Claro search

Pizza_heidi · 14 november 2012

Grrrrrr, weer terug bij af! Ik dacht echt dat het goed was, maar nu ineens kan ik niet op internet komen (wel in veilige modus) én de tabbladen komen weer tevoorschijn. Er staat nog steeds 2 x AVG 2013 in mijn lijst met programma's die ik niet kan verwijderen.

Ik heb voor de duidelijkheid een foto erbij gedaan waarop je mijn programma's kunt zien én de tabbladen die ik bedoel.

Alvast bedankt maar weer!

- - - Updated - - -

Heb AdwCleaner nog een keer gedraaid, hier mijn logfile:

# AdwCleaner v2.007 - Verslag gemaakt op 14/11/2012 om 21:59:57

# Geactualiseerd op 06/11/2012 door Xplode

# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)

# Gebruiker : Gebruiker - HEIDI

# Opstarten Modus : Veillige modus met netwerk

# Gelanceerd vanaf : C:\Documents and Settings\Gebruiker\Bureaublad\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

File Verwijdert : C:\Documents and Settings\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

File Verwijdert : C:\Documents and Settings\Gebruiker\Bureaublad\QuickStores.url

File Verwijdert : C:\Documents and Settings\Gebruiker\Menu Start\QuickStores.url

Map Verwijdert : C:\Documents and Settings\Gebruiker\Application Data\QuickStoresToolbar

Map Verwijdert : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

***** [browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v23.0.1271.64

File : C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Verwijdert [l.12] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxps://isearch.avg.com/?cid={1E3AEA31-CE57-4493-BABE-F6FB56DE2185}&mid=〈=nl&ds=hk011&pr=sa&d=2012-10-04 21:29:08&v=12.1.0.20&sap=hp", "hxxps://isearch.avg.com/?cid={13E812D1-ECFC-4069-9384-BDD02A5AB324}&mid=〈=nl&ds=st011&pr=sa&d=2012-10-11 18:47:06&v=12.2.0.5&sap=hp", "hxxp://www.claro-search.com/?affID=114508&tt=4412_8&babsrc=HP_clro&mntrId=f83a7c4a000000000000c0c1c068113b" ]

Verwijdert [l.1818] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxps://isearch.avg.com/?cid={1E3AEA31-CE57-4493-BABE-F6FB56DE2185}&mid=〈=nl&ds=hk011&pr=sa&d=2012-10-04 21:29:08&v=12.1.0.20&sap=hp", "hxxps://isearch.avg.com/?cid={13E812D1-ECFC-4069-9384-BDD02A5AB324}&mid=〈=nl&ds=st011&pr=sa&d=2012-10-11 18:47:06&v=12.2.0.5&sap=hp", "hxxp://www.claro-search.com/?affID=114508&tt=4412_8&babsrc=HP_clro&mntrId=f83a7c4a000000000000c0c1c068113b" ]

*************************

AdwCleaner[R1].txt - [4295 octets] - [06/11/2012 21:11:13]

AdwCleaner[s1].txt - [7209 octets] - [14/07/2012 13:37:08]

AdwCleaner[s2].txt - [3834 octets] - [10/11/2012 11:59:01]

AdwCleaner[s3].txt - [1139 octets] - [10/11/2012 12:09:43]

AdwCleaner[s4].txt - [1199 octets] - [12/11/2012 18:01:19]

AdwCleaner[s5].txt - [1259 octets] - [12/11/2012 18:04:28]

AdwCleaner[s6].txt - [1319 octets] - [12/11/2012 19:41:33]

AdwCleaner[s7].txt - [1366 octets] - [12/11/2012 19:49:31]

AdwCleaner[s8].txt - [3443 octets] - [14/11/2012 21:59:57]

########## EOF - C:\AdwCleaner[s8].txt - [3503 octets] ##########

kape · 15 november 2012

AdwCleaner wijst naar Claro enkel in je Chrome-browser, maar zou dat ook verwijderd hebben. Is dat ook werkelijk zo ?

