Lodewijk16

Is uitgevoerd. Opstarten Outlook duurt nog ca. 1,5 minuten. Mag dit als opgelost beschouwd worden? Alvast hartelijk dank voor de geboden hulp!!!

"Windows 7" en "Office Professional Plus 2010" heb ik volledig legaal!

Bij het klikken op Download CCleaner gaat de browser naar CCleaner - Slim en daarna naar http://www.piriform.com/ccleaner/download/slim/downloadfile om dan te veranderen in een volledig witte pagina. Via de homepage van piriform heb ik toch CCleaner kunnen downloaden. Outlook heeft ca. 2 minuten nodig om op te starten. Wat kan er hieraan verhelpen?

Beste Kape, Na het scannen met SUPERAntiSpyware (gevonden op een site die ook ging over het Google Redirect Virus en Emsisoft Emergency Kit, is dit hardnekkig virus kennelijk verdwenen. Google werkt weer normaal op IE9 en op Firefox. Ik stel nu evenwel vast dat Outlook 2010 tergend traag opstart. Wat zou daar de oorzaak van kunnen zijn? Werd er toch iets verwijderd dat bij het opstarten van Outlook nodig is? Bedankt voor alle hulp. Voorlopig sluit in deze discussie nog niet af.

Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 23-12-2012 08:36:24 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, F:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 23-12-2012 08:37:08 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games Ontdekt: Trace.File.Bejeweled 2 Deluxe 1.0 (A) D:\Downloads\WinKeyFinder173.exe Ontdekt: Trojan.Win32.KeyFind.A (A) F:\Backup Medion HDD500_1\Backup Medion XP 20080524\Mijn documenten Medion XP 20080524\Mijn documenten oud\My Deliveries\kdx\TeenageLawnmowerDemoInstaller.exe Ontdekt: Adware.Win32.BetterInternet.AMN (A) F:\Backup Medion HDD500_1\Backup Medion XP 20080524\Mijn documenten Medion XP 20080524\My Deliveries\kdx\TeenageLawnmowerDemoInstaller.exe Ontdekt: Adware.Win32.BetterInternet.AMN (A) F:\Backup TargaDataBox 20090721\Backup Medion 2 20080427\Backup Mijn documenten 20080427\My Deliveries\kdx\TeenageLawnmowerDemoInstaller.exe Ontdekt: Adware.Win32.BetterInternet.AMN (A) F:\Backup TargaDataBox 20090721\Backup Medion2 20060923\Mijn documenten 20060923\My Deliveries\kdx\TeenageLawnmowerDemoInstaller.exe Ontdekt: Adware.Win32.BetterInternet.AMN (A) Gescand 1602264 Gevonden 6 Scan geëindigd: 23-12-2012 23:19:15 Scantijd: 14:42:07 F:\Backup Medion HDD500_1\Backup Medion XP 20080524\Mijn documenten Medion XP 20080524\Mijn documenten oud\My Deliveries\kdx\TeenageLawnmowerDemoInstaller.exe Verwijderd Adware.Win32.BetterInternet.AMN (A) F:\Backup Medion HDD500_1\Backup Medion XP 20080524\Mijn documenten Medion XP 20080524\My Deliveries\kdx\TeenageLawnmowerDemoInstaller.exe Verwijderd Adware.Win32.BetterInternet.AMN (A) F:\Backup TargaDataBox 20090721\Backup Medion 2 20080427\Backup Mijn documenten 20080427\My Deliveries\kdx\TeenageLawnmowerDemoInstaller.exe Verwijderd Adware.Win32.BetterInternet.AMN (A) F:\Backup TargaDataBox 20090721\Backup Medion2 20060923\Mijn documenten 20060923\My Deliveries\kdx\TeenageLawnmowerDemoInstaller.exe Verwijderd Adware.Win32.BetterInternet.AMN (A) D:\Downloads\WinKeyFinder173.exe Verwijderd Trojan.Win32.KeyFind.A (A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games Verwijderd Trace.File.Bejeweled 2 Deluxe 1.0 (A) Verwijderd 6

IE9 heb ik hersteld naar de standaardwaarden. Het probleem is niet verholpen. De zoekresultaten van Google leiden af naar: http://directagain.net/in.php?source=3547&q=floralux&suid=700029951-9080001&rnd=c2m5V6wO8vf7wthO0yyGHw%3D%3D Zijn er nog andere opties, behalve windows herinstalleren?

Kan ik dit doormailen ofzo? De bestanden noemen: hosts, hosts.datum.backup, hosts.bak, HOSTS.MVP, Imhosts.sam, networks, protocol en services.

Nu werd ik omgeleid naar: "http://www.ads4adult.com/my_traffic.php?track=reach_BE" en "http://directagain.net/i.php?a=2&b=231876"

Het probleem is helaas nog niet opgelost. In IE9 wordt ik in google via http://search-faster.com/vcpv.php omgeleid naar: news.findpin.org en Find what you need!= en http://worddictionary.com.au/?utm_so...n=CampaignName

# AdwCleaner v2.101 - Verslag gemaakt op 21/12/2012 om 11:48:55 # Geactualiseerd op 16/12/2012 door Xplode # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (32 bits) # Gebruiker : Ludo - PC_VAN_LUDO # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Ludo\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** Map Verwijdert : C:\Program Files\Ask.com Map Verwijdert : C:\ProgramData\Trymedia Map Verwijdert : C:\Users\Ludo\AppData\Local\AskToolbar Map Verwijdert : C:\Users\Ludo\AppData\LocalLow\boost_interprocess Map Verwijdert : C:\Users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\Conduit Map Verwijdert : C:\Users\Ludo\AppData\Roaming\OpenCandy Map Verwijdert : C:\Users\Ludo\AppData\Roaming\pdfforge ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\b Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v17.0.1 (nl) Profielnaam : default File : C:\Users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\prefs.js C:\Users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\user.js ... Verwijdert ! Verwijdert : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Verwijdert : user_pref("CT2438727.CTID", "CT2438727"); Verwijdert : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0"); Verwijdert : user_pref("CT2438727.CurrentServerDate", "11-8-2010"); Verwijdert : user_pref("CT2438727.DialogsAlignMode", "LTR"); Verwijdert : user_pref("CT2438727.DownloadReferralCookieData", ""); Verwijdert : user_pref("CT2438727.FirstServerDate", "26-6-2010"); Verwijdert : user_pref("CT2438727.FirstTime", true); Verwijdert : user_pref("CT2438727.FirstTimeFF3", true); Verwijdert : user_pref("CT2438727.FirstTimeSettingsDone", true); Verwijdert : user_pref("CT2438727.GroupingInvalidateCache", false); Verwijdert : user_pref("CT2438727.GroupingLastCheckTime", "0"); Verwijdert : user_pref("CT2438727.GroupingLastServerUpdateTime", "0"); Verwijdert : user_pref("CT2438727.GroupingServerCheckInterval", 1440); Verwijdert : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Verwijdert : user_pref("CT2438727.Initialize", true); Verwijdert : user_pref("CT2438727.InitializeCommonPrefs", true); Verwijdert : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3); Verwijdert : user_pref("CT2438727.InstalledDate", "Fri Jun 25 2010 23:27:10 GMT+0200 (Romance (zomertijd))"); Verwijdert : user_pref("CT2438727.InvalidateCache", false); Verwijdert : user_pref("CT2438727.IsGrouping", false); Verwijdert : user_pref("CT2438727.IsMulticommunity", false); Verwijdert : user_pref("CT2438727.IsOpenThankYouPage", true); Verwijdert : user_pref("CT2438727.IsOpenUninstallPage", true); Verwijdert : user_pref("CT2438727.LanguagePackLastCheckTime", "Wed Aug 11 2010 08:36:08 GMT+0200 (Romance (zomert[...] Verwijdert : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440); Verwijdert : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Verwijdert : user_pref("CT2438727.LastLogin_2.5.8.6", "Tue Jul 20 2010 19:20:57 GMT+0200 (Romance (zomertijd))"); Verwijdert : user_pref("CT2438727.LastLogin_2.7.1.3", "Wed Aug 11 2010 20:36:08 GMT+0200 (Romance (zomertijd))"); Verwijdert : user_pref("CT2438727.LatestVersion", "2.7.1.3"); Verwijdert : user_pref("CT2438727.Locale", "en"); Verwijdert : user_pref("CT2438727.LoginCache", 4); Verwijdert : user_pref("CT2438727.MCDetectTooltipHeight", "83"); Verwijdert : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Verwijdert : user_pref("CT2438727.MCDetectTooltipWidth", "295"); Verwijdert : user_pref("CT2438727.RadioLastCheckTime", "0"); Verwijdert : user_pref("CT2438727.RadioLastUpdateIPServer", "0"); Verwijdert : user_pref("CT2438727.RadioLastUpdateServer", "0"); Verwijdert : user_pref("CT2438727.SHRINK_TOOLBAR", 1); Verwijdert : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Verwijdert : user_pref("CT2438727.SearchFromAddressBarIsInit", true); Verwijdert : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...] Verwijdert : user_pref("CT2438727.SearchInNewTabEnabled", true); Verwijdert : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440); Verwijdert : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Wed Aug 11 2010 21:18:09 GMT+0200 (Romance (zome[...] Verwijdert : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Verwijdert : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Verwijdert : user_pref("CT2438727.SettingsCheckIntervalMin", 120); Verwijdert : user_pref("CT2438727.SettingsLastCheckTime", "Wed Aug 11 2010 19:43:46 GMT+0200 (Romance (zomertijd)[...] Verwijdert : user_pref("CT2438727.SettingsLastUpdate", "1280964427"); Verwijdert : user_pref("CT2438727.ThirdPartyComponentsInterval", 504); Verwijdert : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Tue Aug 10 2010 20:02:56 GMT+0200 (Romance (zo[...] Verwijdert : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1278548974"); Verwijdert : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Verwijdert : user_pref("CT2438727.UserID", "UN28179037069844472"); Verwijdert : user_pref("CT2438727.ValidationData_Toolbar", 2); Verwijdert : user_pref("CT2438727.alertChannelId", "832836"); Verwijdert : user_pref("CT2438727.clientLogIsEnabled", false); Verwijdert : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Verwijdert : user_pref("CT2438727.myStuffEnabled", true); Verwijdert : user_pref("CT2438727.myStuffPublihserMinWidth", 400); Verwijdert : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Verwijdert : user_pref("CT2438727.myStuffServiceIntervalMM", 1440); Verwijdert : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Verwijdert : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Verwijdert : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Verwijdert : user_pref("CommunityToolbar.ToolbarsList", "CT2438727"); Verwijdert : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727"); Verwijdert : user_pref("CommunityToolbar.alert.alertInfoInterval", 60); Verwijdert : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Aug 11 2010 21:43:46 GMT+0200 (Roman[...] Verwijdert : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Verwijdert : user_pref("CommunityToolbar.alert.locale", "en"); Verwijdert : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Verwijdert : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 11 2010 21:18:09 GMT+0200 (Romance ([...] Verwijdert : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853"); Verwijdert : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Verwijdert : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Verwijdert : user_pref("CommunityToolbar.alert.showTrayIcon", false); Verwijdert : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Verwijdert : user_pref("CommunityToolbar.alert.userId", "{45b12261-5635-47f4-b643-fbc3ec92785f}"); Verwijdert : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Verwijdert : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Verwijdert : user_pref("browser.search.order.1", "Search the web (Babylon)"); Verwijdert : user_pref("extensions.BabylonToolbar.admin", false); Verwijdert : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Verwijdert : user_pref("extensions.BabylonToolbar.babExt", ""); Verwijdert : user_pref("extensions.BabylonToolbar.babTrack", "affID=107763"); Verwijdert : user_pref("extensions.BabylonToolbar.bbDpng", 2); Verwijdert : user_pref("extensions.BabylonToolbar.dfltSrch", false); Verwijdert : user_pref("extensions.BabylonToolbar.hmpg", false); Verwijdert : user_pref("extensions.BabylonToolbar.id", "ce50de3d000000000000001167000000"); Verwijdert : user_pref("extensions.BabylonToolbar.instlDay", "15309"); Verwijdert : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Verwijdert : user_pref("extensions.BabylonToolbar.lastDP", 2); Verwijdert : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1723:45:22"); Verwijdert : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0"); Verwijdert : user_pref("extensions.BabylonToolbar.newTab", true); Verwijdert : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Verwijdert : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Verwijdert : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Verwijdert : user_pref("extensions.BabylonToolbar.propectorlck", 61342229); Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 1); Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Verwijdert : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Verwijdert : user_pref("extensions.BabylonToolbar.ptch_0717", true); Verwijdert : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Verwijdert : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Verwijdert : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Verwijdert : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Verwijdert : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1723:45:22"); Verwijdert : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); -\\ Google Chrome v23.0.1271.97 File : C:\Users\Ludo\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [11598 octets] - [21/12/2012 11:48:55] ########## EOF - C:\AdwCleaner[s1].txt - [11659 octets] ########## - - - Updated - - - Probleem nog niet opgelost. In IE9 wordt ik in google omgeleid naar: http://worddictionary.com.au/?utm_source=aip&utm_medium=optional&utm_term=optional&utm_content=optional&utm_campaign=CampaignName

