429156814264681793", 5);

Verwijdert : user_pref("CT2865317.FirstServerDate", "14-7-2012");

Verwijdert : user_pref("CT2865317.FirstTime", true);

Verwijdert : user_pref("CT2865317.FirstTimeFF3", true);

Verwijdert : user_pref("CT2865317.FirstTimeHiddenVer", true);

Verwijdert : user_pref("CT2865317.FixPageNotFoundErrors", true);

Verwijdert : user_pref("CT2865317.GroupingServerCheckInterval", 1440);

Verwijdert : user_pref("CT2865317.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Verwijdert : user_pref("CT2865317.HPInstall", false);

Verwijdert : user_pref("CT2865317.HasUserGlobalKeys", true);

Verwijdert : user_pref("CT2865317.HomePageProtectorEnabled", false);

Verwijdert : user_pref("CT2865317.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");

Verwijdert : user_pref("CT2865317.Initialize", true);

Verwijdert : user_pref("CT2865317.InitializeCommonPrefs", true);

Verwijdert : user_pref("CT2865317.InstallationAndCookieDataSentCount", 3);

Verwijdert : user_pref("CT2865317.InstallationId", "fftC5E1.tmp.exe");

Verwijdert : user_pref("CT2865317.InstallationType", "XPE");

Verwijdert : user_pref("CT2865317.InstalledDate", "Sat Jul 14 2012 11:20:42 GMT+0200");

Verwijdert : user_pref("CT2865317.IsAlertDBUpdated", true);

Verwijdert : user_pref("CT2865317.IsGrouping", false);

Verwijdert : user_pref("CT2865317.IsInitSetupIni", true);

Verwijdert : user_pref("CT2865317.IsMulticommunity", false);

Verwijdert : user_pref("CT2865317.IsOpenThankYouPage", true);

Verwijdert : user_pref("CT2865317.IsOpenUninstallPage", false);

Verwijdert : user_pref("CT2865317.LanguagePackLastCheckTime", "Sun Oct 14 2012 13:55:19 GMT+0200");

Verwijdert : user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440);

Verwijdert : user_pref("CT2865317.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Verwijdert : user_pref("CT2865317.LastLogin_3.13.0.6", "Tue Jul 17 2012 19:54:56 GMT+0200");

Verwijdert : user_pref("CT2865317.LastLogin_3.14.1.0", "Fri Aug 31 2012 16:49:18 GMT+0200");

Verwijdert : user_pref("CT2865317.LastLogin_3.15.1.0", "Mon Oct 15 2012 09:15:00 GMT+0200");

Verwijdert : user_pref("CT2865317.LatestVersion", "3.14.1.0");

Verwijdert : user_pref("CT2865317.Locale", "nl");

Verwijdert : user_pref("CT2865317.MCDetectTooltipHeight", "83");

Verwijdert : user_pref("CT2865317.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Verwijdert : user_pref("CT2865317.MCDetectTooltipWidth", "295");

Verwijdert : user_pref("CT2865317.MyStuffEnabledAtInstallation", true);

Verwijdert : user_pref("CT2865317.OriginalFirstVersion", "3.13.0.6");

Verwijdert : user_pref("CT2865317.SearchCaption", "uTorrentBar_NL Customized Web Search");

Verwijdert : user_pref("CT2865317.SearchEngineBeforeUnload", "AVG Secure Search");

Verwijdert : user_pref("CT2865317.SearchFromAddressBarIsInit", true);

Verwijdert : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]

Verwijdert : user_pref("CT2865317.SearchInNewTabEnabled", true);

Verwijdert : user_pref("CT2865317.SearchInNewTabIntervalMM", 1440);

Verwijdert : user_pref("CT2865317.SearchInNewTabLastCheckTime", "Sun Oct 14 2012 13:55:18 GMT+0200");

Verwijdert : user_pref("CT2865317.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Verwijdert : user_pref("CT2865317.SearchProtectorEnabled", false);

Verwijdert : user_pref("CT2865317.SearchProtectorToolbarDisabled", false);

Verwijdert : user_pref("CT2865317.SendProtectorDataViaLogin", true);

Verwijdert : user_pref("CT2865317.ServiceMapLastCheckTime", "Sun Oct 14 2012 13:55:18 GMT+0200");

Verwijdert : user_pref("CT2865317.SettingsLastCheckTime", "Mon Oct 15 2012 09:14:59 GMT+0200");

Verwijdert : user_pref("CT2865317.SettingsLastUpdate", "1350222207");

Verwijdert : user_pref("CT2865317.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13");

Verwijdert : user_pref("CT2865317.ThirdPartyComponentsInterval", 504);

Verwijdert : user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Sat Jul 14 2012 11:20:41 GMT+0200");

Verwijdert : user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1331805997");

Verwijdert : user_pref("CT2865317.ToolbarShrinkedFromSetup", false);

Verwijdert : user_pref("CT2865317.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2865317");

Verwijdert : user_pref("CT2865317.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Verwijdert : user_pref("CT2865317.UserID", "UN15513752332373243");

Verwijdert : user_pref("CT2865317.WeatherNetwork", "");

Verwijdert : user_pref("CT2865317.WeatherPollDate", "Fri Jul 20 2012 16:41:46 GMT+0200");

Verwijdert : user_pref("CT2865317.WeatherUnit", "C");

Verwijdert : user_pref("CT2865317.alertChannelId", "1257316");

Verwijdert : user_pref("CT2865317.autoDisableScopes", 14);

Verwijdert : user_pref("CT2865317.backendstorage.cbcountry_001", "4E4C");

Verwijdert : user_pref("CT2865317.backendstorage.cbfirsttime", "536174204A756C20313420323031322031313A32303A34372[...]

Verwijdert : user_pref("CT2865317.backendstorage.pairingkey", "38373642383132414646433533394433434132324433303836[...]

Verwijdert : user_pref("CT2865317.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Verwijdert : user_pref("CT2865317.backendstorage.url_history0001", "687474703A2F2F7777772E62656C6C656E2E636F6D2F6[...]

Verwijdert : user_pref("CT2865317.backendstorage.uttorrents", "7B226275696C64223A32373536382C226C6162656C223A5B5D[...]

Verwijdert : user_pref("CT2865317.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Verwijdert : user_pref("CT2865317.globalFirstTimeInfoLastCheckTime", "Sat Jul 14 2012 11:20:42 GMT+0200");

Verwijdert : user_pref("CT2865317.homepageProtectorEnableByLogin", true);

Verwijdert : user_pref("CT2865317.initDone", true);

Verwijdert : user_pref("CT2865317.isAppTrackingManagerOn", true);

Verwijdert : user_pref("CT2865317.myStuffEnabled", true);

Verwijdert : user_pref("CT2865317.myStuffPublihserMinWidth", 400);

Verwijdert : user_pref("CT2865317.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Verwijdert : user_pref("CT2865317.myStuffServiceIntervalMM", 1440);

Verwijdert : user_pref("CT2865317.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Verwijdert : user_pref("CT2865317.navigateToUrlOnSearch", false);

Verwijdert : user_pref("CT2865317.revertSettingsEnabled", true);

Verwijdert : user_pref("CT2865317.searchProtectorDialogDelayInSec", 10);

Verwijdert : user_pref("CT2865317.searchProtectorEnableByLogin", true);

Verwijdert : user_pref("CT2865317.testingCtid", "");

Verwijdert : user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Sun Oct 14 2012 13:55:19 GMT+0200");

Verwijdert : user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Sat Jul 14 2012 11:20:44 GMT+0200");

Verwijdert : user_pref("CT2865317.usagesFlag", 2);

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2865317/CT2865317[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", [...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317",[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]

Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=nl", "\"d87[...]

Verwijdert : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\martijn-VaK\\AppData\\Roaming\\Mozi[...]

Verwijdert : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");

Verwijdert : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Befe[...]

Verwijdert : user_pref("CommunityToolbar.ToolbarsList", "CT2865317");

Verwijdert : user_pref("CommunityToolbar.ToolbarsList2", "CT2865317");

Verwijdert : user_pref("CommunityToolbar.ToolbarsList4", "CT2865317");

Verwijdert : user_pref("CommunityToolbar.globalUserId", "8d41567a-e374-450e-a2f3-f476b700e19a");

Verwijdert : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Verwijdert : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Verwijdert : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2865317");

Verwijdert : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Jul 14 2012 11:20:4[...]