Voor die dubbele AVG zou ik je aanbevelen om de speciale Removal Tool van AVG te gebruiken om deze (beiden) te verwijderen. Daarna kan je één nieuwe versie downloaden en installeren.

Pizza_heidi · 15 november 2012

Hoi Kape,

De Claro in mijn browser blijft gewoon tevoorschijn komen.

Ook krijg ik de avg programma's niet verwijderd met de speciale Tool??

kape · 16 november 2012

Ga in Chrome eens naar "Instellingen" en "Externsies". Bekijk daar even of er iets van Claro of andere vreemde programma's te vinden is. Zo ja, mag je deze uitschakelen of verwijderen.

Zit daar niet dan kijk je even bij "Bij Opstarten" of "Zoeken" of daar iets onbekends of verwant aan Claro te vinden is. Ook dan verwijderen indien aanwezig.

Pizza_heidi · 16 november 2012

Bij allemaal niets te vinden/leeg. Ik heb wel het idee dat het goed gaat, zolang ik me niet aanmeld bij chrome (weet niet helemaal zeker). Ook die avg zit me niet lekker, omdat het 2e en 3e tablad van avg zijn. Nog meer opties?

Ik heb trouwens chrome eraf gehaald en opnieuw geinstalleerd, dat mocht ook niet baten...

kape · 16 november 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\AVG\AVG2012

c:\program files\AVG\AVG2013

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Pizza_heidi · 16 november 2012

Gedaan, komt het:

ComboFix 12-11-16.02 - Gebruiker 16-11-2012 20:34:27.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3063.2295 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt

AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-16 to 2012-11-16 ))))))))))))))))))))))))))))))

.

2012-11-16 17:45 . 2012-11-16 17:45 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Deployment

2012-11-16 16:59 . 2012-11-16 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-16 16:59 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-15 21:53 . 2012-11-15 22:16 -------- d-----w- C:\sh4ldr

2012-11-15 21:53 . 2012-11-15 21:53 -------- d-----w- c:\program files\Enigma Software Group

2012-11-15 21:53 . 2012-11-15 22:16 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP

2012-11-15 21:53 . 2012-11-15 21:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-11-14 20:14 . 2012-11-14 20:16 -------- d-----w- c:\program files\Unlocker

2012-11-14 19:55 . 2012-11-16 19:26 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend

2012-11-09 18:45 . 2012-11-09 18:45 -------- d-----w- c:\program files\Speccy

2012-11-06 19:07 . 2011-09-01 10:08 987904 ----a-r- c:\windows\system32\drivers\RTL8192cu.sys

2012-11-05 19:06 . 2012-11-05 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- c:\program files\ESET

2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- c:\windows\system32\searchplugins

2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- c:\windows\system32\Extensions

2012-11-05 18:47 . 2012-11-05 18:47 -------- d-----w- C:\$AVG

2012-11-04 19:43 . 2012-11-04 19:43 -------- d-----w- c:\windows\system32\wbem\Repository

2012-11-04 18:51 . 2012-11-05 18:47 -------- d-----w- c:\program files\VS Revo Group

2012-11-04 13:18 . 2012-11-05 18:47 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)

2012-11-04 13:11 . 2012-11-05 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013(2)

2012-10-27 14:44 . 2012-10-27 14:44 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TuneUp Software

2012-10-20 11:40 . 2012-09-24 21:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-22 19:57 . 2008-04-15 12:00 1866496 ------w- c:\windows\system32\win32k.sys

2012-10-04 19:47 . 2012-07-06 20:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-10-04 19:47 . 2011-11-02 10:17 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-02 18:04 . 2008-04-15 12:00 58368 ------w- c:\windows\system32\synceng.dll

2012-08-28 15:17 . 2008-04-15 12:00 916992 ------w- c:\windows\system32\wininet.dll

2012-08-28 15:17 . 2008-04-15 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:17 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2008-04-15 12:00 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2008-04-15 12:00 177664 ------w- c:\windows\system32\wintrust.dll

2012-08-23 06:27 . 2008-04-15 12:00 2153472 ------w- c:\windows\system32\ntoskrnl.exe