ComboFix 12-12-20.02 - Ludo 21-12-2012 11:11:37.3.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3070.1856 [GMT 1:00] Gestart vanuit: c:\users\Ludo\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Ludo\Desktop\CFScript AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))) . . 2012-12-21 10:26 . 2012-12-21 10:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-21 10:26 . 2012-12-21 10:26 -------- d-----w- c:\users\Lieve\AppData\Local\temp 2012-12-21 10:26 . 2012-12-21 10:26 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2012-12-21 10:26 . 2012-12-21 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-21 07:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 07:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 00:04 . 2012-12-21 10:26 -------- d-----w- c:\users\Ludo\AppData\Local\temp 2012-12-20 21:35 . 2012-12-20 21:35 -------- d-----w- c:\program files\Leadtek 2012-12-20 21:25 . 2012-12-20 21:25 -------- d-----w- c:\programdata\PDF Architect 2012-12-20 13:24 . 2012-12-20 13:24 -------- d-----w- c:\program files\iPod 2012-12-20 13:24 . 2012-12-20 13:25 -------- d-----w- c:\program files\iTunes 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-12-20 13:19 . 2012-12-20 13:20 -------- d-----w- c:\program files\QuickTime 2012-12-20 13:17 . 2012-12-20 13:17 -------- d-----w- c:\program files\Bonjour 2012-12-17 19:08 . 2012-12-17 19:08 388096 ----a-r- c:\users\Ludo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-17 09:17 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-12-17 09:17 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2012-12-17 09:17 . 2012-12-17 09:18 -------- d-----w- c:\program files\PDFCreator 2012-12-14 18:01 . 2012-12-14 18:01 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2012-12-14 17:58 . 2012-12-14 17:58 -------- d-----w- c:\programdata\Lavasoft 2012-12-14 17:58 . 2012-12-20 21:03 -------- d-----w- c:\program files\Ad-Aware Antivirus 2012-12-14 17:57 . 2012-12-14 17:57 44424 ----a-w- c:\windows\system32\sbbd.exe 2012-12-14 17:57 . 2012-12-14 17:57 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\program files\adawaretb 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\program files\Toolbar Cleaner 2012-12-14 17:56 . 2012-12-15 21:34 -------- d-----w- c:\users\Ludo\AppData\Roaming\Ad-Aware Antivirus 2012-12-13 01:12 . 2012-12-13 01:13 -------- d-----w- c:\users\Ludo\AppData\Roaming\PDF Architect 2012-12-12 11:43 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-12-10 23:39 . 2012-12-10 23:39 -------- d-----w- c:\users\Ludo\AppData\Roaming\APP_NAME_NON_STRING 2012-12-10 23:38 . 2012-10-28 17:32 88576 ----a-w- c:\windows\system32\pdfcmon.dll 2012-12-10 08:28 . 2012-12-10 08:28 122880 --sha-r- c:\windows\system32\C_1149W.dll 2012-12-07 08:03 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A799F2D-49BD-408D-B9FD-B7922F014CC0}\mpengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-15 21:38 . 2012-07-17 23:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-15 21:38 . 2012-07-17 23:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-16 07:39 . 2012-11-28 00:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-10-10 20:14 . 2009-07-13 22:09 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 20:14 . 2009-07-14 23:54 2428776 ----a-w- c:\windows\system32\nvapi.dll 2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll 2012-10-10 20:14 . 2011-08-13 22:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll 2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 20:14 . 2012-10-10 20:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll 2012-10-09 17:40 . 2012-11-14 12:21 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 12:21 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-03 16:58 . 2012-11-14 12:21 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42 . 2012-11-14 12:21 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42 . 2012-11-14 12:21 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42 . 2012-11-14 12:21 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 12:21 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42 . 2012-11-14 12:21 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40 . 2012-11-14 12:21 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21 . 2012-11-14 12:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-02 19:29 . 2010-10-16 11:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:29 . 2011-08-12 08:58 2557288 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-02 19:29 . 2010-10-16 11:42 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:29 . 2009-07-14 11:29 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:29 . 2010-10-16 11:42 2853224 ----a-w- c:\windows\system32\nvsvc.dll 2012-10-02 19:28 . 2010-10-16 11:42 3965288 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe 2012-09-25 22:47 . 2012-11-14 12:21 78336 ----a-w- c:\windows\system32\synceng.dll 2012-09-24 21:16 . 2012-10-25 06:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 1999-06-25 07:55 . 2008-05-09 14:22 149504 ----a-w- c:\program files\UNWISE.EXE 2012-11-29 08:26 . 2012-12-05 22:52 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-03 161336] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk] backup=c:\windows\pss\PDFCreator.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Ludo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] 2007-06-27 09:18 215256 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] 2011-05-13 14:27 884584 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-10-08 22:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-12-12 12:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-05-13 15:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport] 2007-06-27 09:14 439512 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2012-10-02 19:28 3965288 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2012-10-02 19:29 108392 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2012-10-02 19:29 2853224 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2007-02-04 11:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-11-14 14:50 4706304 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-09 13:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService] 2007-10-19 16:42 155648 ----a-w- c:\program files\HomeCinema\TV Enhance\TVEService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2010-11-20 12:20 859648 ----a-w- c:\windows\System32\OobeFldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2006-09-20 07:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe . R2 gupdate1c9f90f25e0dfb8;Google Updateservice (gupdate1c9f90f25e0dfb8);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [x] R2 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [x] R2 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [x] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [x] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [x] R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x] R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] R4 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R4 MpKsl03370312;MpKsl03370312;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D65724E6-01F8-4B8A-BA77-189E6F21FD85}\MpKsl03370312.sys [x] R4 MpKsl035317aa;MpKsl035317aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4B61E3-255E-4C75-AC01-B88E4320087E}\MpKsl035317aa.sys [x] R4 MpKsl0b7e66dc;MpKsl0b7e66dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27996703-9CDD-4146-B5F9-9DA9E80A824C}\MpKsl0b7e66dc.sys [x] R4 MpKsl1b904031;MpKsl1b904031;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKsl1b904031.sys [x] R4 MpKsl2d35253d;MpKsl2d35253d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A3AB075-532A-4AB9-BA58-BDB9C9535599}\MpKsl2d35253d.sys [x] R4 MpKsl52d2512a;MpKsl52d2512a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKsl52d2512a.sys [x] R4 MpKsl75a794c6;MpKsl75a794c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94810CF2-A2C3-40AA-9318-2A6BD12F9F80}\MpKsl75a794c6.sys [x] R4 MpKsl75b08b33;MpKsl75b08b33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D65724E6-01F8-4B8A-BA77-189E6F21FD85}\MpKsl75b08b33.sys [x] R4 MpKsl8cf43cdb;MpKsl8cf43cdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F5A7877-AF4D-4AD7-808A-8C9581650AEC}\MpKsl8cf43cdb.sys [x] R4 MpKslc93cedb2;MpKslc93cedb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKslc93cedb2.sys [x] R4 MpKsle580181c;MpKsle580181c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B3F112D-17D8-4E3E-BCE5-9B1A6F11ADCE}\MpKsle580181c.sys [x] R4 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R4 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [x] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [x] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 *Deregistered* - pavboot . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc . Inhoud van de 'Gedeelde Taken' map . 2012-12-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-18 21:55] . 2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:12] . 2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:12] . 2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529871-2663039784-3143822886-1001Core.job - c:\users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 09:52] . 2012-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529871-2663039784-3143822886-1001UA.job - c:\users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 09:52] . 2012-12-21 c:\windows\Tasks\USNLZSJ.job - c:\windows\system32\C_1149W.dll [2012-12-10 08:28] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 Trusted Zone: dexia.be Trusted Zone: dexia.be\directnet Trusted Zone: exact.nl Trusted Zone: exactonline.be Trusted Zone: exactonline.be\start Trusted Zone: fortuneo.be\www TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=F9A8E3AD7E1C78DC700BC3508F36C877 FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - ExtSQL: 2012-10-29 18:42; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-10-30 03:09; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "DisplayName"="Microsoft ActiveSync" "Name"="ActiveSync" "Order"=dword:00000001 "Param1"="ActiveSync" "State"=dword:00000013 "Type"="wellknown" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Order"=dword:00000004 "State"=dword:00000003 "Type"="IESettings" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Order"=dword:00000003 "State"=dword:00000003 "Type"="MediaFiles" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Order"=dword:00000002 "Param1"="NPW" "State"=dword:00000003 "Type"="wellknown" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "DisplayName"="Microsoft Outlook" "Name"="Outlook" "Order"=dword:00000000 "Param1"="Outlook" "State"=dword:00000020 "Type"="wellknown" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-21 11:31:08 ComboFix-quarantined-files.txt 2012-12-21 10:31 ComboFix2.txt 2012-12-21 00:10 ComboFix3.txt 2012-12-19 20:47 . Pre-Run: 85 380 571 136 bytes beschikbaar Post-Run: 85 327 106 048 bytes beschikbaar . - - End Of File - - D7803692BBDA61DEDE1CE46C00286CA2 - - - Updated - - - ComboFix 12-12-20.02 - Ludo 21-12-2012 11:11:37.3.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3070.1856 [GMT 1:00] Gestart vanuit: c:\users\Ludo\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Ludo\Desktop\CFScript AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))) . . 2012-12-21 10:26 . 2012-12-21 10:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-21 10:26 . 2012-12-21 10:26 -------- d-----w- c:\users\Lieve\AppData\Local\temp 2012-12-21 10:26 . 2012-12-21 10:26 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2012-12-21 10:26 . 2012-12-21 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-21 07:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 07:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 00:04 . 2012-12-21 10:26 -------- d-----w- c:\users\Ludo\AppData\Local\temp 2012-12-20 21:35 . 2012-12-20 21:35 -------- d-----w- c:\program files\Leadtek 2012-12-20 21:25 . 2012-12-20 21:25 -------- d-----w- c:\programdata\PDF Architect 2012-12-20 13:24 . 2012-12-20 13:24 -------- d-----w- c:\program files\iPod 2012-12-20 13:24 . 2012-12-20 13:25 -------- d-----w- c:\program files\iTunes 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-12-20 13:19 . 2012-12-20 13:20 -------- d-----w- c:\program files\QuickTime 2012-12-20 13:17 . 2012-12-20 13:17 -------- d-----w- c:\program files\Bonjour 2012-12-17 19:08 . 2012-12-17 19:08 388096 ----a-r- c:\users\Ludo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-17 09:17 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-12-17 09:17 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2012-12-17 09:17 . 2012-12-17 09:18 -------- d-----w- c:\program files\PDFCreator 2012-12-14 18:01 . 2012-12-14 18:01 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2012-12-14 17:58 . 2012-12-14 17:58 -------- d-----w- c:\programdata\Lavasoft 2012-12-14 17:58 . 2012-12-20 21:03 -------- d-----w- c:\program files\Ad-Aware Antivirus 2012-12-14 17:57 . 2012-12-14 17:57 44424 ----a-w- c:\windows\system32\sbbd.exe 2012-12-14 17:57 . 2012-12-14 17:57 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\program files\adawaretb 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\program files\Toolbar Cleaner 2012-12-14 17:56 . 2012-12-15 21:34 -------- d-----w- c:\users\Ludo\AppData\Roaming\Ad-Aware Antivirus 2012-12-13 01:12 . 2012-12-13 01:13 -------- d-----w- c:\users\Ludo\AppData\Roaming\PDF Architect 2012-12-12 11:43 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-12-10 23:39 . 2012-12-10 23:39 -------- d-----w- c:\users\Ludo\AppData\Roaming\APP_NAME_NON_STRING 2012-12-10 23:38 . 2012-10-28 17:32 88576 ----a-w- c:\windows\system32\pdfcmon.dll 2012-12-10 08:28 . 2012-12-10 08:28 122880 --sha-r- c:\windows\system32\C_1149W.dll 2012-12-07 08:03 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A799F2D-49BD-408D-B9FD-B7922F014CC0}\mpengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-15 21:38 . 2012-07-17 23:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-15 21:38 . 2012-07-17 23:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-16 07:39 . 2012-11-28 00:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-10-10 20:14 . 2009-07-13 22:09 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 20:14 . 2009-07-14 23:54 2428776 ----a-w- c:\windows\system32\nvapi.dll 2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll 2012-10-10 20:14 . 2011-08-13 22:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll 2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 20:14 . 2012-10-10 20:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll 2012-10-09 17:40 . 2012-11-14 12:21 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 12:21 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-03 16:58 . 2012-11-14 12:21 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42 . 2012-11-14 12:21 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42 . 2012-11-14 12:21 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42 . 2012-11-14 12:21 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 12:21 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42 . 2012-11-14 12:21 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40 . 2012-11-14 12:21 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21 . 2012-11-14 12:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-02 19:29 . 2010-10-16 11:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:29 . 2011-08-12 08:58 2557288 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-02 19:29 . 2010-10-16 11:42 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:29 . 2009-07-14 11:29 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:29 . 2010-10-16 11:42 2853224 ----a-w- c:\windows\system32\nvsvc.dll 2012-10-02 19:28 . 2010-10-16 11:42 3965288 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe 2012-09-25 22:47 . 2012-11-14 12:21 78336 ----a-w- c:\windows\system32\synceng.dll 2012-09-24 21:16 . 2012-10-25 06:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 1999-06-25 07:55 . 2008-05-09 14:22 149504 ----a-w- c:\program files\UNWISE.EXE 2012-11-29 08:26 . 2012-12-05 22:52 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-03 161336] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk] backup=c:\windows\pss\PDFCreator.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Ludo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] 2007-06-27 09:18 215256 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] 2011-05-13 14:27 884584 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-10-08 22:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-12-12 12:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-05-13 15:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport] 2007-06-27 09:14 439512 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2012-10-02 19:28 3965288 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2012-10-02 19:29 108392 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2012-10-02 19:29 2853224 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2007-02-04 11:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-11-14 14:50 4706304 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-09 13:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService] 2007-10-19 16:42 155648 ----a-w- c:\program files\HomeCinema\TV Enhance\TVEService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2010-11-20 12:20 859648 ----a-w- c:\windows\System32\OobeFldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2006-09-20 07:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe . R2 gupdate1c9f90f25e0dfb8;Google Updateservice (gupdate1c9f90f25e0dfb8);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [x] R2 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [x] R2 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [x] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [x] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [x] R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x] R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] R4 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R4 MpKsl03370312;MpKsl03370312;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D65724E6-01F8-4B8A-BA77-189E6F21FD85}\MpKsl03370312.sys [x] R4 MpKsl035317aa;MpKsl035317aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4B61E3-255E-4C75-AC01-B88E4320087E}\MpKsl035317aa.sys [x] R4 MpKsl0b7e66dc;MpKsl0b7e66dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27996703-9CDD-4146-B5F9-9DA9E80A824C}\MpKsl0b7e66dc.sys [x] R4 MpKsl1b904031;MpKsl1b904031;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKsl1b904031.sys [x] R4 MpKsl2d35253d;MpKsl2d35253d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A3AB075-532A-4AB9-BA58-BDB9C9535599}\MpKsl2d35253d.sys [x] R4 MpKsl52d2512a;MpKsl52d2512a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKsl52d2512a.sys [x] R4 MpKsl75a794c6;MpKsl75a794c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94810CF2-A2C3-40AA-9318-2A6BD12F9F80}\MpKsl75a794c6.sys [x] R4 MpKsl75b08b33;MpKsl75b08b33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D65724E6-01F8-4B8A-BA77-189E6F21FD85}\MpKsl75b08b33.sys [x] R4 MpKsl8cf43cdb;MpKsl8cf43cdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F5A7877-AF4D-4AD7-808A-8C9581650AEC}\MpKsl8cf43cdb.sys [x] R4 MpKslc93cedb2;MpKslc93cedb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKslc93cedb2.sys [x] R4 MpKsle580181c;MpKsle580181c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B3F112D-17D8-4E3E-BCE5-9B1A6F11ADCE}\MpKsle580181c.sys [x] R4 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R4 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [x] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [x] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 *Deregistered* - pavboot . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc . Inhoud van de 'Gedeelde Taken' map . 2012-12-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-18 21:55] . 2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:12] . 2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:12] . 2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529871-2663039784-3143822886-1001Core.job - c:\users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 09:52] . 2012-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529871-2663039784-3143822886-1001UA.job - c:\users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 09:52] . 2012-12-21 c:\windows\Tasks\USNLZSJ.job - c:\windows\system32\C_1149W.dll [2012-12-10 08:28] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 Trusted Zone: dexia.be Trusted Zone: dexia.be\directnet Trusted Zone: exact.nl Trusted Zone: exactonline.be Trusted Zone: exactonline.be\start Trusted Zone: fortuneo.be\www TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=F9A8E3AD7E1C78DC700BC3508F36C877 FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - ExtSQL: 2012-10-29 18:42; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-10-30 03:09; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "DisplayName"="Microsoft ActiveSync" "Name"="ActiveSync" "Order"=dword:00000001 "Param1"="ActiveSync" "State"=dword:00000013 "Type"="wellknown" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Order"=dword:00000004 "State"=dword:00000003 "Type"="IESettings" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Order"=dword:00000003 "State"=dword:00000003 "Type"="MediaFiles" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Order"=dword:00000002 "Param1"="NPW" "State"=dword:00000003 "Type"="wellknown" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "DisplayName"="Microsoft Outlook" "Name"="Outlook" "Order"=dword:00000000 "Param1"="Outlook" "State"=dword:00000020 "Type"="wellknown" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-21 11:31:08 ComboFix-quarantined-files.txt 2012-12-21 10:31 ComboFix2.txt 2012-12-21 00:10 ComboFix3.txt 2012-12-19 20:47 . Pre-Run: 85 380 571 136 bytes beschikbaar Post-Run: 85 327 106 048 bytes beschikbaar . - - End Of File - - D7803692BBDA61DEDE1CE46C00286CA2 - - - Updated - - - Oeps, had uw nieuw bericht nog niet gezien! Aangezien ik gisteren ComboFix had laten draaien zonder mijn virusscanner uit te schakelen, heb ik het opnieuw gedaan. Sorry! Zal nu ADWCleaner uitvoeren zoals u aangaf. Bedankt voor de hulp totnogtoe. Tot straks.

ComboFix 12-12-20.02 - Ludo 20-12-2012 23:09:53.2.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3070.1820 [GMT 1:00] Gestart vanuit: c:\users\Ludo\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Ludo\Desktop\CFScript AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt * Aanwezig AV is actief . . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxAPI.dll c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxInstallLog.txt c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspi.dll c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspiWDM.inf c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\gearaspiwdmx86.cat c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86\GEARAspiWDM.sys c:\programdata\blekko toolbars c:\programdata\blekko toolbars\toolbar.txt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))) . . 2012-12-21 00:04 . 2012-12-21 00:04 -------- d-----w- c:\users\Ludo\AppData\Local\temp 2012-12-21 00:04 . 2012-12-21 00:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-21 00:04 . 2012-12-21 00:04 -------- d-----w- c:\users\Lieve\AppData\Local\temp 2012-12-21 00:04 . 2012-12-21 00:04 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2012-12-21 00:04 . 2012-12-21 00:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-20 21:35 . 2012-12-20 21:35 -------- d-----w- c:\program files\Leadtek 2012-12-20 21:25 . 2012-12-20 21:25 -------- d-----w- c:\programdata\PDF Architect 2012-12-20 13:24 . 2012-12-20 13:24 -------- d-----w- c:\program files\iPod 2012-12-20 13:24 . 2012-12-20 13:25 -------- d-----w- c:\program files\iTunes 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-20 13:20 . 2012-12-20 13:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-12-20 13:19 . 2012-12-20 13:20 -------- d-----w- c:\program files\QuickTime 2012-12-20 13:17 . 2012-12-20 13:17 -------- d-----w- c:\program files\Bonjour 2012-12-17 19:08 . 2012-12-17 19:08 388096 ----a-r- c:\users\Ludo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-17 09:17 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-12-17 09:17 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2012-12-17 09:17 . 2012-12-17 09:18 -------- d-----w- c:\program files\PDFCreator 2012-12-14 18:01 . 2012-12-14 18:01 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2012-12-14 17:58 . 2012-12-14 17:58 -------- d-----w- c:\programdata\Lavasoft 2012-12-14 17:58 . 2012-12-20 21:03 -------- d-----w- c:\program files\Ad-Aware Antivirus 2012-12-14 17:57 . 2012-12-14 17:57 44424 ----a-w- c:\windows\system32\sbbd.exe 2012-12-14 17:57 . 2012-12-14 17:57 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\program files\adawaretb 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\program files\Toolbar Cleaner 2012-12-14 17:56 . 2012-12-15 21:34 -------- d-----w- c:\users\Ludo\AppData\Roaming\Ad-Aware Antivirus 2012-12-13 01:12 . 2012-12-13 01:13 -------- d-----w- c:\users\Ludo\AppData\Roaming\PDF Architect 2012-12-12 11:43 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-12-10 23:39 . 2012-12-10 23:39 -------- d-----w- c:\users\Ludo\AppData\Roaming\APP_NAME_NON_STRING 2012-12-10 23:38 . 2012-10-28 17:32 88576 ----a-w- c:\windows\system32\pdfcmon.dll 2012-12-10 08:28 . 2012-12-10 08:28 122880 --sha-r- c:\windows\system32\C_1149W.dll 2012-12-07 08:03 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A799F2D-49BD-408D-B9FD-B7922F014CC0}\mpengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-15 21:38 . 2012-07-17 23:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-15 21:38 . 2012-07-17 23:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-16 07:39 . 2012-11-28 00:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-10-10 20:14 . 2009-07-13 22:09 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 20:14 . 2009-07-14 23:54 2428776 ----a-w- c:\windows\system32\nvapi.dll 2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll 2012-10-10 20:14 . 2011-08-13 22:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll 2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 20:14 . 2012-10-10 20:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll 2012-10-09 17:40 . 2012-11-14 12:21 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 12:21 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-03 16:58 . 2012-11-14 12:21 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42 . 2012-11-14 12:21 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42 . 2012-11-14 12:21 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42 . 2012-11-14 12:21 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 12:21 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42 . 2012-11-14 12:21 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40 . 2012-11-14 12:21 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21 . 2012-11-14 12:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-02 19:29 . 2010-10-16 11:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:29 . 2011-08-12 08:58 2557288 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-02 19:29 . 2010-10-16 11:42 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:29 . 2009-07-14 11:29 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:29 . 2010-10-16 11:42 2853224 ----a-w- c:\windows\system32\nvsvc.dll 2012-10-02 19:28 . 2010-10-16 11:42 3965288 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe 2012-09-25 22:47 . 2012-11-14 12:21 78336 ----a-w- c:\windows\system32\synceng.dll 2012-09-24 21:16 . 2012-10-25 06:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 1999-06-25 07:55 . 2008-05-09 14:22 149504 ----a-w- c:\program files\UNWISE.EXE 2012-12-05 22:52 . 2012-12-05 22:52 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-03 161336] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk] backup=c:\windows\pss\PDFCreator.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Ludo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] 2007-06-27 09:18 215256 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] 2011-05-13 14:27 884584 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-10-08 22:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-12-12 12:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-05-13 15:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport] 2007-06-27 09:14 439512 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2012-10-02 19:28 3965288 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2012-10-02 19:29 108392 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2012-10-02 19:29 2853224 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2007-02-04 11:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-11-14 14:50 4706304 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-09 13:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService] 2007-10-19 16:42 155648 ----a-w- c:\program files\HomeCinema\TV Enhance\TVEService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2010-11-20 12:20 859648 ----a-w- c:\windows\System32\OobeFldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2006-09-20 07:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] R1 MpKsl03370312;MpKsl03370312;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D65724E6-01F8-4B8A-BA77-189E6F21FD85}\MpKsl03370312.sys [x] R1 MpKsl035317aa;MpKsl035317aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4B61E3-255E-4C75-AC01-B88E4320087E}\MpKsl035317aa.sys [x] R1 MpKsl0b7e66dc;MpKsl0b7e66dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27996703-9CDD-4146-B5F9-9DA9E80A824C}\MpKsl0b7e66dc.sys [x] R1 MpKsl1b904031;MpKsl1b904031;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKsl1b904031.sys [x] R1 MpKsl2d35253d;MpKsl2d35253d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A3AB075-532A-4AB9-BA58-BDB9C9535599}\MpKsl2d35253d.sys [x] R1 MpKsl52d2512a;MpKsl52d2512a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKsl52d2512a.sys [x] R1 MpKsl75a794c6;MpKsl75a794c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94810CF2-A2C3-40AA-9318-2A6BD12F9F80}\MpKsl75a794c6.sys [x] R1 MpKsl75b08b33;MpKsl75b08b33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D65724E6-01F8-4B8A-BA77-189E6F21FD85}\MpKsl75b08b33.sys [x] R1 MpKsl8cf43cdb;MpKsl8cf43cdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F5A7877-AF4D-4AD7-808A-8C9581650AEC}\MpKsl8cf43cdb.sys [x] R1 MpKslc93cedb2;MpKslc93cedb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKslc93cedb2.sys [x] R1 MpKsle580181c;MpKsle580181c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B3F112D-17D8-4E3E-BCE5-9B1A6F11ADCE}\MpKsle580181c.sys [x] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 gupdate1c9f90f25e0dfb8;Google Updateservice (gupdate1c9f90f25e0dfb8);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [x] R2 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [x] R2 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [x] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [x] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [x] R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x] R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [x] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [x] S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [x] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - FSUSBEXDISK *Deregistered* - mfeavfk01 *Deregistered* - pavboot . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc . Inhoud van de 'Gedeelde Taken' map . 2012-12-20 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-18 21:55] . 2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:12] . 2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:12] . 2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529871-2663039784-3143822886-1001Core.job - c:\users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 09:52] . 2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529871-2663039784-3143822886-1001UA.job - c:\users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 09:52] . 2012-12-21 c:\windows\Tasks\USNLZSJ.job - c:\windows\system32\C_1149W.dll [2012-12-10 08:28] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Inhoud van geselecteerde koppelingen toevoegen aan bestaand PDF-bestand - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Koppelingsinhoud toevoegen aan bestaand PDF-bestand - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Openen in PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Openen met Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_dut.dll /100 IE: PDF-bestand maken - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-bestand maken van koppelingsinhoud - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-bestanden maken van geselecteerde koppelingen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML Trusted Zone: dexia.be Trusted Zone: dexia.be\directnet Trusted Zone: exact.nl Trusted Zone: exactonline.be Trusted Zone: exactonline.be\start Trusted Zone: fortuneo.be\www TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=F9A8E3AD7E1C78DC700BC3508F36C877 FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - ExtSQL: 2012-10-29 18:42; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-10-30 03:09; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "DisplayName"="Microsoft ActiveSync" "Name"="ActiveSync" "Order"=dword:00000001 "Param1"="ActiveSync" "State"=dword:00000013 "Type"="wellknown" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Order"=dword:00000004 "State"=dword:00000003 "Type"="IESettings" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Order"=dword:00000003 "State"=dword:00000003 "Type"="MediaFiles" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Order"=dword:00000002 "Param1"="NPW" "State"=dword:00000003 "Type"="wellknown" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "DisplayName"="Microsoft Outlook" "Name"="Outlook" "Order"=dword:00000000 "Param1"="Outlook" "State"=dword:00000020 "Type"="wellknown" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-21 01:10:39 ComboFix-quarantined-files.txt 2012-12-21 00:10 ComboFix2.txt 2012-12-19 20:47 . Pre-Run: 84 641 366 016 bytes beschikbaar Post-Run: 84 702 863 360 bytes beschikbaar . - - End Of File - - DE4EBCF9C327227E2FDE4AF5227AE229

Bij het heropstarten werd mij gevraagd om Smart File Advisor opnieuw te installeren. Mag dit?

ComboFix 12-12-19.02 - Ludo 19-12-2012 21:22:20.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3070.1605 [GMT 1:00] Gestart vanuit: c:\users\Ludo\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Downloaded Installers c:\program files\Downloaded Installers\{ecbff841-a2af-4c89-88fd-d3576330775f}\setup.msi c:\program files\INSTALL.LOG c:\program files\WinPCap c:\programdata\ntuser.dat C:\UNWISE.EXE c:\users\Ludo\AppData\Roaming\.# c:\users\Ludo\AppData\Roaming\.#\MBX@A548@1CB28F8.### c:\users\Ludo\AppData\Roaming\.#\MBX@A548@1CB2928.### c:\users\Ludo\AppData\Roaming\.#\MBX@A548@1CB2958.### c:\windows\iun6002.exe c:\windows\system32\winspool.dll c:\windows\wininit.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-19 to 2012-12-19 )))))))))))))))))))))))))))))) . . 2012-12-19 20:37 . 2012-12-19 20:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-19 20:37 . 2012-12-19 20:37 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2012-12-19 20:37 . 2012-12-19 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-17 19:08 . 2012-12-17 19:08 388096 ----a-r- c:\users\Ludo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-17 09:17 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-12-17 09:17 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2012-12-17 09:17 . 2012-12-17 09:18 -------- d-----w- c:\program files\PDFCreator 2012-12-14 18:01 . 2012-12-14 18:01 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2012-12-14 17:58 . 2012-12-14 17:58 -------- d-----w- c:\programdata\Lavasoft 2012-12-14 17:58 . 2012-12-14 18:01 -------- d-----w- c:\program files\Ad-Aware Antivirus 2012-12-14 17:57 . 2012-12-14 17:57 44424 ----a-w- c:\windows\system32\sbbd.exe 2012-12-14 17:57 . 2012-12-14 17:57 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\programdata\blekko toolbars 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\users\Ludo\AppData\Local\adawarebp 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\program files\adawaretb 2012-12-14 17:57 . 2012-12-14 17:57 -------- d-----w- c:\program files\Toolbar Cleaner 2012-12-14 17:56 . 2012-12-15 21:34 -------- d-----w- c:\users\Ludo\AppData\Roaming\Ad-Aware Antivirus 2012-12-13 18:50 . 2012-12-13 18:50 -------- d-----w- c:\program files\CCleaner 2012-12-13 01:12 . 2012-12-13 01:13 -------- d-----w- c:\users\Ludo\AppData\Roaming\PDF Architect 2012-12-12 11:43 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-12-10 23:39 . 2012-12-10 23:39 -------- d-----w- c:\users\Ludo\AppData\Roaming\APP_NAME_NON_STRING 2012-12-10 23:38 . 2012-12-10 23:39 -------- d-----w- c:\program files\PDF Architect 2012-12-10 23:38 . 2012-10-28 17:32 88576 ----a-w- c:\windows\system32\pdfcmon.dll 2012-12-10 08:28 . 2012-12-10 08:28 122880 --sha-r- c:\windows\system32\C_1149W.dll 2012-12-03 06:04 . 2012-12-03 06:04 -------- d-----w- c:\program files\iPod 2012-12-03 06:04 . 2012-12-03 06:05 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-03 06:04 . 2012-12-03 06:05 -------- d-----w- c:\program files\iTunes . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-15 21:38 . 2012-07-17 23:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-15 21:38 . 2012-07-17 23:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-08 18:00 . 2012-12-07 08:03 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A799F2D-49BD-408D-B9FD-B7922F014CC0}\mpengine.dll 2012-10-16 07:39 . 2012-11-28 00:48 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll 2012-10-10 20:14 . 2009-07-13 22:09 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll 2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-10 20:14 . 2009-07-14 23:54 2428776 ----a-w- c:\windows\system32\nvapi.dll 2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll 2012-10-10 20:14 . 2011-08-13 22:43 1009512 ----a-w- c:\windows\system32\nvdispco32.dll 2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-10 20:14 . 2012-10-10 20:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll 2012-10-09 17:40 . 2012-11-14 12:21 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 12:21 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-03 16:58 . 2012-11-14 12:21 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42 . 2012-11-14 12:21 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42 . 2012-11-14 12:21 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42 . 2012-11-14 12:21 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 12:21 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42 . 2012-11-14 12:21 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40 . 2012-11-14 12:21 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21 . 2012-11-14 12:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-02 19:29 . 2010-10-16 11:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:29 . 2011-08-12 08:58 2557288 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-02 19:29 . 2010-10-16 11:42 108392 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:29 . 2009-07-14 11:29 62312 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:29 . 2010-10-16 11:42 2853224 ----a-w- c:\windows\system32\nvsvc.dll 2012-10-02 19:28 . 2010-10-16 11:42 3965288 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe 2012-09-29 18:54 . 2011-06-25 08:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 22:47 . 2012-11-14 12:21 78336 ----a-w- c:\windows\system32\synceng.dll 2012-09-24 21:16 . 2012-10-25 06:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 1999-06-25 07:55 . 2008-05-09 14:22 149504 ----a-w- c:\program files\UNWISE.EXE 2012-12-05 22:52 . 2012-12-05 22:52 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}] 2011-04-20 13:25 605888 ----a-w- c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}] 2012-11-22 16:05 91784 ----a-w- c:\program files\PDF Architect\PDFIEHelper.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files\PDF Architect\PDFIEPlugin.dll" [2012-11-22 731784] . [HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}] [HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1] [HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}] [HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Ludo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Ludo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Ludo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-28 39408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Spotify Web Helper"="c:\users\Ludo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-22 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-03 161336] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104] . c:\users\Ludo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Ludo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984] OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk] backup=c:\windows\pss\PDFCreator.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Ludo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] ????????????????????????e [?] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center] ???????????????e [?] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beidsystemtray . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] 2007-06-27 09:18 215256 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui] 2011-05-13 14:27 884584 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-10-08 22:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-11-28 23:49 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2011-05-13 15:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport] 2007-06-27 09:14 439512 ----a-w- c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2012-10-02 19:28 3965288 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2012-10-02 19:29 108392 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2012-10-02 19:29 2853224 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2007-02-04 11:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-11-14 14:50 4706304 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-09 13:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService] 2007-10-19 16:42 155648 ----a-w- c:\program files\HomeCinema\TV Enhance\TVEService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2010-11-20 12:20 859648 ----a-w- c:\windows\System32\OobeFldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe] 2006-09-20 07:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x] R1 MpKsl03370312;MpKsl03370312;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D65724E6-01F8-4B8A-BA77-189E6F21FD85}\MpKsl03370312.sys [x] R1 MpKsl035317aa;MpKsl035317aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D4B61E3-255E-4C75-AC01-B88E4320087E}\MpKsl035317aa.sys [x] R1 MpKsl0b7e66dc;MpKsl0b7e66dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27996703-9CDD-4146-B5F9-9DA9E80A824C}\MpKsl0b7e66dc.sys [x] R1 MpKsl1b904031;MpKsl1b904031;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKsl1b904031.sys [x] R1 MpKsl2d35253d;MpKsl2d35253d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A3AB075-532A-4AB9-BA58-BDB9C9535599}\MpKsl2d35253d.sys [x] R1 MpKsl52d2512a;MpKsl52d2512a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKsl52d2512a.sys [x] R1 MpKsl75a794c6;MpKsl75a794c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94810CF2-A2C3-40AA-9318-2A6BD12F9F80}\MpKsl75a794c6.sys [x] R1 MpKsl75b08b33;MpKsl75b08b33;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D65724E6-01F8-4B8A-BA77-189E6F21FD85}\MpKsl75b08b33.sys [x] R1 MpKsl8cf43cdb;MpKsl8cf43cdb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F5A7877-AF4D-4AD7-808A-8C9581650AEC}\MpKsl8cf43cdb.sys [x] R1 MpKslc93cedb2;MpKslc93cedb2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{421A61CA-153C-4A30-9B04-42FC3756D02A}\MpKslc93cedb2.sys [x] R1 MpKsle580181c;MpKsle580181c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B3F112D-17D8-4E3E-BCE5-9B1A6F11ADCE}\MpKsle580181c.sys [x] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 gupdate1c9f90f25e0dfb8;Google Updateservice (gupdate1c9f90f25e0dfb8);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [x] R2 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [x] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28u.sys [x] R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x] R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [x] S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x] S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [x] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [x] S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [x] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [x] S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [x] S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [x] S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x] S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [x] S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 *Deregistered* - pavboot . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc . Inhoud van de 'Gedeelde Taken' map . 2012-12-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-18 21:55] . 2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:12] . 2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:12] . 2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529871-2663039784-3143822886-1001Core.job - c:\users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 09:52] . 2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2105529871-2663039784-3143822886-1001UA.job - c:\users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 09:52] . 2012-12-19 c:\windows\Tasks\USNLZSJ.job - c:\windows\system32\C_1149W.dll [2012-12-10 08:28] . . ------- Bijkomende Scan ------- . uStart Page = about:blank mSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Inhoud van geselecteerde koppelingen toevoegen aan bestaand PDF-bestand - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Koppelingsinhoud toevoegen aan bestaand PDF-bestand - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Openen in PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Openen met Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_dut.dll /100 IE: PDF-bestand maken - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-bestand maken van koppelingsinhoud - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-bestanden maken van geselecteerde koppelingen - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll Trusted Zone: dexia.be Trusted Zone: dexia.be\directnet Trusted Zone: exact.nl Trusted Zone: exactonline.be Trusted Zone: exactonline.be\start Trusted Zone: fortuneo.be\www TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=F9A8E3AD7E1C78DC700BC3508F36C877 FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - ExtSQL: 2012-10-29 18:42; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-10-30 03:09; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Ludo\AppData\Roaming\Mozilla\Firefox\Profiles\qn8j0uwz.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF - ExtSQL: 2012-12-11 00:38; FFPDFArchitectConverter@pdfarchitect.com; c:\program files\PDF Architect\FFPDFArchitectExt FF - user.js: extensions.BabylonToolbar_i.id - ce50de3d000000000000001167000000 FF - user.js: extensions.BabylonToolbar_i.hardId - ce50de3d000000000000001167000000 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15309 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:45 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=107763 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_06\bin\jusched.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "DisplayName"="Microsoft ActiveSync" "Name"="ActiveSync" "Order"=dword:00000001 "Param1"="ActiveSync" "State"=dword:00000013 "Type"="wellknown" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Order"=dword:00000004 "State"=dword:00000003 "Type"="IESettings" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Order"=dword:00000003 "State"=dword:00000003 "Type"="MediaFiles" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Order"=dword:00000002 "Param1"="NPW" "State"=dword:00000003 "Type"="wellknown" . [HKEY_USERS\S-1-5-21-2105529871-2663039784-3143822886-1001\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "DisplayName"="Microsoft Outlook" "Name"="Outlook" "Order"=dword:00000000 "Param1"="Outlook" "State"=dword:00000020 "Type"="wellknown" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1740) c:\users\Ludo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\program files\stardock\fences\DesktopDock.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\taskhost.exe c:\program files\Core Temp\Core Temp.exe c:\program files\Intel\IntelDH\CCU\AlertService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\windows\system32\conhost.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Voltooingstijd: 2012-12-19 21:47:58 - machine werd herstart ComboFix-quarantined-files.txt 2012-12-19 20:47 . Pre-Run: 81 787 064 320 bytes beschikbaar Post-Run: 81 789 259 776 bytes beschikbaar . - - End Of File - - 0CBBDA728BD22DC8FE392D6014D764CC Bij Firefox doet het probleem zich momenteel niet meer voor. Bij IE9 is het probleem wel nog aanwezig. Met dank voor uw verdere hulp. - - - Updated - - - Bij Firefox doet het probleem zich opnieuw voor...

