pagina,s openen niet en diversen

  • ina

    Hallo

    moet 2 soms 3 keer drukken om terug te gaan links boven en pagina,s o a dokter.nl wil hij niet openen

    Kan iemand mij helpen ??

    groet ina

    Logfile of Trend Micro HijackThis v2.0.5

    Scan saved at 17:21:13, on 25-6-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Unable to get Internet Explorer version!

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskhost.exe

    C:\Program Files\AVAST Software\Avast\avastui.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Users\Gebruiker\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

    O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files\PrintEco\PrintEco Office\adxloader.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll

    O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui

    O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab

    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\fshoster32.exe

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate (LiveUpdateSvc) - Unknown owner - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (file missing)

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

    End of file - 7311 bytes

  • Ben

    Hallo,

    Voer het volgende stappenplan uit: http://antivirus.startpagina.nl/prikbord/4625317/voer-dit-eerst-uit-voordat-je-de-logjes-plaatst-(aangepaste-versie-dd-25-03-2014)#msg-4625317

    Hierna kunnen we je verder helpen.

  • ina

    Malewarebytes heeft niks kunnen vinden en hier volgt ander log

    Groet Ina

    Logfile of random's system information tool 1.10 (written by random/random)

    Run by Gebruiker at 2014-06-25 17:51:15

    Microsoft Windows 7 Ultimate Service Pack 1

    System drive C: has 69 GB (24%) free of 293 GB

    Total RAM: 1791 MB (29% free)

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 17:51:29, on 25-6-2014

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Unable to get Internet Explorer version!

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskhost.exe

    C:\Program Files\AVAST Software\Avast\avastui.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Users\Gebruiker\Downloads\RSIT.exe

    C:\Program Files\trend micro\Gebruiker.exe

    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

    O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files\PrintEco\PrintEco Office\adxloader.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll

    O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui

    O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKUS\S-1-5-21-3453345529-432745293-659397266-1002\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-21-3453345529-432745293-659397266-1002\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)

    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab

    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\fshoster32.exe

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate (LiveUpdateSvc) - Unknown owner - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (file missing)

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

    End of file - 7632 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

    ======Registry dump======

    HistoryTriggerBHO Class - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

    Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

    Java™ Plug-In SSV Helper - C:\Program Files\Java\jre8\bin\ssv.dll

    avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll

    Office Document Cache Handler - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

    PrintEco - C:\Program Files\PrintEco\PrintEco Office\adxloader.dll

    Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre8\bin\jp2ssv.dll

    “AvastUI.exe”=C:\Program Files\AVAST Software\Avast\AvastUI.exe

    “Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

    C:\Program Files\Microsoft Office\Office14\BCSSync.exe

    C:\Program Files\Device Doctor Pro\DDProLauncher.exe

    C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe

    C:\Program Files\DivX\DivX Update\DivXUpdate.exe

    C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe

    C:\Program Files\Internetbeveiliging\fshoster32.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\PowerISO\PWRISOVM.EXE

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Users\Gebruiker\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe

    Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

    “{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

    “SecurityProviders”=credssp.dll

    “ConsentPromptBehaviorAdmin”=5

    “ConsentPromptBehaviorUser”=3

    “EnableUIADesktopToggle”=0

    “dontdisplaylastusername”=0

    “legalnoticecaption”=

    “legalnoticetext”=

    “shutdownwithoutlogon”=1

    “undockwithoutlogon”=1

    “EnableLinkedConnections”=1

    “EnableSecureUIAPath”=1

    “NoDriveTypeAutoRun”=221

    “NoResolveTrack”=1

    “NoResolveSearch”=1

    “NoInstrumentation”=1

    “NoDrives”=0

    “NoDrives”=0

    “vidc.mrle”=msrle32.dll

    “vidc.msvc”=msvidc32.dll

    “msacm.imaadpcm”=imaadp32.acm

    “msacm.msg711”=msg711.acm

    “msacm.msgsm610”=msgsm32.acm

    “msacm.msadpcm”=msadp32.acm

    “midimapper”=midimap.dll

    “wavemapper”=msacm32.drv

    “vidc.uyvy”=msyuv.dll

    “vidc.yuy2”=msyuv.dll

    “vidc.yvyu”=msyuv.dll

    “vidc.iyuv”=iyuv_32.dll

    “vidc.i420”=iyuv_32.dll

    “vidc.yvu9”=tsbyuv.dll

    “msacm.l3acm”=l3codecp.acm

    “vidc.cvid”=iccvid.dll

    “wave”=wdmaud.drv

    “midi”=wdmaud.drv

    “mixer”=wdmaud.drv

    “aux”=wdmaud.drv

    “msacm.siren”=sirenacm.dll

    “vidc.dvsd”=mcdvd_32.dll

    “vidc.DIVX”=DivX.dll

    “vidc.yv12”=DivX.dll

    “msacm.voxacm160”=vct3216.acm

    “msacm.scg726”=scg726.acm

    “msacm.alf2cd”=alf2cd.acm

    “msacm.ac3acm”=AC3ACM.acm

    “msacm.lame”=lame.ax

    “vidc.mpg4”=mpg4c32.dll

    “vidc.mp42”=mpg4c32.dll

    “vidc.mp43”=mpg4c32.dll

    “vidc.xvid”=xvidvfw.dll

    “vidc.VP60”=vp6vfw.dll

    “vidc.VP61”=vp6vfw.dll

    “vidc.VP62”=vp6vfw.dll

    “VIDC.LAGS”=lagarith.dll

    “VIDC.FFDS”=ff_vfw.dll

    ======File associations======

    .js - edit - C:\Windows\System32\Notepad.exe %1

    ======List of files/folders created in the last 1 month======

    2014-06-25 17:51:15 —-D—- C:\rsit

    2014-06-21 06:58:17 —-A—- C:\ComboFix.txt

    2014-06-21 06:56:54 —-SHD—- C:\$RECYCLE.BIN

    2014-06-21 06:27:25 —-A—- C:\Windows\zip.exe

    2014-06-21 06:27:25 —-A—- C:\Windows\SWSC.exe

    2014-06-21 06:27:25 —-A—- C:\Windows\SWREG.exe

    2014-06-21 06:27:25 —-A—- C:\Windows\sed.exe

    2014-06-21 06:27:25 —-A—- C:\Windows\PEV.exe

    2014-06-21 06:27:25 —-A—- C:\Windows\NIRCMD.exe

    2014-06-21 06:27:25 —-A—- C:\Windows\MBR.exe

    2014-06-21 06:27:25 —-A—- C:\Windows\grep.exe

    2014-06-21 06:27:12 —-D—- C:\Qoobox

    2014-06-13 04:56:44 —-A—- C:\Windows\system32\JavaScriptCollectionAgent.dll

    2014-06-13 04:56:43 —-A—- C:\Windows\system32\ieetwproxystub.dll

    2014-06-13 04:56:43 —-A—- C:\Windows\system32\ieetwcollector.exe

    2014-06-13 04:56:39 —-A—- C:\Windows\system32\MsSpellCheckingFacility.exe

    2014-06-13 04:56:36 —-A—- C:\Windows\system32\urlmon.dll

    2014-06-13 04:56:34 —-A—- C:\Windows\system32\jsproxy.dll

    2014-06-13 04:56:33 —-A—- C:\Windows\system32\ieUnatt.exe

    2014-06-13 04:56:31 —-A—- C:\Windows\system32\iernonce.dll

    2014-06-13 04:56:31 —-A—- C:\Windows\system32\dxtmsft.dll

    2014-06-13 04:56:30 —-A—- C:\Windows\system32\msfeeds.dll

    2014-06-13 04:56:28 —-A—- C:\Windows\system32\msrating.dll

    2014-06-13 04:56:27 —-A—- C:\Windows\system32\iesetup.dll

    2014-06-13 04:56:27 —-A—- C:\Windows\system32\ie4uinit.exe

    2014-06-13 04:56:25 —-A—- C:\Windows\system32\ieetwcollectorres.dll

    2014-06-13 04:56:24 —-A—- C:\Windows\system32\ieapfltr.dll

    2014-06-13 04:56:23 —-A—- C:\Windows\system32\wininet.dll

    2014-06-13 04:56:21 —-A—- C:\Windows\system32\ieui.dll

    2014-06-13 04:56:21 —-A—- C:\Windows\system32\dxtrans.dll

    2014-06-13 04:56:20 —-A—- C:\Windows\system32\ieframe.dll

    2014-06-13 04:56:19 —-A—- C:\Windows\system32\mshtmled.dll

    2014-06-13 04:56:18 —-A—- C:\Windows\system32\mshtmlmedia.dll

    2014-06-13 04:56:17 —-A—- C:\Windows\system32\iertutil.dll

    2014-06-13 04:56:15 —-A—- C:\Windows\system32\jscript9diag.dll

    2014-06-13 04:56:14 —-A—- C:\Windows\system32\mshtml.dll

    2014-06-13 04:56:13 —-A—- C:\Windows\system32\vbscript.dll

    2014-06-13 04:56:12 —-A—- C:\Windows\system32\jscript9.dll

    2014-06-13 04:55:59 —-A—- C:\Windows\system32\msxml6.dll

    2014-06-13 04:55:58 —-A—- C:\Windows\system32\msxml6r.dll

    2014-06-13 04:55:58 —-A—- C:\Windows\system32\msxml3r.dll

    2014-06-13 04:55:58 —-A—- C:\Windows\system32\msxml3.dll

    2014-06-13 04:55:34 —-A—- C:\Windows\system32\drivers\tcpip.sys

    2014-06-13 04:55:34 —-A—- C:\Windows\system32\drivers\FWPKCLNT.SYS

    2014-06-13 04:55:25 —-A—- C:\Windows\system32\usp10.dll

    2014-06-12 15:54:19 —-A—- C:\Windows\system32\RdpGroupPolicyExtension.dll

    2014-06-12 15:54:19 —-A—- C:\Windows\system32\rdpcorets.dll

    2014-06-08 12:57:23 —-D—- C:\Program Files\HitmanPro

    2014-06-08 12:07:00 —-D—- C:\ProgramData\HitmanPro

    ======List of files/folders modified in the last 1 month======

    2014-06-25 17:51:21 —-D—- C:\Program Files\Trend Micro

    2014-06-25 17:51:19 —-D—- C:\Windows\Temp

    2014-06-25 17:30:17 —-D—- C:\Windows

    2014-06-25 17:21:27 —-D—- C:\Windows\system32\config

    2014-06-25 17:04:49 —-D—- C:\Windows\inf

    2014-06-25 17:04:48 —-D—- C:\Windows\system32\drivers

    2014-06-25 17:03:51 —-D—- C:\ProgramData

    2014-06-25 05:25:46 —-SHD—- C:\System Volume Information

    2014-06-24 18:43:06 —-D—- C:\Users\Gebruiker\AppData\Roaming\QuickScan

    2014-06-24 07:10:56 —-D—- C:\Windows\System32

    2014-06-24 07:10:48 —-A—- C:\Windows\system32\FlashPlayerApp.exe

    2014-06-22 07:52:39 —-D—- C:\Config.Msi

    2014-06-21 17:56:32 —-SHD—- C:\Windows\Installer

    2014-06-21 17:54:55 —-RD—- C:\Program Files

    2014-06-21 17:32:10 —-D—- C:\Users\Gebruiker\AppData\Roaming\Vso

    2014-06-21 17:32:10 —-D—- C:\ProgramData\VSO

    2014-06-21 06:55:02 —-A—- C:\Windows\system.ini

    2014-06-21 06:45:02 —-D—- C:\Windows\AppPatch

    2014-06-21 06:44:58 —-D—- C:\Program Files\Common Files

    2014-06-13 17:52:38 —-D—- C:\Windows\rescache

    2014-06-13 14:42:37 —-D—- C:\Windows\winsxs

    2014-06-13 14:39:41 —-D—- C:\Windows\system32\en-US

    2014-06-13 14:39:31 —-D—- C:\Program Files\Internet Explorer

    2014-06-13 14:39:21 —-D—- C:\Windows\system32\DriverStore

    2014-06-13 14:39:12 —-D—- C:\Windows\system32\catroot2

    2014-06-13 05:18:47 —-D—- C:\Windows\debug

    2014-06-12 20:42:42 —-D—- C:\ProgramData\Microsoft Help

    2014-06-12 20:42:10 —-D—- C:\Windows\system32\MRT

    2014-06-12 20:39:08 —-A—- C:\Windows\system32\MRT.exe

    2014-06-12 15:54:05 —-D—- C:\Windows\system32\catroot

    2014-06-09 08:25:39 —-D—- C:\Program Files\Java

    2014-06-07 07:38:03 —-D—- C:\Program Files\CCleaner

    2014-06-05 20:30:46 —-A—- C:\Windows\system32\PerfStringBackup.INI

    2014-06-01 07:23:45 —-A—- C:\DelFix.txt

    2014-05-31 14:18:31 —-D—- C:\Program Files\Malwarebytes Anti-Malware

    2014-05-28 05:59:26 —-D—- C:\Windows\system32\drivers\etc

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys

    R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys

    R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys

    R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys

    R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys

    R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys

    R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys

    R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys

    R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys

    R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys

    R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys

    R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys

    R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys

    R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys

    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys

    R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys

    R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys

    R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys

    R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

    R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys

    R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys

    S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys

    S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys

    S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys

    S3 andnetadb;ADB Interface DriverNet; C:\Windows\System32\Drivers\lgandnetadb.sys

    S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag.sys

    S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem.sys

    S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter; C:\Windows\system32\DRIVERS\lgandnetndis.sys

    S3 AVFSFilter;AVFSFilter; C:\Windows\system32\drivers\AVFSFilter.sys

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys

    S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys

    S3 catchme;catchme; \??\C:\Users\GEBRUI~1\AppData\Local\Temp\catchme.sys

    S3 cleanhlp;cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys

    S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys

    S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys

    S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys

    S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys

    S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys

    S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys

    S3 Synth3dVsc;Synth3dVsc; C:\Windows\system32\drivers\Synth3dVsc.sys

    S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys

    S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys

    S3 VGPU;VGPU; C:\Windows\system32\drivers\VGPU.sys

    S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys

    S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys

    S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys

    S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    R2 Bonjour Service;Bonjour-service; C:\Program Files\Bonjour\mDNSResponder.exe

    R2 fshoster;F-Secure Dll Hoster; C:\Program Files\Internetbeveiliging\fshoster32.exe

    R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

    R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe

    R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    R2 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe

    R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe

    S2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe

    S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe

    S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe

    S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe

    S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe

    S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe

    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE

    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe

    S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe

    S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

    S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe

    S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

    S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

    S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

    S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe

    S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

    —————–EOF—————–

  • Ben

    Hallo,

    Ik zie dat je Combofix ook al heb gebruikt; 2014-06-21 06:58:17 —-A—- C:\ComboFix.txt

    Heb je nog meer programma's gebruikt?

    Plaats het ComboFix.txt logje in je volgende bericht.

  • ina

    ComboFix 14-06-19.01 - Gebruiker 25-06-2014 18:23:50.2.2 - x86

    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.1791.586

    Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2014-05-25 to 2014-06-25 ))))))))))))))))))))))))))))))

    .

    .

    2014-06-25 16:42 . 2014-06-25 16:42 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp

    2014-06-25 16:42 . 2014-06-25 16:42 ——– d—–w- c:\users\Public\AppData\Local\temp

    2014-06-25 16:42 . 2014-06-25 16:42 ——– d—–w- c:\users\Default\AppData\Local\temp

    2014-06-25 15:51 . 2014-06-25 15:51 ——– d—–w- C:\rsit

    2014-06-25 03:26 . 2014-06-05 10:54 8140904 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB0B9EF5-D6E0-4237-89B6-19897F2965D2}\mpengine.dll

    2014-06-13 02:55 . 2014-03-26 14:27 1389056 —-a-w- c:\windows\system32\msxml6.dll

    2014-06-13 02:55 . 2014-03-26 14:27 1237504 —-a-w- c:\windows\system32\msxml3.dll

    2014-06-13 02:55 . 2014-03-26 14:25 2048 —-a-w- c:\windows\system32\msxml6r.dll

    2014-06-13 02:55 . 2014-03-26 14:25 2048 —-a-w- c:\windows\system32\msxml3r.dll

    2014-06-13 02:55 . 2014-04-05 02:25 1294272 —-a-w- c:\windows\system32\drivers\tcpip.sys

    2014-06-13 02:55 . 2014-04-05 02:24 187840 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

    2014-06-13 02:55 . 2014-04-25 02:06 626688 —-a-w- c:\windows\system32\usp10.dll

    2014-06-12 13:54 . 2014-05-08 09:06 2742784 —-a-w- c:\windows\system32\rdpcorets.dll

    2014-06-12 13:54 . 2014-05-08 09:06 13824 —-a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

    2014-06-08 10:57 . 2014-06-08 10:57 ——– d—–w- c:\program files\HitmanPro

    2014-06-08 10:07 . 2014-06-08 10:21 ——– d—–w- c:\programdata\HitmanPro

    2014-05-28 03:59 . 2014-06-25 16:42 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-06-25 16:08 . 2014-05-17 05:29 110296 —-a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

    2014-06-24 05:10 . 2012-06-10 09:17 71344 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2014-06-24 05:10 . 2012-06-10 09:17 699056 —-a-w- c:\windows\system32\FlashPlayerApp.exe

    2014-05-25 10:41 . 2014-05-25 10:41 715038 —-a-w- c:\windows\unins000.exe

    2014-05-15 13:41 . 2013-06-06 19:22 411680 —-a-w- c:\windows\system32\drivers\aswsp.sys

    2014-05-15 13:41 . 2012-06-08 19:38 777488 —-a-w- c:\windows\system32\drivers\aswsnx.sys

    2014-05-15 13:41 . 2013-12-21 10:12 68312 —-a-w- c:\windows\system32\drivers\aswstm.sys

    2014-05-12 05:26 . 2014-05-17 05:28 51928 —-a-w- c:\windows\system32\drivers\mwac.sys

    2014-05-12 05:25 . 2014-05-17 05:28 74456 —-a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2014-05-12 05:25 . 2013-04-13 08:57 23256 —-a-w- c:\windows\system32\drivers\mbam.sys

    2014-05-09 07:06 . 2014-05-15 03:54 369664 —-a-w- c:\windows\system32\aepdu.dll

    2014-05-09 07:04 . 2014-05-15 03:54 302592 —-a-w- c:\windows\system32\aeinv.dll

    2014-04-26 04:15 . 2014-04-26 04:16 24184 —-a-w- c:\windows\system32\drivers\aswHwid.sys

    2014-04-26 04:15 . 2013-06-06 19:22 411552 —-a-w- c:\windows\system32\drivers\aswsp.sys.1400161263125

    2014-04-26 04:15 . 2013-06-06 19:22 81768 —-a-w- c:\windows\system32\drivers\aswRdr2.sys

    2014-04-26 04:15 . 2013-03-03 15:49 180632 —-a-w- c:\windows\system32\drivers\aswVmm.sys

    2014-04-26 04:15 . 2013-03-03 15:49 49944 —-a-w- c:\windows\system32\drivers\aswRvrt.sys

    2014-04-26 04:15 . 2012-06-08 19:38 776976 —-a-w- c:\windows\system32\drivers\aswsnx.sys.1400161263125

    2014-04-26 04:15 . 2012-06-08 19:38 67824 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2014-04-26 04:15 . 2014-04-26 04:15 43152 —-a-w- c:\windows\avastSS.scr

    2014-04-26 04:15 . 2012-06-08 19:37 271264 —-a-w- c:\windows\system32\aswBoot.exe

    2014-04-19 04:25 . 2014-01-16 17:19 96680 —-a-w- c:\windows\system32\WindowsAccessBridge.dll

    2014-04-15 00:34 . 2014-04-15 00:34 1070232 —-a-w- c:\windows\system32\MSCOMCTL.OCX

    2014-04-12 02:15 . 2014-05-15 03:53 136640 —-a-w- c:\windows\system32\drivers\ksecpkg.sys

    2014-04-12 02:15 . 2014-05-15 03:53 67520 —-a-w- c:\windows\system32\drivers\ksecdd.sys

    2014-04-12 02:12 . 2014-05-15 03:53 100352 —-a-w- c:\windows\system32\sspicli.dll

    2014-04-12 02:12 . 2014-05-15 03:53 15872 —-a-w- c:\windows\system32\sspisrv.dll

    2014-04-12 02:12 . 2014-05-15 03:53 22016 —-a-w- c:\windows\system32\secur32.dll

    2014-04-12 02:11 . 2014-05-15 03:53 1059840 —-a-w- c:\windows\system32\lsasrv.dll

    2014-04-12 02:11 . 2014-05-15 03:53 22528 —-a-w- c:\windows\system32\lsass.exe

    2014-03-31 07:35 . 2012-06-08 20:55 231584 ——w- c:\windows\system32\MpSigStub.exe

    2012-05-04 07:04 . 2012-05-04 07:04 2174976 —-a-w- c:\program files\Common Files\atimpenc.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    2014-03-17 13:15 526624 —-a-w- c:\program files\PrintEco\PrintEco Office\adxloader.dll

    .

    @=“{472083B0-C522-11CF-8763-00608CC02F24}”

    2014-04-26 04:15 260976 —-a-w- c:\program files\AVAST Software\Avast\ashShell.dll

    .

    @=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}”

    2014-06-05 15:46 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    @=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}”

    .

    @=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}”

    2014-06-05 15:46 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    @=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}”

    .

    @=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}”

    2014-06-05 15:46 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    @=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}”

    2014-06-05 15:46 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    @=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}”

    2014-06-05 15:46 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    @=“{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}”

    2014-06-05 15:46 579400 —-a-w- c:\program files\Google\Drive\googledrivesync32.dll

    .

    “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe”

    .

    “AvastUI.exe”=“c:\program files\AVAST Software\Avast\AvastUI.exe”

    .

    “ConsentPromptBehaviorAdmin”= 5 (0x5)

    “ConsentPromptBehaviorUser”= 3 (0x3)

    “EnableUIADesktopToggle”= 0 (0x0)

    “EnableLinkedConnections”= 1 (0x1)

    “EnableSecureUIAPath”= 1 (0x1)

    .

    “NoResolveTrack”= 1 (0x1)

    .

    “aux”=wdmaud.drv

    .

    BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete

    .

    @=“”

    .

    @=“”

    .

    @=“”

    .

    @=“”

    .

    path=c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk

    backup=c:\windows\pss\DesktopEarth AutoStart.lnk.Startup

    backupExtension=.Startup

    .

    backup=c:\windows\pss\OpenOffice.org 3.3 .lnk.Startup

    backupExtension=.Startup

    .

    2013-11-21 16:57 959904 —-a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    .

    2012-05-30 18:06 59280 —-a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

    .

    2012-11-05 14:27 89184 —-a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

    .

    2013-11-26 11:59 133744 —-a-w- c:\program files\Device Doctor Pro\DDProLauncher.exe

    .

    2012-11-13 18:13 450560 —-a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe

    .

    2012-11-30 02:06 1263512 —-a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    .

    2014-05-17 17:27 8476536 —-a-w- c:\program files\Innovative Solutions\DriverMax\drivermax.exe

    .

    2012-11-26 11:49 183864 —-a-w- c:\program files\Internetbeveiliging\fshoster32.exe

    .

    2012-06-07 17:33 421776 —-a-w- c:\program files\iTunes\iTunesHelper.exe

    .

    2013-07-22 02:19 337432 —-a-w- c:\program files\PowerISO\PWRISOVM.EXE

    .

    2014-03-17 23:48 224128 —-a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    .

    “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”

    “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”

    .

    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys

    R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe

    R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys

    R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys

    R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys

    R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys

    R3 AVFSFilter;AVFSFilter;

    R3 c2wts;Claims voor Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe

    R3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys

    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys

    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys

    R3 Synth3dVsc;Synth3dVsc;

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

    R3 tsusbhub;tsusbhub;

    R3 VGPU;VGPU;

    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe

    S0 aswRvrt;avast! Revert;

    S0 aswVmm;avast! VM Monitor;

    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys

    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys

    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys

    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys

    S2 fshoster;F-Secure Dll Hoster;c:\program files\Internetbeveiliging\fshoster32.exe

    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe

    S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe

    S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe

    S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys

    S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys

    S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys

    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys

    .

    .

    — Andere Services/Drivers In Geheugen —

    .

    *NewlyCreated* - MBAMSWISSARMY

    .

    HPService REG_MULTI_SZ HPSLPSVC

    .

    2014-06-13 02:50 1091912 —-a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe

    .

    Inhoud van de ‘Gedeelde Taken’ map

    .

    2014-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    .

    2014-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe

    .

    2014-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe

    .

    .

    ——- Bijkomende Scan ——-

    .

    uStart Page = about:blank

    mStart Page = about:blank

    uInternet Settings,ProxyOverride = *.local

    TCP: DhcpNameServer = 212.54.44.54 212.54.40.25

    .

    .

    “ImagePath”=“\”c:\program files\Internetbeveiliging\fshoster32.exe\“ -hosterid:0”

    .

    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    .

