habhab

[ATTACH]34505[/ATTACH] En hierbij nog eens het gevraagde log-bestand. En ik denk dat het probleem nu is opgelost. Google Chrome werkt weer even responsive als voordien. Kun je mij eventueel uitleggen wat de oorzaak was, en of ik mij zorgen moet maken of eventuele bankgegevens en dergelijke zouden kunnen gehackt zijn? AdwCleaner[S1].txt

[ATTACH]34474[/ATTACH] Hierbij de gevraagde logbestand zoek-results.txt

[ATTACH]34287[/ATTACH] In bijlage het gevraagde bestand. log.txt

Hallo, Lang geleden dat ik jullie nog eens nodig had. Ik gebruik sedert een tijd Google Chrome (Versie 36.0.1985.125 m), omdat het algemeen werd erkend als "sneller als Internet Explorer". So far so good, maar sedert een tijdje heb ik het gevoel dat forms nogal onresponsive zijn. Als ik bijvoorbeeld bij PC-Helpforum een username en paswoord moet intikken, is het alsof de karakters wat later komen. Ik druk een "a", en een halve seconde later zie ik ook daadwerkelijk die "a". Ik heb dit probleem bijvoorbeeld ook bij mijn homebanking programma, enz... Ik heb even Internet Explorer geprobeerd, en daar gaat alles flitsend snel. Is dus een specifiek probleem bij Google Chrome. Ik ben bang dat er op de achtergrond één of ander obscuur programmaatje al mijn activiteiten aan het monitoren is:dong: Ik heb McAfee virusscanner al eens een complete scan laten doen, maar die heeft alvast niets gevonden. Kunnen jullie mij een oplossing bieden? Hartelijk dank, HabHab

[ATTACH]31113[/ATTACH] Bij deze het logje van zoek.exe. zoek-results.log

[ATTACH]31021[/ATTACH] Hier zijn we dan weer met het log-bestandje. - - - Updated - - - Ik merk wel dat als ik Chrome opstart, ik nog steeds volgende in de adresbalk zie: "http://search.conduit.com/?ctid=CT3288691&SearchSource=48&CUI=UN14211974472508290&UM=2" Ik heb www.google.be als mijn startpagina geselecteerd, maar telkens wordt die bovenstaande pagina getoond. Is dat normaal? Ik dacht het niet, toch? AdwCleaner[S0].txt

Ik heb bovenstaande instructies uitgevoerd. In bijlage zou het log-bestand moeten zitten. log.txt

Hallo, Als ik mijn webbrowser open (Google Chrome), krijg ik regelmatig onderaan mijn scherm vierkante pop-ups met reclame, en worden soms ongewild websites geopend (opnieuw met reclame natuurlijk). Ik heb reeds de trial van Malwarebytes Anti-Malware (2.00.0.1000) er even op losgelaten, en die tool had +20 problemen ontdekt. Met deze tool geprobeerd er van af te geraken, maar helaas. Ik hoop dat jullie me kunnen helpen? Uit ervaring met jullie forum weet ik dat er telkens een logje van HijackThis wordt gevraagd. Bij deze: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 15:14:57, on 29/03/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16521)FIREFOX: 25.0.1 (en-US) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe C:\Users\Hans2\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\OnecomCloudDrive\Dlls\OnecomCloudDrive.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Users\Hans2\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Hans\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Rich Media Player - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\Hans\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll (file missing) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [One.com] C:\Program Files (x86)\OnecomCloudDrive\Dlls\AppLauncher.exe O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart O4 - HKUS\S-1-5-18\..\RunOnce: [{91120000-0013-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [{91120000-0013-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dropbox.lnk = Hans2\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Hans\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Computer Backup (ZipCloud) (BackupStack) - Just Develop It - C:\Program Files (x86)\ZipCloud\BackupStack.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: Red Bend-service voor apparaatbeheer voor Intel® PROSet/Wireless WiMAX-software (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Intel® PROSet/Wireless WiMAX-service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14917 bytes

Het leven kan zo eenvoudig zijn.... Opgelost! Bedankt!

Sedert enkele dagen heb ik een zeer raar fenomeen, en ik weet eigenlijk niet hoe of wat ik moet zoeken om na te gaan of er hier al melding over is geweest. Ik werk dus met IE10. Als ik IE opstart, dan krijg ik mooi de homepage voorgeschoteld (is simpelweg Google). Als ik echter in de adresbalk een website intik (voorbeeld: Microsoft Nederland | Apparaten en diensten), en ik druk op enter, dan gebeurt er helemaal niets! Ik zie de cursor voor het eerste karakter springen in de adresbalk, en dat is het zo een beetje. Zelfs geen roterend symbooltje dat toont dat hij aan het laden is. De google webpagina (homepage) blijft staan. Ik kan in de google zoekbalk wel iets intikken, en door dan op enter te drukken toont google mij wel de zoekresultaten. En daar kan ik op een link klikken, en zie ik de webpage. Maar de back button naast de adresbalk blijkt ook helemaal niet te reageren. Als ik zelfs op de back button blijf drukken, om zo de lijst van eerdere webpages te zien, en ik probeer IE te forceren om terug te keren naar bijvoorbeeld de eerste pagina, dan gebeurt er ook helemaal niets. Als ik in mijn favorieten een website aanklik... inderdaad, ook hier weer helemaal niets. Ook niet als ik met rechtermuisknop expliciet "Openen" of "In nieuw tabblad openen" selecteer. Als ik aanlog op een andere gebruiker, dan blijft het probleem bestaan. Het is dus niet account gerelateerd. Ik heb mijn virusscanner (die permanent aanstaat) even laten een full scan doen, maar niets gevonden. Ik heb CCleaner er ook eens op los gelaten, en alles gecleaned, maar ook hier geen oplossing. Gelukkig heb ik nog google chrome zodat ik jullie dit bericht kan sturen. Iemand een idee hoe ik van dit bizare fenomeen kan af geraken?

Uh, heb het ondertussen toch kunnen oplossen. Heb een netwerk drive gemapped, en daarbij mijn admin username en paswoord gebruikt. Door dit te doen, kon ik de rechten op de file wijzigen. Sorry, just ignore previous

Hallo, Hier ben ik weer:embarassed: Vandaag had ik het plan om mijn Outlook pst file iets te herorganizeren, daar ik vond dat hij met bijna 2GB wel een beetje groot werd. Ik heb een nieuwe pst file gemaakt, waarin ik een deel van de oorspronkelijke pst file in heb gecopieerd (een folder genaamd 'shops' - inhoud is hier irrevant). Ik werk met Windows 7 en Outlook 2007. Die file staat echter op een NAS server (ReadyNAS Duo). So far so good, file aangemaakt, copy van folder gemaakt, en zonder problemen kon ik verder werken. Nu start ik Outlook opnieuw op, en probeer ik in de 'Shops' folder (dus de shops.pst - file) te openen. Ik krijg echter onmiddellijk de melding dat de toegang tot het bestand is geweigerd. Ik heb niet voldoende bevoegdheden voor het openen van het bestand \\NAS-VC\HomeShare\Outlook\Hans\Shops.pst. Als ik naar het bestand op de NAS-server ga kijken, zie ik dat de rechten voor 'Iedereen' op 'alleen lezen' staat. Dit is dus hoogstwaarschijnlijk de reden van mijn probleem. Ik heb ook een eventuele verklaring (alhoewel ik geen flauw idee heb of die verklaring klopt). Toen ik de nieuwe pst file heb aangemaakt, was ik aangelogd op mijn NAS server als administrator (ik was namelijk op hetzelfde moment wat aan het experimenteren met backup systemen in de Cloud). Ik vermoed dus dat mijn shops.pst file gecreerd is als NAS-VC/admin, en voor één of andere reden betekent dat dat de file-rechten voor Iedereen default op lezen worden gezet. Nu ben ik echter niet meer aangelogd met mijn NAS-server, en wordt de file dus benaderd als een gewone user (Iedereen), en kan ik dus enkel lezen. Het probleem is dat ik op geen enkele manier de file rechten kan wijzigen, omdat ik... u raadt het al... niet gemachtigd ben om dit te doen. Ik heb reeds geprobeerd om opnieuw met de NAS-server aan te loggen (maw, openen van de webpagina op de server waarbij ik inlog als administrator), maar helaas, dit verschaft me nog steeds niet de rechten die ik nodig heb. Hoe kan ik nu op één of andere manier de file ships.pst wijs maken dat ik wel degelijk de administrator van de NAS-server ben, en de rechten van 'Iedereen' veranderen zodat er ook schrijven wordt toegelaten. Pfffff, ingewikkelde troep allemaal. Bedankt, HabHab

Hallo, Hierbij het logje. Moeten duidelijk Nederlands leren:-) "File verwijdert"??? # AdwCleaner v2.301 - Verslag gemaakt op 26/05/2013 om 19:22:20 # Geactualiseerd op 16/05/2013 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : Hans2 - HANS-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Hans2\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\END File Verwijdert : C:\user.js Map Verwijdert : C:\Program Files (x86)\ChatZum Toolbar Map Verwijdert : C:\Program Files (x86)\Conduit Map Verwijdert : C:\Program Files (x86)\DealPly Map Verwijdert : C:\Program Files (x86)\SearchProtect Map Verwijdert : C:\Program Files (x86)\Softonic Map Verwijdert : C:\ProgramData\Babylon Map Verwijdert : C:\ProgramData\Conduit Map Verwijdert : C:\Users\Bert\AppData\LocalLow\BabylonToolbar Map Verwijdert : C:\Users\Bert\AppData\LocalLow\Softonic Map Verwijdert : C:\Users\Bram\AppData\LocalLow\BabylonToolbar Map Verwijdert : C:\Users\Bram\AppData\LocalLow\Softonic Map Verwijdert : C:\Users\Gast\AppData\LocalLow\BabylonToolbar Map Verwijdert : C:\Users\Gast\AppData\LocalLow\Softonic Map Verwijdert : C:\Users\Hans\AppData\Local\PackageAware Map Verwijdert : C:\Users\Hans\AppData\LocalLow\AVG Secure Search Map Verwijdert : C:\Users\Hans\AppData\LocalLow\boost_interprocess Map Verwijdert : C:\Users\Hans\AppData\Roaming\Babylon Map Verwijdert : C:\Users\Hans\AppData\Roaming\pdfforge Map Verwijdert : C:\Users\Hans\AppData\Roaming\SearchProtect Map Verwijdert : C:\Users\Hans2\AppData\Local\Conduit Map Verwijdert : C:\Users\Hans2\AppData\LocalLow\Conduit Map Verwijdert : C:\Users\Hans2\AppData\Roaming\SearchProtect Map Verwijdert : C:\Users\Mattijs\AppData\LocalLow\BabylonToolbar Map Verwijdert : C:\Users\Mattijs\AppData\LocalLow\Softonic Map Verwijdert : C:\Users\Mattijs\AppData\Roaming\pdfforge Map Verwijdert : C:\Users\Mattijs\AppData\Roaming\SearchProtect ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\SearchProtect Sleutel Verwijdert : HKLM\Software\AVG Secure Search Sleutel Verwijdert : HKLM\Software\Babylon Sleutel Verwijdert : HKLM\Software\ChatZum Toolbar Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.dskBnd Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Sleutel Verwijdert : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT3288691 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Sleutel Verwijdert : HKLM\Software\SearchProtect Sleutel Verwijdert : HKLM\Software\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Waarde Verwijdert : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16483 Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1QzutDtDtByC0Bzy0ByD0FyEyB0AtC0F0DyDtN0D0Tzu0CtBzztAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=509252985 --> hxxp://www.google.com -\\ Google Chrome v27.0.1453.94 File : C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Preferences Verwijdert [l.1] : urls_to_restore_on_startup ={"backup":{"_signature":"fdlC9qXYvrMISssLM08hiz5H7yQmX3UaNV67wdst7T0=","_version":4,"extensions":{"i[...] Verwijdert [l.4] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=test312&chnl=test31[...] Verwijdert [l.6] : urls_to_restore_on_startup =},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_bookmarks":fals[...] File : C:\Users\Hans2\AppData\Local\Google\Chrome\User Data\Default\Preferences Verwijdert [l.1] : icon_url ={"bookmark_bar":{"show_on_all_tabs":true},"browser":{"check_default_browser":false,"last_known_googl[...] ************************* AdwCleaner[s1].txt - [12072 octets] - [26/05/2013 19:22:20] ########## EOF - C:\AdwCleaner[s1].txt - [12133 octets] ##########

Hallo, Ik vermoed dat het probleem is opgelost. Ik heb de Startpagina in IE terug gezet naar www.google.be, en herstarten van IE toont nog steeds www.google.be. Dit was voordien niet zo. Onderaan de logjes zoals gevraagd (heb wel MBAM nog een tweede keer gestart, maar heb de voorlaatste log hieronder gecopieerd). THANKS A MILLION!!! Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.05.26.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hans2 :: HANS-PC [administrator] 26/05/2013 15:05:59 mbam-log-2013-05-26 (15-05-59).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 350375 Verstreken tijd: 9 minuut/minuten, 20 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\Hans2\AppData\Roaming\skype.dat -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 12 C:\Users\Hans\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans\AppData\Local\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans2\AppData\Local\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans2\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans2\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans2\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) En hier de HijackThis log: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 15:39:03, on 26/05/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16483) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\DRIVERS\o2flash.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\SetPoint\x86\SetPoint32.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Hans2\Desktop\Get rid of virus\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - Startup: ZipCloud.lnk = C:\Program Files (x86)\ZipCloud\ZipCloud.exe O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file) O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Computer Backup (ZipCloud) (BackupStack) - Just Develop It - C:\Program Files (x86)\ZipCloud\BackupStack.exe O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: Red Bend-service voor apparaatbeheer voor Intel® PROSet/Wireless WiMAX-software (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Intel® PROSet/Wireless WiMAX-service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11818 bytes

Hallo, Normaal heb ik google search als homepage in Windows Explorer. Nu heb ik opnieuw het probleem dat mijn homepage settings telkens worden overschreven. Ik heb dit eerder nog gehad, en jullie hebben dit toen opgelost. Ik heb gezocht op jullie forum naar 'Search.conduit' of 'conduit', maar niets gevonden. Vandaar dat ik me nog even rechtstreekt tot jullie richt. Mijn explorer wordt steeds 'vervuild' met onderstaande link als homepage: Zoeken Hier alvast een Hijach This logje. Alvast bedankt! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:09:04, on 26/05/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16483) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe C:\Windows\system32\DRIVERS\o2flash.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Users\Hans2\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\SetPoint\x86\SetPoint32.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Users\Hans2\Desktop\Get rid of virus\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zoeken R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKCU\..\Run: [searchProtect] C:\Users\Hans2\AppData\Roaming\SearchProtect\bin\cltmng.exe O4 - Startup: ZipCloud.lnk = C:\Program Files (x86)\ZipCloud\ZipCloud.exe O4 - Global Startup: CrashPlan Tray.lnk = C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file) O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Computer Backup (ZipCloud) (BackupStack) - Just Develop It - C:\Program Files (x86)\ZipCloud\BackupStack.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: Red Bend-service voor apparaatbeheer voor Intel® PROSet/Wireless WiMAX-software (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Intel® PROSet/Wireless WiMAX-service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12402 bytes

Dag Asus, Zoals altijd, een perfect antwoord! Ik wist niet dat het zo eenvoudig was om een account te copiëren. Hartelijk dank! HabHab

Hallo, Lang geleden dat ik jullie hulp nog eens nodig had, maar helaas (is niet persoonlijk bedoeld hexD). Ik heb op mijn laptop een 5-tal accounts. Op mijn eigen account loopt het mis. Als ik aanlog, zie ik een fractie van een seconde mijn taakbalk, en dan wordt gans het scherm even blauw (standaard windows background blauw), en enkele seconden later wit. Verder gebeurt er niets meer. Als ik CTRL-ALT-DEL druk, kan ik via het taakbeheer afmelden. Tijdens het afmelden zie ik in een flits even mijn desktop, en dan wordt er afgemeld. Op andere accounts (bijvoorbeeld de Guest account vanwaar ik dit bericht stuur) gaat alles goed. Kunnen jullie mij helpen (tuurlijk, hebben jullie al telkens gedaan!). En kan ik via deze Guest account eventueel de zaken oplossen? Hartelijk dank!! HabHab

Neen, alles is opgelost nu. Ik vraag me wel af hoe dit ding er nu weer is opgekomen. Ik heb permanent McFee draaien, maar 'k heb het gevoel dat die virusscanners weinig tegenhouden van die dingen.

Hallo, De Removal Tool blijkt niet te werken. De log toont volgende: 2012-10-07 17:48:51,653 ERROR Wrong application platform. Use corresponding application version for 32bit or 64bit systems

Vooreerst het goede nieuws. Ik kan opnieuw mijn homepage zelf bepalen. Ik merk wel dat bij opstarten van de internet explorer er gevraagd werd om de AVG security terug in te schakelen, wat ik wijselijk dus niet heb gedaan natuurlijk. 'k Zie wel dat ie nog in de lijst staat van plugins. De folder "C:\ComboFix" was leeg, dus kon ik Combofix.txt niet vinden. Ik had de log echter in een textfile gesaved vooraleer ik moest rebooten omdat er blijkbaar weer iets was met een registery item. Hierbij de inhoud: ComboFix 12-10-04.02 - Hans 07/10/2012 9:38.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3957.2292 [GMT 2:00] Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Hans\Desktop\CFScript.txt AV: McAfee Antivirus en antispyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Antivirus en antispyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\drivers\avgtpx64.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\AVG Secure Search c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll c:\program files (x86)\AVG Secure Search\about.gif c:\program files (x86)\AVG Secure Search\active-threats18.gif c:\program files (x86)\AVG Secure Search\avguidx.dll c:\program files (x86)\AVG Secure Search\calc.gif c:\program files (x86)\AVG Secure Search\CleanHistory.gif c:\program files (x86)\AVG Secure Search\configuration.xml c:\program files (x86)\AVG Secure Search\current.gif c:\program files (x86)\AVG Secure Search\currently-safe18.gif c:\program files (x86)\AVG Secure Search\Facebook.gif c:\program files (x86)\AVG Secure Search\favicon.ico c:\program files (x86)\AVG Secure Search\feedback.gif c:\program files (x86)\AVG Secure Search\help.gif c:\program files (x86)\AVG Secure Search\icon18.gif c:\program files (x86)\AVG Secure Search\labs.gif c:\program files (x86)\AVG Secure Search\Licenses\Encoding_decoding_base64.txt c:\program files (x86)\AVG Secure Search\Licenses\hmac.txt c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-bsdiff.txt c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-bzip.txt c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-JasonCpp.txt c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-MPL-NPAPI.txt c:\program files (x86)\AVG Secure Search\Licenses\LICENSE-sparsehash.txt c:\program files (x86)\AVG Secure Search\Licenses\PassthruApp.txt c:\program files (x86)\AVG Secure Search\lip.exe c:\program files (x86)\AVG Secure Search\note.gif c:\program files (x86)\AVG Secure Search\PostInstall.exe c:\program files (x86)\AVG Secure Search\PostInstaller.ini c:\program files (x86)\AVG Secure Search\radio\bg.gif c:\program files (x86)\AVG Secure Search\radio\play.gif c:\program files (x86)\AVG Secure Search\radio\play_hover.gif c:\program files (x86)\AVG Secure Search\radio\stop.gif c:\program files (x86)\AVG Secure Search\radio\stop_hover.gif c:\program files (x86)\AVG Secure Search\radio\v_minus.gif c:\program files (x86)\AVG Secure Search\radio\v_minus_1.gif c:\program files (x86)\AVG Secure Search\radio\v_plus.gif c:\program files (x86)\AVG Secure Search\radio\v_plus_1.gif c:\program files (x86)\AVG Secure Search\radio\vol_line_emp.gif c:\program files (x86)\AVG Secure Search\radio\vol_line_full.gif c:\program files (x86)\AVG Secure Search\radio\vol_line_half.gif c:\program files (x86)\AVG Secure Search\remote_configuration.xml c:\program files (x86)\AVG Secure Search\roc_nt.exe c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe c:\program files (x86)\AVG Secure Search\search.gif c:\program files (x86)\AVG Secure Search\SecuredSearch.gif c:\program files (x86)\AVG Secure Search\setup.bmp c:\program files (x86)\AVG Secure Search\speed-test.gif c:\program files (x86)\AVG Secure Search\surf-with-caution18.gif c:\program files (x86)\AVG Secure Search\toolbar.zip c:\program files (x86)\AVG Secure Search\Uninstall.exe c:\program files (x86)\AVG Secure Search\uninstall.gif c:\program files (x86)\AVG Secure Search\updating18.gif c:\program files (x86)\AVG Secure Search\vprot.exe c:\program files (x86)\AVG Secure Search\weather.gif c:\program files (x86)\AVG Secure Search\windows.gif c:\program files (x86)\Common Files\AVG Secure Search c:\program files (x86)\Common Files\AVG Secure Search\CommonInstaller\12.2.6\CommonInstaller.exe c:\program files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll c:\program files (x86)\Common Files\AVG Secure Search\DriverInstaller\12.2.6\DriverInstaller.exe c:\program files (x86)\Common Files\AVG Secure Search\InstalledProducts.ini c:\program files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.6\ScriptHelper.exe c:\program files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll c:\program files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll c:\program files (x86)\Common Files\AVG Secure Search\ToolBandTlb\12.2.6\toolband c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\UpdaterConfig.ini c:\programdata\AVG Secure Search c:\programdata\AVG Secure Search\12.2.5.34\chrome.manifest c:\programdata\AVG Secure Search\12.2.5.34\chrome\avg.jar c:\programdata\AVG Secure Search\12.2.5.34\components\avg-dnt-policy.js c:\programdata\AVG Secure Search\12.2.5.34\components\toolbarhomeApi.js c:\programdata\AVG Secure Search\12.2.5.34\icon.png c:\programdata\AVG Secure Search\12.2.5.34\install.rdf c:\programdata\AVG Secure Search\12.2.5.34\locale\en-US\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\locale\en-US\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\avg-dnt-adapter.js c:\programdata\AVG Secure Search\12.2.5.34\modules\avg.xml c:\programdata\AVG Secure Search\12.2.5.34\modules\avgJsm.js c:\programdata\AVG Secure Search\12.2.5.34\modules\Bindings.xml c:\programdata\AVG Secure Search\12.2.5.34\modules\configuration.js c:\programdata\AVG Secure Search\12.2.5.34\modules\configuration_0.css c:\programdata\AVG Secure Search\12.2.5.34\modules\configuration_0.xul c:\programdata\AVG Secure Search\12.2.5.34\modules\HistoryCleaner.js c:\programdata\AVG Secure Search\12.2.5.34\modules\IOJsm.js c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\cs\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\cs\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\da\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\da\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\de\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\de\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\en\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\en\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\es-es\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\es-es\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\es\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\es\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\fr\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\fr\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\hu\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\hu\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\id\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\id\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\it\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\it\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ja\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ja\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ko\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ko\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ms\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ms\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\nl\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\nl\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pl\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pl\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pt-br\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pt-br\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pt\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\pt\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ru\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\ru\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\sk\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\sk\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\sr\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\sr\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\tr\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\tr\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\zh-cn\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\zh-cn\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\zh-tw\global.dtd c:\programdata\AVG Secure Search\12.2.5.34\modules\locale\zh-tw\global.properties c:\programdata\AVG Secure Search\12.2.5.34\modules\Preferences.js c:\programdata\AVG Secure Search\12.2.5.34\modules\propertiesJsm.js c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\about.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\active-threats18.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\ajax-loader.gif c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\calc.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\CleanHistory.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\close.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\current.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\currently-safe18.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\dnt.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\Facebook.gif c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\feedback.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\feedicon.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\help.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\icon_search.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\icon18.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\information-24.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\labs.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\loader.gif c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\note.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\questionmarkIcon.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\search.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\SecuredSearch.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\speed-test.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\surf-with-caution18.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\uninstall.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\updating18.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\weather.gif c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\window-close.png c:\programdata\AVG Secure Search\12.2.5.34\modules\skin\windows.png c:\programdata\AVG Secure Search\ChromeExt\12.2.5.34\avg.crx c:\users\Bert\AppData\Local\AVG Secure Search c:\users\Bert\AppData\Local\AVG Secure Search\DNT\dt.dat c:\users\Bert\AppData\Local\AVG Secure Search\SiteSafety\l_2012_09_30_04_21_44.db c:\users\Gast\AppData\Local\AVG Secure Search c:\users\Gast\AppData\Local\AVG Secure Search\DNT\dt.dat c:\users\Hans\AppData\Local\AVG Secure Search c:\users\Hans\AppData\Local\AVG Secure Search\DNT\dt.dat c:\users\Hans\AppData\Local\AVG Secure Search\SiteSafety\l_2012_10_05_05_29_49.db c:\users\Hans\AppData\Local\AVG Secure Search\SiteSafety\l_2012_10_07_12_33_36.db c:\users\Mattijs\AppData\Local\AVG Secure Search c:\users\Mattijs\AppData\Local\AVG Secure Search\DNT\dt.dat c:\users\Mattijs\AppData\Local\AVG Secure Search\SiteSafety\l_2012_10_02_07_38_08.db c:\users\Mattijs\AppData\Local\AVG Secure Search\SiteSafety\l_2012_10_06_08_56_56.db c:\windows\system32\drivers\avgtpx64.sys . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AVGTP -------\Service_avgtp -------\Service_vToolbarUpdater12.2.6 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-07 to 2012-10-07 )))))))))))))))))))))))))))))) . . 2012-10-07 07:48 . 2012-10-07 07:48 -------- d-----w- c:\users\Mattijs\AppData\Local\temp 2012-10-07 07:48 . 2012-10-07 07:48 -------- d-----w- c:\users\Gast\AppData\Local\temp 2012-10-07 07:48 . 2012-10-07 07:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-07 07:48 . 2012-10-07 07:48 -------- d-----w- c:\users\Bram\AppData\Local\temp 2012-10-07 07:48 . 2012-10-07 07:48 -------- d-----w- c:\users\Bert\AppData\Local\temp 2012-10-07 06:27 . 2012-10-07 06:27 -------- d-----w- c:\users\Bram\AppData\Local\AVG Secure Search 2012-10-06 08:30 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-10-05 13:19 . 2012-10-05 13:19 -------- d-----w- c:\users\Hans\AppData\Roaming\Malwarebytes 2012-10-05 13:18 . 2012-10-05 13:18 -------- d-----w- c:\programdata\Malwarebytes 2012-09-30 12:08 . 2012-09-30 12:08 -------- d-----w- c:\users\Bert\AppData\Local\Adobe 2012-09-29 18:38 . 2012-09-29 18:38 -------- d-----w- c:\program files (x86)\Chilkat Software Inc 2012-09-29 12:49 . 2012-09-29 12:51 -------- d-----w- c:\users\Hans\AppData\Roaming\pdfforge 2012-09-29 12:49 . 2012-07-29 11:59 96768 ----a-w- c:\windows\system32\pdfcmon.dll 2012-09-29 12:49 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2012-09-29 12:49 . 2012-09-29 12:49 -------- d-----w- c:\program files (x86)\PDFCreator 2012-09-29 12:49 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2012-09-29 12:48 . 2012-09-29 12:48 -------- d--h--w- c:\programdata\Common Files 2012-09-28 04:09 . 2012-04-20 14:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-09-22 07:18 . 2012-09-22 07:18 -------- d-----w- c:\users\Bram\AppData\Local\Adobe 2012-09-16 13:27 . 2012-09-16 13:27 -------- d-----w- c:\program files\CCleaner 2012-09-16 09:39 . 2012-09-16 09:41 -------- d-----w- c:\users\Gast\AppData\Roaming\vlc 2012-09-16 09:11 . 2012-09-16 09:11 -------- d-----w- c:\users\Gast\AppData\Roaming\DivX 2012-09-16 09:09 . 2012-09-16 09:09 -------- d-----w- c:\users\Gast\AppData\Roaming\AVS4YOU 2012-09-15 12:18 . 2012-09-15 12:18 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-09-15 12:18 . 2012-06-22 05:37 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-09-15 12:18 . 2012-06-22 05:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-09-15 12:18 . 2012-06-22 05:36 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-09-15 12:18 . 2012-06-22 05:35 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-09-15 12:18 . 2012-06-22 05:34 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-09-15 12:18 . 2012-09-28 20:59 -------- d-----w- c:\program files\Common Files\McAfee 2012-09-15 12:18 . 2012-09-15 12:23 -------- d-----w- c:\program files\McAfee 2012-09-15 12:18 . 2012-09-29 08:10 -------- d-----w- c:\program files (x86)\McAfee 2012-09-15 12:12 . 2012-06-22 05:38 177144 ----a-w- c:\windows\system32\mfevtps.exe 2012-09-15 12:12 . 2012-09-28 04:10 -------- d-----w- c:\programdata\McAfee 2012-09-12 07:22 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 07:22 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 07:22 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 07:22 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 07:22 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 07:22 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 07:22 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 13:42 . 2012-07-13 09:52 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-26 11:12 . 2012-07-08 16:27 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-26 11:12 . 2012-07-08 16:27 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-24 18:32 . 2012-08-24 18:32 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll 2012-07-31 17:44 . 2012-07-31 17:44 268784 ----a-w- c:\windows\system32\javaws.exe 2012-07-31 17:44 . 2012-07-31 17:44 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-31 17:44 . 2012-07-31 17:44 189424 ----a-w- c:\windows\system32\javaw.exe 2012-07-31 17:44 . 2012-07-31 17:44 188912 ----a-w- c:\windows\system32\java.exe 2012-07-31 17:44 . 2012-07-31 17:44 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-18 18:15 . 2012-08-16 13:26 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-13 09:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-07-13 09:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-07-12 08:58 . 2012-07-08 18:46 211144 ----a-w- c:\windows\SysWow64\BBLTmpl2.ocx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "IndexSearch"="c:\program files (x86)\Dell Printers\paperport\PaperPort\IndexSearch.exe" [2010-03-16 46368] "PaperPort PTD"="c:\program files (x86)\Dell Printers\paperport\PaperPort\pptd40nt.exe" [2010-03-16 29984] "PDFHook"="c:\program files (x86)\Dell Printers\paperport\PDFViewer\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files (x86)\Dell Printers\paperport\PDFViewer\RegistryController.exe" [2010-03-05 62752] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2012-7-13 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250568] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 136176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [x] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-09 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Hans\Desktop\Get rid of virus\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-09-16 23208] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-17 202752] S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2010-06-01 344384] S2 DMAgent;Red Bend-service voor apparaatbeheer voor Intel® PROSet/Wireless WiMAX-software;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-15 403456] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe [2010-03-16 144672] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX-service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-15 907264] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-15 71168] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456] S3 NETw5s64;Intel® Wireless WiFi Link adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272] S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 11:12] . 2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16] . 2012-10-07 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-09-16 1437696] "NtrigApplet"="c:\program files\N-trig\N-trig Software Bundle\NtrigApplet.exe" [2009-10-27 2322432] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2010-06-01 913216] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2010-06-01 587584] "DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2010-06-01 1284416] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.5 195.130.131.5 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - . - - - - ORPHANS VERWIJDERD - - - - . BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll AddRemove-AVG Secure Search - c:\program files (x86)\AVG Secure Search\UNINSTALL.exe AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\DRIVERS\o2flash.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe . ************************************************************************** . Voltooingstijd: 2012-10-07 10:09:13 - machine werd herstart ComboFix-quarantined-files.txt 2012-10-07 08:09 ComboFix2.txt 2012-10-06 18:30 . Pre-Run: 447.325.028.352 bytes beschikbaar Post-Run: 446.861.070.336 bytes beschikbaar . - - End Of File - - 2ABC73FB841617718565044692A96691

Ik heb alle invoegtoepassingen die met AVG te maken hebben uitgeschakeld, maar nog steeds krijg ik die AVG search niet weg. Ondertussen ben ik er wel in geslaagd het volledige ComboFix-report te genereren. Zie onder: ComboFix 12-10-04.02 - Hans 06/10/2012 20:01:03.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3957.2780 [GMT 2:00] Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe AV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\program files (x86)\Savings Sidekick\ButtonUtil.dll c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log c:\users\Hans\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))) . . 2012-10-06 18:09 . 2012-10-06 18:09 -------- d-----w- c:\users\Mattijs\AppData\Local\temp 2012-10-06 18:09 . 2012-10-06 18:09 -------- d-----w- c:\users\Gast\AppData\Local\temp 2012-10-06 18:09 . 2012-10-06 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-06 18:09 . 2012-10-06 18:09 -------- d-----w- c:\users\Bram\AppData\Local\temp 2012-10-06 18:09 . 2012-10-06 18:09 -------- d-----w- c:\users\Bert\AppData\Local\temp 2012-10-06 08:30 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-10-05 13:19 . 2012-10-05 13:19 -------- d-----w- c:\users\Hans\AppData\Roaming\Malwarebytes 2012-10-05 13:18 . 2012-10-05 13:18 -------- d-----w- c:\programdata\Malwarebytes 2012-09-30 12:43 . 2012-09-30 12:43 -------- d-----w- c:\users\Gast\AppData\Local\AVG Secure Search 2012-09-30 12:08 . 2012-09-30 12:08 -------- d-----w- c:\users\Bert\AppData\Local\Adobe 2012-09-30 11:21 . 2012-09-30 11:21 -------- d-----w- c:\users\Bert\AppData\Local\AVG Secure Search 2012-09-30 07:13 . 2012-09-30 07:13 -------- d-----w- c:\users\Mattijs\AppData\Local\AVG Secure Search 2012-09-29 18:38 . 2012-09-29 18:38 -------- d-----w- c:\program files (x86)\Chilkat Software Inc 2012-09-29 12:49 . 2012-09-29 12:51 -------- d-----w- c:\users\Hans\AppData\Roaming\pdfforge 2012-09-29 12:49 . 2012-07-29 11:59 96768 ----a-w- c:\windows\system32\pdfcmon.dll 2012-09-29 12:49 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2012-09-29 12:49 . 2012-09-29 12:49 -------- d-----w- c:\program files (x86)\PDFCreator 2012-09-29 12:49 . 2012-09-29 12:49 -------- d-----w- c:\users\Hans\AppData\Local\AVG Secure Search 2012-09-29 12:49 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2012-09-29 12:49 . 2012-09-29 12:49 -------- d-----w- c:\programdata\AVG Secure Search 2012-09-29 12:49 . 2012-09-29 12:49 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-09-29 12:49 . 2012-09-29 12:49 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-09-29 12:49 . 2012-09-29 12:49 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-09-29 12:48 . 2012-09-29 12:48 -------- d--h--w- c:\programdata\Common Files 2012-09-28 04:09 . 2012-04-20 14:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-09-22 07:18 . 2012-09-22 07:18 -------- d-----w- c:\users\Bram\AppData\Local\Adobe 2012-09-16 13:27 . 2012-09-16 13:27 -------- d-----w- c:\program files\CCleaner 2012-09-16 09:39 . 2012-09-16 09:41 -------- d-----w- c:\users\Gast\AppData\Roaming\vlc 2012-09-16 09:11 . 2012-09-16 09:11 -------- d-----w- c:\users\Gast\AppData\Roaming\DivX 2012-09-16 09:09 . 2012-09-16 09:09 -------- d-----w- c:\users\Gast\AppData\Roaming\AVS4YOU 2012-09-15 12:18 . 2012-09-15 12:18 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-09-15 12:18 . 2012-06-22 05:37 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-09-15 12:18 . 2012-06-22 05:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-09-15 12:18 . 2012-06-22 05:36 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-09-15 12:18 . 2012-06-22 05:35 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-09-15 12:18 . 2012-06-22 05:34 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-09-15 12:18 . 2012-09-28 20:59 -------- d-----w- c:\program files\Common Files\McAfee 2012-09-15 12:18 . 2012-09-15 12:23 -------- d-----w- c:\program files\McAfee 2012-09-15 12:18 . 2012-09-29 08:10 -------- d-----w- c:\program files (x86)\McAfee 2012-09-15 12:12 . 2012-06-22 05:38 177144 ----a-w- c:\windows\system32\mfevtps.exe 2012-09-15 12:12 . 2012-09-28 04:10 -------- d-----w- c:\programdata\McAfee 2012-09-12 07:22 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 07:22 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 07:22 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 07:22 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 07:22 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 07:22 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 07:22 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-12 13:42 . 2012-07-13 09:52 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-26 11:12 . 2012-07-08 16:27 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-26 11:12 . 2012-07-08 16:27 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-24 18:32 . 2012-08-24 18:32 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll 2012-07-31 17:44 . 2012-07-31 17:44 268784 ----a-w- c:\windows\system32\javaws.exe 2012-07-31 17:44 . 2012-07-31 17:44 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-31 17:44 . 2012-07-31 17:44 189424 ----a-w- c:\windows\system32\javaw.exe 2012-07-31 17:44 . 2012-07-31 17:44 188912 ----a-w- c:\windows\system32\java.exe 2012-07-31 17:44 . 2012-07-31 17:44 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-18 18:15 . 2012-08-16 13:26 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-13 09:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-07-13 09:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-07-12 08:58 . 2012-07-08 18:46 211144 ----a-w- c:\windows\SysWow64\BBLTmpl2.ocx . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-09-29 12:49 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-29 1734240] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "IndexSearch"="c:\program files (x86)\Dell Printers\paperport\PaperPort\IndexSearch.exe" [2010-03-16 46368] "PaperPort PTD"="c:\program files (x86)\Dell Printers\paperport\PaperPort\pptd40nt.exe" [2010-03-16 29984] "PDFHook"="c:\program files (x86)\Dell Printers\paperport\PDFViewer\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files (x86)\Dell Printers\paperport\PDFViewer\RegistryController.exe" [2010-03-05 62752] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-29 947808] "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-29 856160] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2012-7-13 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250568] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 136176] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-09 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Hans\Desktop\Get rid of virus\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-09-16 23208] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-29 31080] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-17 202752] S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2010-06-01 344384] S2 DMAgent;Red Bend-service voor apparaatbeheer voor Intel® PROSet/Wireless WiMAX-software;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-15 403456] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe [2010-03-16 144672] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984] S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-29 722528] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX-service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-15 907264] S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-15 71168] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456] S3 NETw5s64;Intel® Wireless WiFi Link adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-13 74272] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] S3 RTL8167;Realtek 8167 NT-stuurprogramma;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 11:12] . 2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-09-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16] . 2012-10-06 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-09-16 1437696] "NtrigApplet"="c:\program files\N-trig\N-trig Software Bundle\NtrigApplet.exe" [2009-10-27 2322432] "DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2010-06-01 913216] "DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2010-06-01 587584] "DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2010-06-01 1284416] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://isearch.avg.com/?cid={7FDE924A-64A6-46D2-A13E-3BA0B4730674}&mid=5cb4d0aa3c4e47d09e35d16fff511d89-c4874019e1711cd76d753e4e96b7830e34c6bc5e〈=nl&ds=pd011&pr=sa&d=2012-09-29 14:49&v=12.2.5.34&sap=hp mLocal Page = c:\windows\SysWOW64\blank.htm uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.5 195.130.131.5 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-10-06 20:30:11 ComboFix-quarantined-files.txt 2012-10-06 18:30 . Pre-Run: 447.639.552.000 bytes beschikbaar Post-Run: 447.484.325.888 bytes beschikbaar . - - End Of File - - A243DE22AB6D9CDC584884979F6321E8

Ik weet niet of alles prima is gelopen. Combofix bleef op een gegeven moment enorm lang melden dat hij de logfile aan het voorbereiden was. Op een gegeven moment was ik het beu, en probeerde ik de windows explorer te openen (om te zien of de logfile er al was). Toen kreeg ik de melding ivm de registery (zie boven in blauw). Ik heb toen gereboot. Ondertussen moest Windows ook weer hoognodig 2 updates installeren. Maw, nogal veel die tegelijkertijd liep vrees ik. Anyway, hieronder de log. Maar mijn startpagina is nog steeds niet wijzigbaar. ComboFix 12-10-04.02 - Hans 06/10/2012 10:14:25.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3957.2357 [GMT 2:00] Gestart vanuit: C:\Users\Hans\Desktop\ComboFix.exe AV: McAfeeAntivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfeeAntivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files (x86)\Savings Sidekick C:\Program Files (x86)\Savings Sidekick\ButtonUtil.dll C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ico C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.ini C:\Program Files (x86)\Savings Sidekick\Savings SidekickInstaller.log C:\Users\Hans\AppData\Local\Savings Sidekick C:\Users\Hans\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (((((((((((((((((((( Bestanden Gemaakt van 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))) 2012-10-06 08:24:50 . 2012-10-06 08:24:50 -------- d-----w- C:\Users\Mattijs\AppData\Local\temp 2012-10-06 08:24:50 . 2012-10-06 08:24:50 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2012-10-06 08:24:50 . 2012-10-06 08:24:50 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-10-06 08:24:50 . 2012-10-06 08:24:50 -------- d-----w- C:\Users\Bram\AppData\Local\temp 2012-10-06 08:24:50 . 2012-10-06 08:24:50 -------- d-----w- C:\Users\Bert\AppData\Local\temp 2012-10-05 13:19:04 . 2012-10-05 13:19:04 -------- d-----w- C:\Users\Hans\AppData\Roaming\Malwarebytes 2012-10-05 13:18:56 . 2012-10-05 13:18:56 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-05 13:18:54 . 2012-10-05 13:19:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-10-05 13:18:54 . 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-30 12:43:02 . 2012-09-30 12:43:02 -------- d-----w- C:\Users\Gast\AppData\Local\AVG Secure Search 2012-09-30 12:08:51 . 2012-09-30 12:08:51 -------- d-----w- C:\Users\Bert\AppData\Local\Adobe 2012-09-30 11:21:44 . 2012-09-30 11:21:44 -------- d-----w- C:\Users\Bert\AppData\Local\AVG Secure Search 2012-09-30 07:13:43 . 2012-09-30 07:13:43 -------- d-----w- C:\Users\Mattijs\AppData\Local\AVG Secure Search 2012-09-29 18:38:49 . 2012-09-29 18:38:49 -------- d-----w- C:\Program Files (x86)\Chilkat Software Inc 2012-09-29 12:49:17 . 2012-09-29 12:51:30 -------- d-----w- C:\Users\Hans\AppData\Roaming\pdfforge 2012-09-29 12:49:13 . 2012-07-29 11:59:32 96768 ----a-w- C:\Windows\system32\pdfcmon.dll 2012-09-29 12:49:13 . 2012-05-05 09:54:20 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX 2012-09-29 12:49:12 . 2012-09-29 12:49:19 -------- d-----w- C:\Program Files (x86)\PDFCreator 2012-09-29 12:49:12 . 2012-09-29 12:49:12 -------- d-----w- C:\Users\Hans\AppData\Local\AVG Secure Search 2012-09-29 12:49:12 . 2012-05-05 09:54:20 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL 2012-09-29 12:49:11 . 2012-09-29 12:49:11 -------- d-----w- C:\ProgramData\AVG Secure Search 2012-09-29 12:49:07 . 2012-09-29 12:49:07 31080 ----a-w- C:\Windows\system32\drivers\avgtpx64.sys 2012-09-29 12:49:06 . 2012-09-29 12:49:07 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2012-09-29 12:49:05 . 2012-09-29 12:49:09 -------- d-----w- C:\Program Files (x86)\AVG Secure Search 2012-09-29 12:48:57 . 2012-09-29 12:48:57 -------- d--h--w- C:\ProgramData\Common Files 2012-09-28 04:09:56 . 2012-04-20 14:40:58 196440 ----a-w- C:\Windows\system32\drivers\HipShieldK.sys 2012-09-22 07:18:46 . 2012-09-22 07:18:46 -------- d-----w- C:\Users\Bram\AppData\Local\Adobe 2012-09-16 13:27:45 . 2012-09-16 13:27:47 -------- d-----w- C:\Program Files\CCleaner 2012-09-16 09:39:23 . 2012-09-16 09:41:11 -------- d-----w- C:\Users\Gast\AppData\Roaming\vlc 2012-09-16 09:11:16 . 2012-09-16 09:11:17 -------- d-----w- C:\Users\Gast\AppData\Roaming\DivX 2012-09-16 09:09:42 . 2012-09-16 09:09:42 -------- d-----w- C:\Users\Gast\AppData\Roaming\AVS4YOU 2012-09-15 12:18:35 . 2012-09-15 12:18:44 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee 2012-09-15 12:18:35 . 2012-06-22 05:37:04 10288 ----a-w- C:\Windows\system32\drivers\mfeclnk.sys 2012-09-15 12:18:34 . 2012-06-22 05:40:58 69672 ----a-w- C:\Windows\system32\drivers\cfwids.sys 2012-09-15 12:18:34 . 2012-06-22 05:36:54 106112 ----a-w- C:\Windows\system32\drivers\mferkdet.sys 2012-09-15 12:18:34 . 2012-06-22 05:35:02 513456 ----a-w- C:\Windows\system32\drivers\mfefirek.sys 2012-09-15 12:18:34 . 2012-06-22 05:34:22 300392 ----a-w- C:\Windows\system32\drivers\mfeavfk.sys 2012-09-15 12:18:31 . 2012-09-28 20:59:45 -------- d-----w- C:\Program Files\Common Files\McAfee 2012-09-15 12:18:29 . 2012-09-15 12:23:49 -------- d-----w- C:\Program Files\McAfee 2012-09-15 12:18:27 . 2012-09-29 08:10:03 -------- d-----w- C:\Program Files (x86)\McAfee 2012-09-15 12:12:55 . 2012-06-22 05:38:04 177144 ----a-w- C:\Windows\system32\mfevtps.exe 2012-09-15 12:12:53 . 2012-09-28 04:10:07 -------- d-----w- C:\ProgramData\McAfee 2012-09-12 07:22:24 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-09-12 07:22:24 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys 2012-09-12 07:22:23 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll 2012-09-12 07:22:22 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 07:22:21 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-09-12 07:22:21 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-09-12 07:22:21 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

Ik heb bovenstaande uitgevoerd, maar nog steeds blijft "AVG" hardnekkig mijn homepage bezetten. Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.0.1400 www.malwarebytes.org Databaseversie: v2012.10.05.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hans :: HANS-PC [administrator] Realtime bescherming: Ingeschakeld 5/10/2012 15:20:17 mbam-log-2012-10-05 (15-20-17).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 283370 Verstreken tijd: 3 minuut/minuten, 58 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 1 HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 1 HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Data: Savings Sidekick -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 1 C:\Users\Hans\Downloads\installer_pdfcreator.exe (PUP.BundleInstaller.BT) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)

Hallo, Sorry, ik had nogal een drukke week en heb daarom nog niet kunnen reageren. Morgen echter een dagje (verdiend:-)) verlof. Hieronder de log: (ik merkte vandaag dat een collega op mijn werk met dezelfde 'plaag' zat - 'k zal haar jullie advies ook doorsturen) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:36:51, on 4/10/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Dell Printers\paperport\PaperPort\pptd40nt.exe C:\Program Files\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\pdfPro5Hook.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\program files (x86)\savings sidekick\savings sidekick-bg.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe C:\Users\Hans\Desktop\Get rid of virus\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={7FDE924A-64A6-46D2-A13E-3BA0B4730674}&mid=5cb4d0aa3c4e47d09e35d16fff511d89-c4874019e1711cd76d753e4e96b7830e34c6bc5e〈=nl&ds=pd011&pr=sa&d=2012-09-29 14:49:07&v=12.2.5.34&sap=hp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s%s R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: CrossriderApp0005060 - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\Bin\PlusIEContextMenu.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\bh\Softonic.dll O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.5.24.3\SoftonicTlbr.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [indexSearch] "C:\Program Files (x86)\Dell Printers\paperport\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Dell Printers\paperport\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Dell Printers\paperport\PDFViewer\RegistryController.exe O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: Red Bend-service voor apparaatbeheer voor Intel® PROSet/Wireless WiMAX-software (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing) O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Dell Printers\paperport\PaperPort\PDFProFiltSrvPP.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Intel® PROSet/Wireless WiMAX-service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14273 bytes

Hallo, Mijn homepage op internet explorer is normaal ingesteld op www.google.be. Ik merk dat die nu op "https://isearch.avg.com/?cid={7FDE924A-64A6-46D2-A13E-3BA0B4730674}&mid=5cb4d0aa3c4e47d09e35d16fff511d89-c4874019e1711cd76d753e4e96b7830e34c6bc5e〈=nl&ds=pd011&pr=sa&d=2012-09-29%2014:49:07&v=12.2.5.34&sap=hp" blijkt te staan. Ik probeer die nu terug te zetten via "Extra/Internet opties/Huidige gebruiken" nadat ik www.google.be heb gebruikt als webpagina. Maar als ik internet explorer afsluit en terug opstart, dat zie ik telkens weer die AVG pagina. Kunnen jullie me helpen daarvan af te geraken? Bedankt, Hans