2012-08-23 06:27 . 2008-04-14 22:11 2032128 ------w- c:\windows\system32\ntkrnlpa.exe

2012-08-21 11:01 . 2012-07-26 20:07 26840 ------w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 11:01 . 2012-07-26 20:07 106928 ------w- c:\windows\system32\GEARAspi.dll

2012-07-18 14:01 . 2012-07-18 14:01 0 ----a-w- c:\program files\GUM6F.tmp

2011-11-25 19:03 . 2011-11-25 19:03 10424515 ----a-w- c:\program files\SABnzbd-0.6.10-win32-setup.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-12 143360]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-12 143360]

"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SABnzbd\\SABnzbd.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\ImgBurn\\ImgBurn.exe"=

"c:\\Program Files\\CCleaner\\CCleaner.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\Gebruiker\Bureaublad\Run\a2ddax86.sys [09-11-2012 10:28 17904]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14-03-2012 08:40 120152]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14-03-2012 08:40 104160]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [07-03-2012 15:40 913144]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [16-11-2012 17:59 399432]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16-11-2012 17:59 676936]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16-11-2012 17:59 22856]

R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [06-11-2012 20:07 987904]

S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]

S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [15-05-2012 19:32 1034240]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - GUPDATE

*NewlyCreated* - MBAMPROTECTOR

*NewlyCreated* - MBAMSCHEDULER

*NewlyCreated* - MBAMSERVICE

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2012-11-15 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06]

.

2012-11-15 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06]

.

2012-11-16 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06]

.

2012-11-16 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08 16:06]

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 17:45]

.

2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 17:45]

.

2012-11-16 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-11-16 20:38

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(1960)

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2012-11-16 20:40:22

ComboFix-quarantined-files.txt 2012-11-16 19:40

ComboFix2.txt 2012-11-08 15:49

ComboFix3.txt 2012-11-08 13:45

.

Pre-Run: 7.847.378.944 bytes beschikbaar

Post-Run: 7.930.515.456 bytes beschikbaar

.

- - End Of File - - BA1E62D0FAD17A1074AC02C84756FAEF

kape · 16 november 2012

Ha ... daar komt nog een andere AVG opduiken in je log.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\program files\GUM6F.tmp

Folder::

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP

C:\$AVG

c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)

c:\documents and settings\All Users\Application Data\AVG2013(2)

c:\program files\AVG\AVG2013(2)

AtJob::

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Pizza_heidi · 16 november 2012

Ben ik weer met het resultaat:

ComboFix 12-11-16.02 - Gebruiker 16-11-2012 21:18:06.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3063.2268 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt

AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

FILE ::

"c:\program files\GUM6F.tmp"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\$AVG

c:\documents and settings\All Users\Application Data\AVG2013(2)

c:\documents and settings\All Users\Application Data\AVG2013(2)\log(2)\history.xml

c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)

c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\avgdiagex.log

c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\avgdiagex.log.lock

c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\avgui.log

c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\avgui.log.lock

c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\commonpriv.log

c:\documents and settings\Gebruiker\Local Settings\Application Data\Avg2013(2)\log(2)\commonpriv.log.lock

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCall.dll

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla.dll

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla17.dll

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.dll

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.exe

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla19.dll

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla2.dll

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla20.dll

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.dll

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.exe

c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseData.ini

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-16 to 2012-11-16 ))))))))))))))))))))))))))))))

.

2012-11-16 17:45 . 2012-11-16 17:45 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Deployment

2012-11-16 16:59 . 2012-11-16 16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-16 16:59 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-15 21:53 . 2012-11-15 22:16 -------- d-----w- C:\sh4ldr

2012-11-15 21:53 . 2012-11-15 21:53 -------- d-----w- c:\program files\Enigma Software Group

2012-11-15 21:53 . 2012-11-15 21:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-11-14 20:14 . 2012-11-14 20:16 -------- d-----w- c:\program files\Unlocker

2012-11-14 19:55 . 2012-11-16 20:10 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend