[Windows 7] PC valt heel vaak opeens uit (blue screen)

Acer Aspire, X1700, paar jaar oud. Windows 7, 64-bit, service pack 1.

Altijd prima gedaan, maar sinds een paar dagen valt hij om de haverklap uit.
Hij start goed op, maar vaak al na een paar minuten (soms houdt hij het een uur uit) krijg ik een blauw scherm, met de foutmelding: DRIVER_IRQL_NOT_LESS_OR_EQUAL.
STOP 0x000000D1

Ik heb al van alles al geprobeerd: alle updates, meest recente drivers, virusscans, geheugen gecheckt...
Maar ik weet niet waar het aan ligt.
Bij opstartherstel zegt hij:
"Gevonden hoofdoorzaak:
Onbekende bugcontrole: Bugcontrole 1a. Parameters: 0x5001, (...).
Systeemherstel afgebroken."

Als ik in veilige modus opstart houdt hij het iets langer uit, maar ook daar krijg ik op een gegeven moment opeens een blauw scherm.
Ik heb de minidump logs, maar weet niet hoe ik daar nuttige info uit haal.

Hoe kom ik erachter wat de oorzaak is? Iemand een idee?

Nee, nog steeds de HDD die er origineel inzat

Nog niet, ik zou liever de oorzaak vinden en het oplossen voordat ik een clean install doe...
Want misschien is het een hardware probleem??

Nee met de Windows geheugentest, bij het booten. Zou ik het nog een keer met memtest86 moeten doen?

Ok ga ik binnenkort doen dan.
Nog andere suggesties wat ik kan doen om de oorzaak te vinden?

Dank voor de tip, ik heb inderdaad de kast vanmiddag opengemaakt. De 2 ventilators (in de kast, en van de GPU) doen het prima. Ook de temperaturen van de CPU en kast waren prima volgends mij (via Acer utility, 35 en 21 graden ofzo).
Temperatuur van de GPU leek er niet op alsof die heel heet werd, maar ik weet ik niet hoe ik die kan controleren..

Dank voor de tips, harddisk checken zou ik idd ook nog kunnen doen, maar weet niet of dat het probleem is.

De .dmp bestanden staan hier: https://www.dropbox.com/s...AABHuYZbwokiKaUW9pa0WdN6a

Is hier uit af te lezen wat het probleem is?

Dank je! Wel balen als het zware malware is. Maar hopelijk kan ik het dan fixen.
Ik ga hiermee aan de slag en kom er op terug!

[ Voor 55% gewijzigd door Verwijderd op 21-08-2014 23:00 ]

Ik heb de stappen uitgevoerd zoals beschreven (deinstallatie Avast, Combofix, ADWCleaner, installatie Avast).
Hieronder de logs.

Net weer normaal opgestart, en nu al een poosje geen BSOD gehad, ziet er positief uit dus!
(Update: helaas toch weer paar keer uitgevallen, het lijkt dus toch niet te zijn opgelost, helaas....)

ComboFIX:


ComboFix 14-08-21.01 - Beneden 22-08-2014 13:00:26.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.3304 [GMT 2:00]
Gestart vanuit: c:\users\Beneden\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Beneden\Documents\~WRL2954.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2014-07-22 to 2014-08-22 ))))))))))))))))))))))))))))))
.
.
2014-08-22 11:12 . 2014-08-22 11:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-22 10:48 . 2014-08-22 10:48 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-08-21 16:20 . 2014-08-22 11:05 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{226EEED6-8745-4732-8356-62AE5D73176E}\offreg.dll
2014-08-21 15:51 . 2014-08-21 15:51 -------- dc----w- C:\NVIDIA
2014-08-21 14:24 . 2014-08-21 14:24 -------- d-----w- c:\users\Beneden\AppData\Local\NVIDIA
2014-08-21 14:01 . 2014-08-21 14:01 -------- d-----w- c:\windows\system32\drivers\en-US
2014-08-21 13:53 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-21 13:53 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-08-19 17:59 . 2014-08-21 16:22 -------- d-----w- c:\users\Beneden\AppData\Local\ElevatedDiagnostics
2014-08-19 17:56 . 2014-08-07 08:59 11319200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{226EEED6-8745-4732-8356-62AE5D73176E}\mpengine.dll
2014-08-17 16:34 . 2014-08-17 16:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-17 16:34 . 2014-07-25 10:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-15 21:26 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 21:26 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 21:26 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-15 21:26 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-15 21:26 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 21:26 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-15 21:26 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 21:26 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-15 10:54 . 2014-07-25 13:03 598016 ----a-w- c:\windows\system32\ieui.dll
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-18 19:32 . 2010-06-24 10:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-17 16:32 . 2012-09-29 15:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-17 16:32 . 2012-09-29 15:46 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-15 21:32 . 2009-12-19 10:31 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-05 07:20 . 2009-10-02 16:19 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-09 13:51 . 2014-07-09 13:51 5659136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-06-18 02:18 . 2014-07-11 10:25 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-11 10:25 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-11 10:25 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 10:10 . 2014-07-11 10:25 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-11 10:25 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-11 10:24 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-11 10:24 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-11 10:24 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-11 10:25 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-11 10:25 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-11 10:25 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-11 10:25 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-11 10:25 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-11 10:25 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-11 10:25 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-11 10:25 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-11 10:25 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-11 10:25 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-11 10:25 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-11 10:25 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-11 10:25 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-11 10:25 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-11 10:25 497152 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Beneden\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Beneden\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Beneden\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"Spotify Web Helper"="c:\users\Beneden\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-14 1178168]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
R2 gupdate1ca1dc72fbeeee0;Google Updateservice (gupdate1ca1dc72fbeeee0);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ITEIO.SYS;ITEIO.SYS;c:\windows\System32\drivers\ITEIO.sys;c:\windows\SYSNATIVE\drivers\ITEIO.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - aswFsBlk
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswSP
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 18:48 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 16:32]
.
2014-08-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 19:03]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-15 16:40]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-15 16:40]
.
2014-08-18 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-03-09 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Beneden\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Beneden\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Beneden\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Beneden\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-19 6456352]
"Skytel"="Skytel.exe" [2008-08-19 1833504]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
FF - ProfilePath - c:\users\Beneden\AppData\Roaming\Mozilla\Firefox\Profiles\nd8gy3y8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://nl.msn.com/?rd=1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2014-08-22 13:16:38
ComboFix-quarantined-files.txt 2014-08-22 11:16
.
Pre-Run: 274.608.226.304 bytes beschikbaar
Post-Run: 286.192.181.248 bytes beschikbaar
.
- - End Of File - - 1F10B3748E5D14CBE94C9600414F7282
A36C5E4F47E84449FF07ED3517B43A31


ADWCleaner:


# AdwCleaner v3.308 - Rapport aangemaakt 22/08/2014 op 13:27:00
# Laatste Update 20/08/2014 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruikersnaam : Beneden - PC_BENEDEN
# Gestart vanuit : C:\Users\Beneden\Downloads\AdwCleaner.exe
# Optie : Scannen

***** [ Services ] *****


***** [ Bestanden / Mappen ] *****

Bestand Gevonden : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Bestand Gevonden : C:\Users\Beneden\AppData\Roaming\Mozilla\Firefox\Profiles\nd8gy3y8.default\searchplugins\Askcom.xml
Bestand Gevonden : C:\Windows\System32\roboot64.exe
Map Gevonden : C:\Program Files (x86)\AskPartnerNetwork
Map Gevonden : C:\Program Files (x86)\Common Files\ParetoLogic
Map Gevonden : C:\ProgramData\apn
Map Gevonden : C:\ProgramData\Ask
Map Gevonden : C:\ProgramData\AskPartnerNetwork
Map Gevonden : C:\ProgramData\DriverCure
Map Gevonden : C:\ProgramData\ParetoLogic
Map Gevonden : C:\Users\Beneden\AppData\LocalLow\Conduit
Map Gevonden : C:\Users\Beneden\AppData\Roaming\DriverCure
Map Gevonden : C:\Users\Beneden\AppData\Roaming\Systweak

***** [ Taken ] *****

Taak Gevonden : paretologic registration3

***** [ Snelkoppelingen ] *****


***** [ Register ] *****

Sleutel Gevonden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Sleutel Gevonden : HKCU\Software\ParetoLogic
Sleutel Gevonden : HKCU\Software\YahooPartnerToolbar
Sleutel Gevonden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Sleutel Gevonden : [x64] HKCU\Software\ParetoLogic
Sleutel Gevonden : [x64] HKCU\Software\YahooPartnerToolbar
Sleutel Gevonden : HKLM\SOFTWARE\AskPartnerNetwork
Sleutel Gevonden : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Prod.cap
Sleutel Gevonden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Sleutel Gevonden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Sleutel Gevonden : HKLM\SOFTWARE\Classes\Toolbar.CT1460988
Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Sleutel Gevonden : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Sleutel Gevonden : HKLM\SOFTWARE\Conduit
Sleutel Gevonden : HKLM\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Sleutel Gevonden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Sleutel Gevonden : HKLM\SOFTWARE\ParetoLogic
Sleutel Gevonden : HKLM\SOFTWARE\systweak
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Sleutel Gevonden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v3.6.28 (nl)

[ Bestand : C:\Users\Beneden\AppData\Roaming\Mozilla\Firefox\Profiles\nd8gy3y8.default\prefs.js ]

Regel gevonden : user_pref("browser.search.order.1", "Ask.com");
Regel gevonden : user_pref("browser.search.selectedEngine", "Ask.com");
Regel gevonden : user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33,{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35,wrc@avast.com:7.0.1474,to[...]
Regel gevonden : user_pref("browser.search.defaultengine", "Ask.com");

-\\ Google Chrome v36.0.1985.143

[ Bestand : C:\Users\Beneden\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gevonden [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
Gevonden [Search Provider] : hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch
Gevonden [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11412&l=dis&pf=V7&p2=%5EBBK%5EOSJ000%5EYY%5ENL&gct=&itbv=12.10.6.48&doi=2014-05-28&apn_uid=037F93B6-D7D4-449D-98EF-9E27EE2EDC96&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5ENL&apn_dbr=cr_35.0.1916.114&psv=&pt=&trgb=CR&q={searchTerms}
Gevonden [Extension] : aaaaahaeginbdcckocjkhbciadcafnep
Gevonden [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gevonden [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [6523 octets] - [22/08/2014 13:23:50]
AdwCleaner[R1].txt - [6399 octets] - [22/08/2014 13:27:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6459 octets] ##########

Hij blijft maar uitvallen, het lukt me nu niet om de nieuwe minidumps er af te halen.
Ik vrees dat ik maar voor de clean install ga... Ik zal laten weten of dat helpt.
Erg bedankt voor jullie hulp!