Verwijdert : user_pref("CommunityToolbar.notifications.alertEnabled", false);

Verwijdert : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Verwijdert : user_pref("CommunityToolbar.notifications.locale", "en");

Verwijdert : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Verwijdert : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 20 2012 16:41:43 GMT+0200");

Verwijdert : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Verwijdert : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Verwijdert : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Verwijdert : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Verwijdert : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Verwijdert : user_pref("CommunityToolbar.notifications.userId", "b5563ebb-e48e-4cd5-85e3-ef5076a89e35");

Verwijdert : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");

Verwijdert : user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");

Verwijdert : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");

Verwijdert : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Verwijdert : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112060&babsrc=NT_ss&mntrId=7c51e0f[...]

Verwijdert : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Verwijdert : user_pref("browser.search.order.1", "Search the web (Babylon)");

Verwijdert : user_pref("extensions.BabylonToolbar_i.newTab", true);

Verwijdert : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112060&babsrc=N[...]

Verwijdert : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q=[...]

*************************

AdwCleaner[s1].txt - [22243 octets] - [15/10/2012 19:52:38]

########## EOF - C:\AdwCleaner[s1].txt - [22304 octets] ##########

15 oktober 2012

Adserverplus meldingen die waren weg. deze zijn nu weer terug helaas. ik krijg ik bij het laden van pagina's vaak onderstaande melding.

15 oktober 2012

Beste Kape,

Allereerst bedankt tot zo ver!

Ik heb de tekst zoals jij beschreef opgeslagen in een kladblok bestand en naar combifix.exe gesleept.

Vervolgens heeft combifix een nieuwe scan uitgevoerd.

ComboFix 12-10-14.03 - martijn-VaK 15-10-2012 8:51.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.5996.3594 [GMT 2:00]

Gestart vanuit: c:\users\martijn-VaK\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\martijn-VaK\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-15 to 2012-10-15 ))))))))))))))))))))))))))))))

.

2012-10-15 07:00 . 2012-10-15 07:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-14 11:35 . 2012-10-15 06:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-10-14 11:35 . 2012-10-14 13:49 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-10-12 12:57 . 2012-10-12 12:57 -------- d-----w- c:\users\martijn-VaK\AppData\Roaming\Speckie

2012-10-12 09:34 . 2012-10-12 09:34 -------- d-----w- c:\program files\CCleaner

2012-10-11 14:33 . 2012-10-11 14:33 388096 ----a-r- c:\users\martijn-VaK\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-11 14:33 . 2012-10-11 14:33 -------- d-----w- c:\program files (x86)\Trend Micro

2012-10-11 14:22 . 2012-10-11 14:22 -------- d-----w- c:\program files (x86)\SpywareBlaster

2012-10-11 14:22 . 2010-01-10 16:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2012-10-11 12:27 . 2012-10-11 12:27 -------- d-----w- c:\users\martijn-VaK\AppData\Roaming\Lavasoft

2012-10-11 12:27 . 2012-10-11 12:27 -------- d-----w- c:\program files (x86)\Lavasoft

2012-10-11 12:25 . 2012-10-11 12:26 -------- d-----w- c:\program files (x86)\Hitman Pro

2012-10-09 15:30 . 2007-07-07 06:02 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX

2012-10-09 15:30 . 2007-07-07 06:02 1009336 ----a-w- c:\windows\SysWow64\MSCHRT20.OCX

2012-10-09 15:30 . 2010-01-10 16:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-10-09 15:30 . 2007-07-07 06:02 647872 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX

2012-10-09 15:30 . 2012-10-09 16:23 -------- d-----w- C:\WsFactuur

2012-10-09 15:20 . 2011-10-04 09:43 87552 ----a-w- c:\windows\system32\custmon64i.dll

2012-10-09 15:20 . 2012-10-09 15:20 -------- d-----w- c:\program files (x86)\GPLGS

2012-10-09 15:20 . 2012-10-09 15:20 -------- d-----w- c:\program files (x86)\Burggraaf_it_PDF

2012-10-09 15:20 . 2012-10-09 15:20 -------- d-----w- c:\users\martijn-VaK\AppData\Roaming\Simpelfact

2012-10-09 15:19 . 2012-10-09 15:19 -------- d-----w- c:\users\martijn-VaK\AppData\Local\FileMaker

2012-10-09 15:18 . 2012-10-09 15:18 -------- d-----w- c:\users\martijn-VaK\AppData\Roaming\Burggraaf it

2012-10-04 16:40 . 2012-10-14 13:48 -------- d-----w- C:\Shared

2012-10-04 14:08 . 2012-10-04 14:08 -------- d-----w- c:\programdata\Zylom

2012-10-04 14:08 . 2012-10-04 14:08 -------- d-----w- c:\program files (x86)\Zylom Games

2012-10-04 10:52 . 2012-08-30 22:43 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-10-04 10:51 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-10-04 10:51 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-04 10:51 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-10-04 10:51 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-10-04 10:51 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-10-04 10:51 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-10-04 10:51 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-10-04 10:51 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-10-04 10:51 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-09-30 08:15 . 2012-09-30 08:15 -------- d-----w- c:\users\martijn-VaK\AppData\Roaming\Malwarebytes

2012-09-30 08:14 . 2012-09-30 08:14 -------- d-----w- c:\programdata\Malwarebytes

2012-09-30 08:14 . 2012-09-30 08:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-30 08:14 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-22 19:05 . 2012-09-22 19:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-09-22 19:05 . 2012-09-22 19:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-09-22 19:05 . 2012-09-22 19:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-09-22 19:05 . 2012-09-22 19:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-09-22 19:05 . 2012-09-22 19:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-09-22 19:05 . 2012-09-22 19:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-09-22 19:05 . 2012-09-22 19:05 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-09-22 19:04 . 2012-09-22 19:05 -------- d-----w- c:\program files (x86)\QuickTime

2012-09-22 19:04 . 2012-09-22 19:04 -------- d-----w- c:\programdata\Apple Computer

2012-09-16 12:32 . 2012-09-16 12:32 -------- d-----w- c:\program files (x86)\Google

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 14:35 . 2012-04-25 20:40 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 14:35 . 2011-10-20 09:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-30 19:15 . 2012-08-30 19:15 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-08-24 13:43 . 2012-08-24 13:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-07-26 01:21 . 2012-07-26 01:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-08-30 19:15 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-30 1734240]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]

"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-30 947808]

"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 116648]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 116648]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 115168]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-07-20 247400]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-27 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-30 31080]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-11-18 22648]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-11-18 20520]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-11-18 62776]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]

S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-08-30 722528]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 14:35]

.

2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 12:32]

.

2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 12:32]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://acer.msn.com

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

TCP: Interfaces\{65A45995-85A2-4DFA-BE16-9D427723816F}: NameServer = 8.8.8.8,8.8.4.4

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

FF - ProfilePath - c:\users\martijn-VaK\AppData\Roaming\Mozilla\Firefox\Profiles\lblalmwx.default\

FF - prefs.js: browser.startup.homepage - Google

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-10-15 09:13:47

ComboFix-quarantined-files.txt 2012-10-15 07:13

ComboFix2.txt 2012-10-14 12:39

.

Pre-Run: 402.196.692.992 bytes beschikbaar

Post-Run: 402.142.248.960 bytes beschikbaar

.

- - End Of File - - 96E2952DAEBA7BC997AF5C357C39224F

14 oktober 2012

Bij deze,

ComboFix 12-10-14.03 - martijn-VaK 14-10-2012 13:54:10.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.5996.3756 [GMT 2:00]

Gestart vanuit: c:\users\martijn-VaK\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\24U

c:\programdata\24U\24uSimpleDialog4Reg.dat

c:\users\martijn-VaK\AppData\Roaming\24U

c:\windows\SysWow64\FlashPlayerInstaller.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-14 to 2012-10-14 ))))))))))))))))))))))))))))))

.

2012-10-14 12:24 . 2012-10-14 12:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-14 11:35 . 2012-10-14 11:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-10-14 11:35 . 2012-10-14 11:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy