Ga naar inhoud

Iets of iemand wilt de zoek instellingen wijzigen.

Nederbelg
 Delen

Aanbevolen berichten

Nederbelg Meewerkend lid

Nederbelg

Geplaatst:
Geplaatst:

Beste,

Ik krijg sinds enkele dagen,

steeds als ik mijn Google Chrome opstart, geeft de browser als melding:

"Iets of iemand heeft geprobeert om uw zoek instellingen te wijzen"

(Maar er staat niet bij, welk programma dit wilt wijzigen)

Mijn pc beveiligingen zien niets vreemd aan de computer.

Ik gebruik als beveiliging Avira Internet Security, MalwareBytes pro, Hitman Pro & Heb ook nog de Winpatrol ProLog (deze waarschuwt & vraagt toestemming als iets probeert op te starten of wat aan de pc wilt wijzen)

Ik kan zelf niets ontdekken wat of waarom iets de zoekmachine wilt wijzigen.

Ik sluit hierbij, alvast het Hijack this Rapport.

Als u deze wilt nakijken, ofdat u iets verdachts ziet.

file of Trend Micro HijackThis v2.0.4

Scan saved at 16:47:23, on 27/02/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\IObit\Advanced SystemCare 5\PMonitor.exe

C:\Program Files (x86)\CleanMem\mini_monitor.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe

C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\DelayLoad.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KiesTrayAgent] C:\PROGRAM FILES (X86)\Samsung\Kies\KIESTRAYAGENT.EXE

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent

O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART

O4 - Global Startup: Secunia PSI Tray.lnk = ?

O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O18 - Protocol: skype-ie-addon-data - (no CLSID) - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VideoAcceleratorService - Unknown owner - (no file)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 12604 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - Global Startup: Secunia PSI Tray.lnk = ?

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O18 - Protocol: skype-ie-addon-data - (no CLSID) - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Link naar reactie
Delen op andere sites
Nederbelg Meewerkend lid

Nederbelg

Geplaatst:
  • Auteur
Geplaatst:

Hier volgt het logje van HijackThis;

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:41:46, on 27/02/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\IObit\Advanced SystemCare 5\PMonitor.exe

C:\Program Files (x86)\CleanMem\mini_monitor.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Paul Bastings\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KiesTrayAgent] C:\PROGRAM FILES (X86)\Samsung\Kies\KIESTRAYAGENT.EXE

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent

O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART

O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O18 - Protocol: skype-ie-addon-data - (no CLSID) - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VideoAcceleratorService - Unknown owner - (no file)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--

End of file - 11770 bytes

Logje MalwareBytes Pro:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2012.02.27.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul Bastings :: PAULBASTINGS-PC [administrator]

Realtime bescherming: Ingeschakeld

27/02/2012 18:30:14

mbam-log-2012-02-27 (18-30-14).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 218165

Verstreken tijd: 7 minuut/minuten, 35 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Heb Hitman Pro laten scannen & deze vindt 2 Hotbars.

Moet nu de computer opnieuw opstarten voor de verwijdering.

Post zometeen het logje van Hitman Pro

Link naar reactie
Delen op andere sites
Nederbelg Meewerkend lid

Nederbelg

Geplaatst:
  • Auteur
Geplaatst:

Blijkbaar heeft de Hitman pro het opgelost,

want de Google Chrome geeft geen melding meer dat iemand probeert zijn zoekinstellingen te wijzigen.

De Hitman pro heeft dus 2 zogenaamde hotbars verwijdert.

Hitman Pro log;

4EB6D578499B1CCF5F581EAD56BE3D9B6744A.... MA 27 FEB 2012 18:55 DELETED

hklm\software\wow6432node\microsoft\systemcertificate

4EB6D578499B1CCF5F581EAD56BE3D6B6744A... MA 27 FEB 2012 18:55 DELETED

hklm\software\microsoft\systemcertificate\authroot\cerl

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Hitman Pro is nu niet echt een programma waar ik wild van ben, maar als de meldingen terugkomen is het misschien best dat we nog eens verder kijken :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
Nederbelg Meewerkend lid

Nederbelg

Geplaatst:
  • Auteur
Geplaatst:

Ik heb hier een nieuw rapport van Hitman Pro (Early Warning detection)

Hier staat in:

There are indications that the files is a threat, However, it can also be benign.

Has recently appeared on your computer (13 days ago) and starts automatically.

**Windows file protection (WFP) protects this infected system file.

To maitain system stability, the orgina version of this files will be restored during removal.

Hitman Pro 3.6.0 -Build 138 (64 Bit)

Early Warning Scoring Rapport

Properties

Name ntshrui.dll

Location C:\Windows\system32

Size 498 KB

Time 13.0 days ago (2012-02-14 21:42:24)

Entropy 6.1

Product Microsoft® Windows® Operating System

Publisher Microsoft Corporation

Description Shell extensions for sharing

Version 6.1.7601.17755

Copyright © Microsoft Corporation. All rights reserved.

SHA-256 BD4C222913D32D7CF5FE0201FEBE7BD67FC39DF47A7A672C2D6C228A6E13B5DE

Scoring (7.0)

Program starts automatically without user intervention.

The file is in use by one or more active processes.

The file is located in a folder that contains core operating system files from Windows. This is not typical to most programs and is only common to system tools, drivers and hacking utilities.

Time indicates that the file appeared recently on this computer.

The file is protected by Windows File Protection (WFP). This is typical to critical Windows system files.

Startup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellIconOverlayIdentifiers\SharingPrivate\

References

HKLM\SOFTWARE\Classes\\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}\

HKLM\SOFTWARE\Wow6432Node\Classes\\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}\

------------------------------------------------------------------------------------------------

Properties

Name SHELL32.dll

Location C:\Windows\system32

Size 13.5 MB

Time 13.0 days ago (2012-02-14 21:42:28)

Entropy 6.2

Product Microsoft® Windows® Operating System

Publisher Microsoft Corporation

Description Windows Shell Common Dll

Version 6.1.7601.17755

Copyright © Microsoft Corporation. All rights reserved.

SHA-256 A5ABEF644B9E730A85FB9A9CA31BC0B95618045028C5AA36179E235E0749E748

Scoring (7.0)

Program starts automatically without user intervention.

The file is in use by one or more active processes.

The file is located in a folder that contains core operating system files from Windows. This is not typical to most programs and is only common to system tools, drivers and hacking utilities.

Time indicates that the file appeared recently on this computer.

The file is protected by Windows File Protection (WFP). This is typical to critical Windows system files.

Startup

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\

References

HKLM\SOFTWARE\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\

HKLM\SOFTWARE\Classes\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\

HKLM\SOFTWARE\Classes\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\

HKLM\SOFTWARE\Classes\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\

HKLM\SOFTWARE\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\

HKLM\SOFTWARE\Classes\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\

HKLM\SOFTWARE\Classes\CLSID\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\

HKLM\SOFTWARE\Classes\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\

HKLM\SOFTWARE\Classes\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\

HKLM\SOFTWARE\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\

HKLM\SOFTWARE\Classes\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\

HKLM\SOFTWARE\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\

HKLM\SOFTWARE\Classes\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\

HKLM\SOFTWARE\Classes\CLSID\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{40419485-C444-4567-851A-2DD7BFA1684D}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\

------------------------------------------------------------------------------------------------------------------------------

Properties

Name ieframe.dll

Location C:\Windows\System32

Size 10.4 MB

Time 13.0 days ago (2012-02-14 20:56:16)

Entropy 6.4

Product Windows® Internet Explorer

Publisher Microsoft Corporation

Description Internet Browser

Version 9.00.8112.16441

Copyright © Microsoft Corporation. All rights reserved.

SHA-256 E9C5CC918765C236B90E7372C45E790CC527021CE6CC76542C965705B9C8F465

Scoring (7.0)

Program starts automatically without user intervention.

The file is in use by one or more active processes.

The file is located in a folder that contains core operating system files from Windows. This is not typical to most programs and is only common to system tools, drivers and hacking utilities.

Time indicates that the file appeared recently on this computer.

The file is protected by Windows File Protection (WFP). This is typical to critical Windows system files.

Startup

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

HKU\S-1-5-21-1159364005-1541426249-3176702787-1001\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

References

HKLM\SOFTWARE\Classes\\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

HKU\S-1-5-21-1159364005-1541426249-3176702787-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32\ieframe.dll

---------- Post toegevoegd om 22:01 ---------- Vorige post was om 21:59 ----------

Combofix rapport volgt !

Link naar reactie
Delen op andere sites
Nederbelg Meewerkend lid

Nederbelg

Geplaatst:
  • Auteur
Geplaatst:

Ik heb van de Hitman Pro rapport lijst nog niets verwijdert enof in Quarantaine laten plaatsen.

Want Hitman pro is zelf niet zeker ofdit wel Malware is. (Dus daar blijf ik dan ook vanaf)

Hier volgt het ComboFix log:

ComboFix 12-02-27.02 - Paul Bastings 27/02/2012 22:06:47.7.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1791.974 [GMT 1:00]

Gestart vanuit: c:\users\Paul Bastings\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Paul Bastings\AppData\Local\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll

c:\users\PAULBA~1\AppData\Local\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-27 to 2012-02-27 ))))))))))))))))))))))))))))))

.

.

2012-02-27 21:12 . 2012-02-27 21:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-02-27 21:12 . 2012-02-27 21:12 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2012-02-27 21:12 . 2012-02-27 21:12 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-02-27 21:12 . 2012-02-27 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-26 19:00 . 2012-02-26 19:00 -------- d-----w- c:\users\Paul Bastings\AppData\Roaming\WinPatrol

2012-02-24 18:47 . 2012-02-24 18:47 -------- d-----w- c:\users\Paul Bastings\AppData\Roaming\Win7codecs

2012-02-24 12:48 . 2012-02-24 12:48 -------- d-----w- c:\program files (x86)\Youtube Downloader HD

2012-02-22 09:10 . 2011-11-18 07:40 219752 ----a-w- c:\windows\system32\SFSS_APO.dll

2012-02-22 09:10 . 2011-12-13 07:58 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl

2012-02-22 09:10 . 2011-12-13 09:27 4718952 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2012-02-22 09:10 . 2011-11-22 02:36 2615400 ----a-w- c:\windows\system32\RtPgEx64.dll

2012-02-22 09:10 . 2011-12-08 08:28 1969768 ----a-w- c:\windows\system32\RtkApi64.dll

2012-02-22 09:10 . 2011-12-08 07:27 3744872 ----a-w- c:\windows\system32\RtkAPO64.dll

2012-02-22 09:10 . 2011-11-22 07:28 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll

2012-02-22 09:10 . 2011-12-09 07:42 2684416 ----a-w- c:\windows\system32\RCoRes64.dat

2012-02-22 09:10 . 2011-12-12 08:20 100456 ----a-w- c:\windows\system32\RCoInstII64.dll

2012-02-22 09:10 . 2010-11-29 05:36 702808 ----a-w- c:\windows\system32\MaxxAudioRealtek2.dll

2012-02-22 09:09 . 2012-01-17 03:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll

2012-02-22 09:09 . 2012-01-17 03:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-02-22 08:24 . 2012-02-22 08:24 -------- d-----w- c:\users\Paul Bastings\AppData\Local\Innovative Solutions

2012-02-22 08:24 . 2012-02-22 08:24 -------- d-----w- c:\program files (x86)\Innovative Solutions

2012-02-16 16:19 . 2012-02-16 16:19 40292 ----a-w- c:\programdata\HKCU.reg

2012-02-15 08:18 . 2012-02-15 08:18 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-02-15 08:18 . 2012-02-15 08:18 -------- d-----w- c:\program files (x86)\Oracle

2012-02-14 20:42 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-14 20:42 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-14 20:42 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-14 20:42 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-14 20:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-14 20:42 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-14 20:42 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-14 20:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-14 20:14 . 2012-02-14 20:14 -------- d-----w- c:\windows\SysWow64\wbem\en-US

2012-02-14 20:14 . 2012-02-14 20:14 -------- d-----w- c:\windows\system32\wbem\en-US

2012-02-13 20:18 . 2012-02-13 20:30 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2012-02-12 15:34 . 2012-02-12 15:34 388096 ----a-r- c:\users\Paul Bastings\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-12 15:34 . 2012-02-12 15:34 -------- d-----w- c:\program files (x86)\Trend Micro

2012-02-12 14:11 . 2012-02-12 14:11 -------- d-----w- c:\users\Paul Bastings\AppData\Roaming\BDlot

2012-02-12 14:10 . 2012-02-12 14:10 -------- d-----w- c:\program files\LotSoft

2012-02-10 17:39 . 2012-02-10 17:39 -------- d-----w- c:\users\Paul Bastings\AppData\Roaming\Softland

2012-02-10 17:39 . 2012-01-18 10:08 24912 ----a-w- c:\windows\system32\novamnl7.dll

2012-02-10 17:39 . 2012-01-18 10:08 21840 ----a-w- c:\windows\system32\novamil7.dll

2012-02-10 17:39 . 2010-02-05 13:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2012-02-10 17:39 . 2012-02-10 17:39 -------- d-----w- c:\program files\Softland

2012-02-09 16:59 . 2012-02-09 17:02 -------- d-----w- c:\users\Paul Bastings\AppData\Roaming\WaveMax Sound Editor5

2012-02-09 16:59 . 2012-02-09 16:59 -------- d-----w- c:\program files (x86)\WaveMax Sound Editor

2012-02-09 14:53 . 2012-02-09 14:53 -------- d-----w- c:\users\Paul Bastings\AppData\Local\Evernote

2012-02-09 14:52 . 2012-02-09 14:52 -------- d-----w- c:\program files (x86)\Evernote

2012-02-09 13:20 . 2012-02-09 13:20 4794880 ----a-w- c:\windows\SysWow64\x264vfw.dll

2012-02-07 15:16 . 2012-02-16 19:23 -------- d-----w- c:\users\Paul Bastings\AppData\Roaming\ExpressFiles

2012-02-05 20:57 . 2012-02-05 20:59 -------- d-----w- c:\users\Paul Bastings\AppData\Local\Microsoft Games

2012-02-04 08:15 . 2012-02-04 08:15 -------- d-----w- c:\users\Paul Bastings\AppData\Roaming\Lonely Troops

2012-02-03 19:39 . 2012-02-03 19:39 -------- d-sh--w- c:\windows\ftpcache

2012-02-03 13:01 . 2012-02-03 13:01 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-02-03 13:01 . 2012-02-03 13:01 -------- d-----r- c:\program files (x86)\Skype

2012-02-02 17:25 . 2012-02-02 17:25 9216 ----a-r- c:\users\Paul Bastings\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe

2012-02-02 13:42 . 2011-12-08 04:22 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys

2012-02-02 13:42 . 2011-12-08 04:22 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys

2012-02-02 13:42 . 2011-12-08 04:22 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys

2012-02-02 13:42 . 2011-12-08 04:22 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys

2012-02-02 13:42 . 2011-12-08 04:22 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys

2012-02-02 13:42 . 2011-12-08 04:22 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys

2012-02-02 13:42 . 2011-12-08 04:22 146920 ----a-w- c:\windows\system32\drivers\ssadserd.sys

2012-02-01 08:34 . 2012-02-01 08:55 -------- d-----w- c:\users\Paul Bastings\AppData\Roaming\Youtube Downloader HD

2012-01-29 12:58 . 2012-01-29 12:58 -------- d-----w- c:\users\Paul Bastings\AppData\Local\AVSoft_Corp._(VN)

2012-01-29 12:44 . 2012-01-29 12:44 -------- d-----w- c:\program files (x86)\AV Music Morpher

2012-01-29 12:44 . 2012-01-29 12:44 -------- d-----w- c:\programdata\Avnex

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-27 20:33 . 2011-12-28 23:15 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-02-15 09:04 . 2011-12-16 18:08 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-02-12 14:11 . 2011-10-28 10:41 275648 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys

2012-02-10 03:13 . 2011-10-30 21:22 2660160 ----a-w- c:\windows\system32\nvapi64.dll

2012-02-10 03:13 . 2011-10-30 21:22 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-02-10 03:13 . 2011-08-15 14:53 1737536 ----a-w- c:\windows\system32\nvdispco64.dll

2012-02-10 03:13 . 2011-08-15 14:53 1466176 ----a-w- c:\windows\system32\nvgenco64.dll

2012-02-10 03:13 . 2011-07-10 18:17 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-01-28 11:12 . 2012-01-28 11:12 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2012-01-28 11:10 . 2012-01-28 11:10 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm

2012-01-27 15:15 . 2012-01-27 14:50 417440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-01-27 15:15 . 2011-10-31 15:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-27 15:05 . 2011-10-31 15:05 8756384 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-01-25 13:21 . 2012-01-25 13:21 913920 ----a-w- c:\windows\SysWow64\lameACM.acm

2012-01-17 03:45 . 2012-01-03 13:25 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-01-10 12:57 . 2011-12-13 00:19 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-01-10 12:57 . 2011-05-27 17:37 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-01-09 18:45 . 2012-01-09 18:45 178688 ----a-w- c:\windows\SysWow64\unrar.dll

2012-01-06 00:19 . 2012-01-06 00:19 6411776 ----a-w- c:\windows\SysWow64\Open haard schermbeveiliging.scr

2012-01-06 00:19 . 2012-01-06 00:19 6537480 ----a-w- c:\users\Paul Bastings\AppData\Roaming\Microsoft\Temp\Fireplace Screensaver nlBE.exe

2011-12-30 16:02 . 2011-12-02 15:49 23896 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2011-12-28 22:55 . 2011-05-27 02:27 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-12-22 21:40 . 2011-12-22 21:40 155648 ----a-w- c:\windows\SysWow64\ac3acm.acm

2011-12-16 18:05 . 2011-12-16 18:08 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-16 18:05 . 2011-12-16 18:08 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-16 18:05 . 2011-12-16 18:08 139512 ----a-w- c:\windows\system32\drivers\avfwot.sys

2011-12-16 18:05 . 2011-12-16 18:08 113768 ----a-w- c:\windows\system32\drivers\avfwim.sys

2011-12-16 16:21 . 2012-01-07 19:12 31576 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-12-15 20:54 . 2011-12-15 20:54 0 ----a-w- c:\windows\RAVTC.TMP

2011-12-13 01:38 . 2011-05-27 01:18 627600 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-10 14:24 . 2011-05-27 01:19 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-07 18:32 . 2011-12-07 18:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll

2011-08-18 18:37 . 2011-08-18 18:36 13571624 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Paul Bastings\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Paul Bastings\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Paul Bastings\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-19 21416]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]

"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-02-20 8565672]

"DriverMax_RESTART"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-02-20 8565672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KIESTRAYAGENT.EXE" [2012-02-03 3508624]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-02-24 328800]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 135664]

R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2011-12-28 105800]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R2 VideoAcceleratorService;VideoAcceleratorService; [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-27 253600]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 cpuz135;cpuz135; [x]

R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [x]

R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 135664]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]

S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-12-16 616400]

S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-16 342480]

S2 AntiVirSchedulerService;Avira Planner;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-16 463824]

S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [2012-01-09 36792]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-27 15:15]

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 19:38]

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 19:38]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1159364005-1541426249-3176702787-1001Core.job

- c:\users\Paul Bastings\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 19:38]

.

2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1159364005-1541426249-3176702787-1001UA.job

- c:\users\Paul Bastings\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 19:38]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Paul Bastings\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Paul Bastings\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Paul Bastings\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Paul Bastings\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]

"KiesHelper"="c:\program files (x86)\samsung\kies\kieshelper.exe" [2012-02-03 943504]

"CanonSolutionMenu"="c:\program files (x86)\canon\solutionmenu\cnslmain.exe" [2009-09-03 767312]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/ig

uLocal Page = c:\windows\SYSTEM32\blank.htm

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=imedia_s3720&r=173605119606p03c5x115y48j10353

mLocal Page = c:\windows\SYSTEM32\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

.

.

------- Bestandsassociaties -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

SafeBoot-SolutoService

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file)

ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file)

ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file)

ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1159364005-1541426249-3176702787-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_183_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_183_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_183.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_183.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_183.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_183.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\IObit\Advanced SystemCare 5\PMonitor.exe

c:\program files (x86)\CleanMem\mini_monitor.exe

.

**************************************************************************

.

Voltooingstijd: 2012-02-27 22:20:31 - machine werd herstart

ComboFix-quarantined-files.txt 2012-02-27 21:20

.

Pre-Run: 102.796.455.936 bytes beschikbaar

Post-Run: 102.526.406.656 bytes beschikbaar

.

- - End Of File - - F7107D08B8C1445A64C00CDE9CD27819

Link naar reactie
Delen op andere sites
Nederbelg Meewerkend lid

Nederbelg

Geplaatst:
  • Auteur
Geplaatst:

Het probleem dat mijn zoekmachine gewijzigd wordt is volgens mij opgelost !

Heb omdit te testen namelijk Firefox, Maxthon, Chromium & Safari (tijdelijk) geinstalleert.

En gek genoeg wordt in deze browser namelijk geen melding gegeven, dat er iemand met deze zoekinstellingen rotzooit.

Alleen de Google Chrome 19.0.1049.3 dev, blijft dit maar melden.

Dus ik denk eerder dat dit een fout van Google is, want ik gebruik immers een Beta versie van de browser !

Bovendien kunnen de virus scanners ook niets vinden, heb inmiddels met elke bekend merk gescant !!

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dan wordt het even uitkijken tot de betaversie naar een definitieve versie wordt omgezet, om te weten of het fenomeen zich dan ook nog voordoet.

Ondertussen mag je Combofix zeker al verwijderen. Dat doe je zo :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.