    @Denied: (2) (LocalSystem)

    “{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}”=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,

    8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12

    “{18DF081C-E8AD-4283-A596-FA578C2EBDC3}”=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

    “{72853161-30C5-4D22-B7F9-0BBC1D38A37E}”=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

    “{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

    “{9030D464-4C02-4ABF-8ECC-5164760863C6}”=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

    “{9FDDE16B-836F-4806-AB1F-1455CBEFF289}”=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

    9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

    “{B4F3A835-0E21-4959-BA22-42B3008E02FF}”=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

    “{DBC80044-A445-435B-BC74-9C25C1C588A9}”=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

    “{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}”=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

    “{03EB0E9C-7A91-4381-A220-9B52B641CDB1}”=hex:51,66,7a,6c,4c,1d,38,12,f2,0d,f8,

    07,a3,34,ef,06,dd,36,d8,12,b3,1f,89,a5

    .

    @Denied: (2) (LocalSystem)

    “Timestamp”=hex:00,bc,03,59,ce,43,ce,01

    .

    @Denied: (2) (LocalSystem)

    “88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,e8,26,29,b8,38,52,40,81,8a,26,\

    “2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,e8,26,29,b8,38,52,40,81,8a,26,\

    “027C9CB72E593A8F02C55092F385DBAC99DF56D067”=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,d9,22,7c,db,a4,ec,4c,9f,4a,f8,\

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“FotoManager10Deluxe.8.alb”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.HTM”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.HTM”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.MHT”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.MHT”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.PARTIAL”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.SVG”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.URL”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.WEBSITE”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.XHT”

    .

    @Denied: (2) (LocalSystem)

    “Progid”=“IE.AssocFile.XHT”

    .

    @Class=“Shell”

    “a”=“AcroRd32.exe”

    “MRUList”=“a”

    .

    “bat”_auto_file”=hex(0):

    .

    @Denied: (A 2) (Everyone)

    @=“FlashBroker”

    “LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_139_ActiveX.exe,-101”

    .

    “Enabled”=dword:00000001

    .

    @=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_139_ActiveX.exe”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    .

    @Denied: (A 2) (Everyone)

    @=“FlashBroker”

    “LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe,-101”

    .

    “Enabled”=dword:00000001

    .

    @=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_75_ActiveX.exe”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    .

    @Denied: (A 2) (Everyone)

    @=“IFlashBroker6”

    .

    @=“{00020424-0000-0000-C000-000000000046}”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    “Version”=“1.0”

    .

    @Denied: (A 2) (Everyone)

    @=“IFlashBroker5”

    .

    @=“{00020424-0000-0000-C000-000000000046}”

    .

    @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    “Version”=“1.0”

    .

    @Denied: ) (Everyone)

    “AgentIdentifier”=“”

    “AuthorizationCode”=“”

    .

    “OODEFRAG16.00.00.01PROFESSIONAL”=“B33C77061DD235665BDEF252C073A1BBD39E753B098E8268C35A799335B890C9ECA5A5BCA6B64B793B2EA78EB18264905BE726097F222FCDE991BCD683D52D79A97F8DA77B0C9EA7CEC2DDD0012A3043DA16C23F30A6AAE9861DE343556FBD973BF7C59E33A5D3A4A121AC6A53257B93B4A08550E6D7DA29730BE98640E6395D17CEABAA4D2C9295E05DF266AC7FBE33EF126E605349AA6BB1F88F82BBF31CF7D45B5F8DA81B0895DD23D08179997949B78ABC4A88E00A83639DD7CEA52166093385C3BA0D41643110302CA906FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CFEBC9E127BECC74C41649405FE7F0AFB0E8886169D9CEE2291DF309A5EF50C672546B6F89857FDF2EA16D7124DE4F007C2B8B005C631481495523F118A7411D7EAF4C97B95C548945668020AF46B6FD0AA7F08119A376E2B8202B2889CF9CB3A9D9EAFBC267C2D8207736B83D410B0F60CA65488502E8A8D8408DEA940A603DCED4C68DE8ADB30D3D353E236639393FB04784F5D3156F9C51D0189BDB55A30F3628EE8A596858707E527A8002BF92DC3824726A69A34CB42218F6E354E3D0017D37718F6B3E11D7A3E91F0E0488B44974BE67C9C8092C556B8D9BC2272B7D4BFF01D52E05C1D90F32E3CE5FEEBD2D4A5F431671F687D5EB6628897BA1F7943CF3B9AE7132224B39A5CD1A3225B230D806D01702DECC5447E6C48955BE0749689090E9CE0282B0DFAC3813C38708DD11B72B896EFBB02582D7D4DC1825BDDCA14821A284129A9D686B48034D0176CBAD019BC4B2F98892C230ECB9B52C7B0927BA7E6B7526EDA8092CF8584A1D2DA91DD4874F4D8D7FA8BA86AFC9492EE2A52AE489D6AD25ABCAB540D4B9A83B638D764BBCC6C00E436F167349F162D33CD24810BECD3266092306AB612D5736D2A4069843881D9BDE10E6C5E747A320560D4ABE908FB5509E596546C9F0D12B398B2D505A876C07566C6AC33C110D46CECE6473326E00A6F7F9FF6A0B78924DB2F4A78F51A7EB13070B3FCCED199E984C08FD386807018C66EBB1C19A80714C95E56816206C64F2A71A1182370CE6DFD6F38375BD510EFCF0793ECF0C1376C76D95B07A96E6B5F319F119CF3EFDA009A4E7E357B6B17AA655F7FFC18D63E60701A100202587ECB28F1B58CD9A65C613277347C8483D004F2540F3E50BE3742D85CDFCF704C872384A8784EC16E667B30495E99E7EC7EDB7783850B31D4AC8D649EE932D1D5FE95D042772CED2480561465B6826B74D3370AD0571E24F9215DDCA5834E560754F92A04015570A925A3EFB22B0D2AEB783C50E23299E9910AF39EFAB2AE8173674B44789B5B346543B4ECDA5C748F2B88B808A471019382CD”

    .

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    .

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    .

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    “BlindDial”=dword:00000000

    .

    @Denied: (Full) (Everyone)

    .

    Voltooingstijd: 2014-06-25 18:45:56

    ComboFix-quarantined-files.txt 2014-06-25 16:45

    ComboFix2.txt 2014-06-21 04:58

    .

    Pre-Run: 72.207.646.720 bytes beschikbaar

    Post-Run: 71.842.500.608 bytes beschikbaar

    .

    - - End Of File - - BC492337E887F574C8DD0226C745BEAC

    A36C5E4F47E84449FF07ED3517B43A31

  • Ben

    Hallo,

    Ik had niet gevraagd voer Combofix nogmaals uit toch?

    Ik wil graag het logje zien wat er is gemaakt op 2014-06-21 om 04:58

    Op C: te vinden met deze naam: ComboFix2.txt 2014-06-21 04:58

  • ina

    Heb ik niet meer Ben

  • Ben

    Hallo,'

    Raar want Combo geeft het wel aan:

    Voltooingstijd: 2014-06-25 18:45:56

    ComboFix-quarantined-files.txt 2014-06-25 16:45

    ComboFix2.txt 2014-06-21 04:58

    Schakel eerst de Antivirussoftware uit voordat je zoek.exe download.

    Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

    Download Zoek.exe naar het bureaublad.

    * Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.

    Zoek.exe uitvoeren

    Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.

    * Dubbelklik vervolgens op Zoek.exe om de tool te starten.

    * Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    * Kopieer nu onderstaande vet gedrukte code en plak die in het grote invulvenster:

    * Note: Dit script is speciaal bedoeld voor deze computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.

    firefoxlook;

    torpigcheck;

    emptyfolderscheck;delete

    chromelook;

    standardsearch;

    filesrcm;

    autoclean;

    startupall;

    * Klik nu op de knop "Run script".

    * Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    * Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    * Post het geopende logje in het volgende bericht.

  • ina

    Zoek.exe v5.0.0.0 Updated 22-06-2014

    Tool run by Gebruiker on wo 25-06-2014 at 19:06:16,99.

    Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\Gebruiker\Downloads\zoek.exe

    ==== System Restore Info ======================

    25-6-2014 19:07:50 Zoek.exe System Restore Point Created Succesfully.

    ==== Torpig Check ======================

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll

    ==== Empty Folders Check ======================

    C:\Program Files\Malwarebytes' Anti-Malware deleted successfully

    C:\PROGRA~2\Oracle deleted successfully

    C:\Users\Gebruiker\AppData\Roaming\Malwarebytes deleted successfully

    C:\Users\Gebruiker\AppData\Roaming\SupTab deleted successfully

    ==== Deleting CLSID Registry Keys ======================

    ==== Deleting CLSID Registry Values ======================

    ==== Running Processes ======================

    C:\Windows\System32\smss.exe

    C:\Windows\system32\csrss.exe

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\csrss.exe

    C:\Windows\system32\services.exe

    C:\Windows\system32\lsass.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\winlogon.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\Dwm.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Internetbeveiliging\fshoster32.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

    C:\Program Files\OO Software\Defrag\oodag.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\System32\WUDFHost.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\AVAST Software\Avast\avastui.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

    C:\Windows\Explorer.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Program Files\Google\Chrome\Application\chrome.exe

    C:\Users\Gebruiker\Downloads\zoek.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    ==== Deleting Services ======================

    ==== Deleting Files \ Folders ======================

    C:\Users\Gebruiker\AppData\Roaming\sweet-page deleted

    C:\Users\Gebruiker\Searches deleted

    ==== System Specs ======================

    Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601)

    Memory (RAM): 1792 MB

    CPU Info: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz

    CPU Speed: 2016,8 MHz

    Sound Card: Luidsprekers (High Definition A |

    Digitale audio (S/PDIF) (High D |

    Display Adapters: NVIDIA GeForce 7050 / NVIDIA nForce 610i | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

    Monitors: 1x; Algemeen PnP-beeldscherm |

    Screen Resolution: 1440 X 900 - 32 bit

    Network: Network Present

    Network Adapters: Realtek PCI GBE Family Controller | Realtek PCIe FE Family Controller

    CD / DVD Drives: 2x (D: | I: | ) D: Optiarc DVD RW AD-7200S | I:

    Ports: COM4 | COM3 LPT Port NOT Present.

    Mouse: 3 Button Wheel Mouse Present

    Hard Disks: C: 286,1GB

    Hard Disks - Free: C: 66,7GB

    Manufacturer *: American Megatrends Inc.

    BIOS Info: AT/AT COMPATIBLE | 04/08/08 | ACRSYS - 20080408

    Time Zone: West-Europa (standaardtijd)

    Motherboard *: Packard Bell BV MCP73VT-PM

    Country: Nederland

    Language: NLD

    ==== System Specs (Software) ======================

    Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)

    Anti-Spyware: Windows Defender disabled (Outdated)

    Anti-Spyware: avast! Antivirus disabled (Outdated)

    Firewall: avast! Antivirus disabled

    Internet Explorer Version: 11.0.9600.17126

    Google Chrome version: 35.0.1916.153

    Adobe Reader version: 11.0.07.79

    Sun Java version: 1.8.0_05 (32-bit)

    Flash Player version: 14.0.0.139

    ==== Files Recently Created / Modified ======================

    ====== C:\Windows ====

    2014-06-21 04:27:25 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe

    2014-06-21 04:27:25 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe

    2014-06-21 04:27:25 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe

    2014-06-21 04:27:25 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe

    2014-06-21 04:27:25 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe

    ====== C:\Users\GEBRUI~1\AppData\Local\Temp ====

    ====== Java Cache =====

    ====== C:\Windows\system32 =====

    2014-06-13 02:56:44 C1F5812F355D0C9495C1B2E7165DA2AF 32256 —-a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

    2014-06-13 02:56:43 BB9BADED14F0963498855AC28446CED5 51200 —-a-w- C:\Windows\System32\ieetwproxystub.dll

    2014-06-13 02:56:43 4B11BEE509E336D6731EADFB36D87FD8 108032 —-a-w- C:\Windows\System32\ieetwcollector.exe

    2014-06-13 02:56:39 1A2D2E3CB745FF7F3F7B50E04D775CFA 646144 —-a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

    2014-06-13 02:56:36 0AFCE8EEF3751810FE2101FD608FB8B3 1143296 —-a-w- C:\Windows\System32\urlmon.dll

    2014-06-13 02:56:34 E0EA58834CD19FDFCD1BC37B22E1D3D8 43008 —-a-w- C:\Windows\System32\jsproxy.dll

    2014-06-13 02:56:33 CC0077F9C7ACD7E97707DFC763A4EA99 112128 —-a-w- C:\Windows\System32\ieUnatt.exe

    2014-06-13 02:56:31 D36574C287D0764C95AC777DFF367715 32768 —-a-w- C:\Windows\System32\iernonce.dll

    2014-06-13 02:56:31 017B99D09904DCA35D5F66AD79084B5F 368128 —-a-w- C:\Windows\System32\dxtmsft.dll

    2014-06-13 02:56:30 8DF06ACA017949D37C38B6A0EF747D4E 526336 —-a-w- C:\Windows\System32\msfeeds.dll

    2014-06-13 02:56:30 4D3074AA172DCFD5D56BE764B671085A 2724864 —-a-w- C:\Windows\System32\mshtml.tlb

    2014-06-13 02:56:28 EB960643DC62832C88272573204B6DBA 164864 —-a-w- C:\Windows\System32\msrating.dll

    2014-06-13 02:56:28 C69FDD49AB9E8BCF2BAAC469CE0CC756 1964544 —-a-w- C:\Windows\System32\inetcpl.cpl

    2014-06-13 02:56:27 D9F5B424C307B195E16A9B0A21E53BCC 61952 —-a-w- C:\Windows\System32\iesetup.dll

    2014-06-13 02:56:27 7D7B0656DDD7D530865F92A4B458E464 595968 —-a-w- C:\Windows\System32\ie4uinit.exe

    2014-06-13 02:56:25 EBF27F9F8522D255DD68A60ED65B7595 4096 —-a-w- C:\Windows\System32\ieetwcollectorres.dll

    2014-06-13 02:56:24 22D7FFA4B94916F18EB1F1D107B86839 704512 —-a-w- C:\Windows\System32\ieapfltr.dll

    2014-06-13 02:56:23 771CDBC3D62437D6DB070820BB1EDCCF 1790976 —-a-w- C:\Windows\System32\wininet.dll

    2014-06-13 02:56:21 814E0D53EF020BD93097F26B53B573F0 440832 —-a-w- C:\Windows\System32\ieui.dll

    2014-06-13 02:56:21 5B5815477A53ED92B89955FFE7EDCB2E 242688 —-a-w- C:\Windows\System32\dxtrans.dll

    2014-06-13 02:56:20 688227D38A6FF6403B293D0C50B454B9 11725312 —-a-w- C:\Windows\System32\ieframe.dll

    2014-06-13 02:56:19 7E27FB6AB8976897A530FB30F5FF7691 69632 —-a-w- C:\Windows\System32\mshtmled.dll

    2014-06-13 02:56:18 0AC4E3C93D49E37D5B008ED99092115C 1068032 —-a-w- C:\Windows\System32\mshtmlmedia.dll

    2014-06-13 02:56:17 9EAAB4305536829D6B7D9C3A47E92861 2179072 —-a-w- C:\Windows\System32\iertutil.dll

    2014-06-13 02:56:15 6D8E6A9A524FFAAFA4D2F6C8EF38D0BB 592896 —-a-w- C:\Windows\System32\jscript9diag.dll

    2014-06-13 02:56:14 D5ECBB3BFDC73A59440D9CA79AB3A342 17271296 —-a-w- C:\Windows\System32\mshtml.dll

    2014-06-13 02:56:13 09771ABC896D2A88370F3AB8BADC242E 455168 —-a-w- C:\Windows\System32\vbscript.dll

    2014-06-13 02:56:12 C58E97EEB1CB80CE91D5E7FD5E78794F 4244992 —-a-w- C:\Windows\System32\jscript9.dll

    2014-06-13 02:55:59 E227B810296AA27E6C69307A7B6456E5 1389056 —-a-w- C:\Windows\System32\msxml6.dll

    2014-06-13 02:55:58 8B8D1CEF498678CAB9DF17145D34BC64 1237504 —-a-w- C:\Windows\System32\msxml3.dll

    2014-06-13 02:55:58 2E673E776136354ECFB57BFD62E7EC3D 2048 —-a-w- C:\Windows\System32\msxml6r.dll

    2014-06-13 02:55:58 0789F82BAE171323F74B8F175D406AB8 2048 —-a-w- C:\Windows\System32\msxml3r.dll

    2014-06-13 02:55:25 A5F833506BF6A1B5D693E1499DEE2444 626688 —-a-w- C:\Windows\System32\usp10.dll

    2014-06-12 13:54:19 F70CE04DD355A61DB6FE1B19540CF2F5 13824 —-a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll

    2014-06-12 13:54:19 82759B6A07AD0A9A467E4136DCC5DA2D 2742784 —-a-w- C:\Windows\System32\rdpcorets.dll

    ====== C:\Windows\system32\drivers =====

    2014-06-13 02:55:34 DEE7EDA5AAA96C4C68A1F098F5145799 187840 —-a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

    2014-06-13 02:55:34 5579DD18546999F5D0EC39D018726C6B 1294272 —-a-w- C:\Windows\System32\drivers\tcpip.sys

    ====== C:\Windows\Tasks ======

    ====== C:\Windows\Temp ======

    ======= C:\Program Files =====

    2014-06-08 10:57:23 ——– d—–w- C:\Program Files\HitmanPro

    ======= C: =====

    ====== C:\Users\Gebruiker\AppData\Roaming ======

    2014-06-25 16:46:00 ——– d—–w- C:\Users\UpdatusUser\AppData\Local\temp

    2014-06-25 16:46:00 ——– d—–w- C:\Users\Public\AppData\Local\temp

    2014-06-25 16:46:00 ——– d—–w- C:\Users\Default\AppData\Local\temp

    2014-06-25 16:46:00 ——– d—–w- C:\Users\Default User\AppData\Local\temp

    2014-05-28 03:59:24 ——– d—–w- C:\Users\Gebruiker\AppData\Local\temp

    ====== C:\Users\Gebruiker ======

    2014-06-25 15:50:45 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 —-a-w- C:\Users\Gebruiker\Downloads\RSIT.exe

    2014-06-19 18:35:49 CCB4DB338094E718F21081DAD0047629 27260 —-a-w- C:\Users\Gebruiker\corendon.pdf

    2014-06-08 10:07:00 ——– d—–w- C:\ProgramData\HitmanPro

    ====== C: exe-files ==

    2014-06-25 15:50:45 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 —-a-w- C:\Users\Gebruiker\Downloads\RSIT.exe

    2014-06-21 15:51:29 AC6998D92A311E7CF0B4DAEC3566F444 51080 —-atw- C:\Program Files\Google\Update\1.3.24.15\GoogleUpdateBroker.exe

    2014-06-21 15:51:29 956672375AF066D958E4D07F5ABAFC1A 51080 —-atw- C:\Program Files\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe

    2014-06-21 15:51:26 901AC7A94B75648F4084A37640473271 895120 —-a-w- C:\Program Files\Google\Update\1.3.24.15\GoogleUpdateSetup.exe

    2014-06-21 15:51:13 80E350E0AA963B2125896B13E60A4D68 114568 —-atw- C:\Program Files\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe

    2014-06-21 15:51:12 AA0E4F73727BFC8BA404884B1C1DB719 285064 —-atw- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

    2014-06-21 15:51:12 397D14958D6C9C2B365469A857B2AC4E 230792 —-atw- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

    2014-06-21 15:50:59 506708142BC63DABA64F2D3AD1DCD5BF 116648 —-atw- C:\Program Files\Google\Update\1.3.24.15\GoogleUpdate.exe

    2014-06-21 15:50:42 901AC7A94B75648F4084A37640473271 895120 —-a-w- C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.15\GoogleUpdateSetup.exe

    2014-06-21 04:27:25 F042EE4C8D66248D9B86DCF52ABAE416 256000 —-a-w- C:\Windows\PEV.exe

    2014-06-21 04:27:25 9E05A9C264C8A908A8E79450FCBFF047 80412 —-a-w- C:\Windows\grep.exe

    2014-06-21 04:27:25 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 —-a-w- C:\Windows\zip.exe

    2014-06-21 04:27:25 0297C72529807322B152F517FDB0A9FC 406528 —-a-w- C:\Windows\SWSC.exe

    2014-06-21 04:27:25 0277C027A26428DB64EF4F64F52BB4FD 208896 —-a-w- C:\Windows\MBR.exe

    === C: other files ==

    ==== Startup Registry Enabled ======================

    “Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”

    “Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”

    “mctadmin”=“C:\Windows\System32\mctadmin.exe”

    “AvastUI.exe”=“C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui”

    “Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe /autoRun”

    ==== Startup Registry Disabled ======================

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“Adobe ARM”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“APSDaemon”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\“”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“BCSSync”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\“ /DelayServices”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“Device Doctor Pro”

    “hkey”=“HKCU”

    “command”=“C:\\Program Files\\Device Doctor Pro\\DDProLauncher.exe”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“DivXMediaServer”

    “hkey”=“HKLM”

    “command”=“C:\\Program Files\\DivX\\DivX Media Server\\DivXMediaServer.exe”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“DivXUpdate”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\“ /CHECKNOW”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“DriverMax”

    “hkey”=“HKCU”

    “command”=“\”C:\\Program Files\\Innovative Solutions\\DriverMax\\drivermax.exe\“ -agent”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“F-Secure Hoster (45123)”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\Internetbeveiliging\\fshoster32.exe\“ -app -hosterid:1”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“iTunesHelper”

    “hkey”=“HKLM”

    “command”=“\”C:\\Program Files\\iTunes\\iTunesHelper.exe\“”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “item”=“PWRISOVM.EXE”

    “hkey”=“HKLM”

    “command”=“C:\\Program Files\\PowerISO\\PWRISOVM.EXE -startup”

    “command”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”

    “hkey”=“HKLM”

    “item”=“SunJavaUpdateSched”

    “key”=“SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run”

    “path”=“C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\DesktopEarth AutoStart.lnk”

    “backup”=“C:\\Windows\\pss\\DesktopEarth AutoStart.lnk.Startup”

    “backupExtension”=“.Startup”

    “command”=“C:\\Users\\Gebruiker\\AppData\\Roaming\\Microsoft\\Installer\\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\\_C1A9BF9D98647632ED5172.exe ”

    “item”=“DesktopEarth AutoStart”

    “backup”=“C:\\Windows\\pss\\OpenOffice.org 3.3 .lnk.Startup”

    “backupExtension”=“.Startup”

    “item”=“OpenOffice.org 3.3 ”

    “Adobe ARM”=“\”C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\“”

    “SunJavaUpdateSched”=“\”C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\“”

    ==== Task Scheduler Jobs ======================

    C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe

    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files\Google\Update\GoogleUpdate.exe

    ==== Other Scheduled Tasks ======================

    “C:\Windows\system32\tasks\Adobe Flash Player Updater”

    “C:\Windows\system32\tasks\Adobe online update program”

    “C:\Windows\system32\tasks\CCleanerSkipUAC”

    “C:\Windows\system32\tasks\CreateChoiceProcessTask”

    “C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore”

    “C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA”

    “C:\Windows\system32\tasks\Java Update Scheduler”

    “C:\Windows\system32\tasks\{71D38923-DE99-49BA-918E-D5166CD26548}”

    “C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate”

    “C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask”

    ==== Folders in C:\PROGRA~2 0-6 Months Old ======================

    2014-03-06 16:04:36 ——– d—–w- C:\PROGRA~2\.mono

    2014-06-08 10:07:00 ——– d—–w- C:\PROGRA~2\HitmanPro

    ==== Firefox Extensions Registry ======================

    “firefox@printecosoftware.com”=“C:\Program Files\PrintEco\PrintEco Office\firefox@printecosoftware.com.xpi”

    ==== Chrome Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

    nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx

    Google Docs - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

    Google Drive - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

    YouTube - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

    Google Search - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

    Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

    Bitdefender QuickScan - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie

    Gmail - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

    ==== Set IE to Default ======================

    Old Values:

    “DefaultScope”=“{33BB0A4E-99AF-4226-BDF6-49120163DE86}”

    not found

    New Values:

    “Start Page”=“http://go.microsoft.com/fwlink/?LinkId=69157”

    “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url=“http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC”

    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd deleted successfully

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Device Doctor Pro_is1 deleted successfully

    ==== HijackThis Entries ======================

    O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL

    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL

    O2 - BHO: PrintEco - {BEB54677-E12F-44E7-AC7E-48241B866B5F} - C:\Program Files\PrintEco\PrintEco Office\adxloader.dll

    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll

    O4 - HKLM\..\Run: “C:\Program Files\AVAST Software\Avast\AvastUI.exe” /nogui

    O4 - HKCU\..\Run: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKUS\S-1-5-21-3453345529-432745293-659397266-1002\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)

    O4 - HKUS\S-1-5-21-3453345529-432745293-659397266-1002\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)

    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra ‘Tools’ menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: Accelerated graphics

    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - http://quickscan.bitdefender.com/qsax/qsax.cab

    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\fshoster32.exe

    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LiveUpdate (LiveUpdateSvc) - Unknown owner - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (file missing)

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe

    ==== Empty IE Cache ======================

    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    No FireFox Profiles found

    ==== Empty Chrome Cache ======================

    C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=31 folders=4 2175713 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Default\AppData\Local\temp emptied successfully

    C:\Users\Default User\AppData\Local\temp emptied successfully

    C:\Users\Gebruiker\AppData\Local\temp will be emptied at reboot

    C:\Users\Public\AppData\Local\temp emptied successfully

    C:\Users\UpdatusUser\AppData\Local\temp emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied

    C:\Users\GEBRUI~1\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on wo 25-06-2014 at 19:34:53,37 ======================

  • Ben

    Hallo,

    Hoe gaat het nu, en als het niet beter gaat met welke browser heb je problemen?

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.