Ook naar volgende webpagina's wordt ik nog altijd omgeleid: English Dictionary - WordDictionary.co.uk http://freesearchquick.com/search.php?q=floralux&sid=152876&sa=54&p=1&s=36164&qt=1355865069&q=floralux&rf=http%3A%2F%2Fwww.google.be Google music.pinempire.com http://avatraffic.com/check.php?t=49828b58eb64f0f8977c7d8a0b1a23f5&sid=349 http://www.****splayground.com/ Normaal is dit niet meer...

Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free anti-malware download Databaseversie: v2012.12.18.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Ludo :: PC_VAN_LUDO [administrator] 18-12-2012 20:23:43 mbam-log-2012-12-18 (20-23-43).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 279937 Verstreken tijd: 15 minuut/minuten, 33 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:38:21, on 18-12-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Program Files\Core Temp\Core Temp.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Users\Ludo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\PROGRA~1\AD-AWA~1\AdAware.exe C:\Users\Ludo\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost #[iPv6] O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ghostery BHO - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file) O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120818123132.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Ludo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Ludo\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Inhoud van geselecteerde koppelingen toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Koppelingsinhoud toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Openen in PDF Professional 6 - res://C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O8 - Extra context menu item: Openen met Nuance PDF Converter 6.0 - res://C:\Program Files\Nuance\PDF Professional 6\cnvres_dut.dll /100 O8 - Extra context menu item: PDF-bestand maken - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-bestand maken van koppelingsinhoud - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-bestanden maken van geselecteerde koppelingen - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.dexia.be O15 - Trusted Zone: *.exact.nl O15 - Trusted Zone: *.exactonline.be O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://virusscanner.telenet.be/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files\GhosteryIEplugin\GhosteryMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate1c9f90f25e0dfb8) (gupdate1c9f90f25e0dfb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files\X10\Common\X10nets.exe -- End of file - 18102 bytes - - - Updated - - - Het probleem is helaas niet opgelost. De webpagina die ik aanklik in de Google resultaten wordt nog steeds omgeleid naar: http://36164.searchallengine.com/fly1?sid=126077&sa=3&p=1&s=36164&qt=1355863175&q=floralux&rf=http%3A%2F%2Fwww.google.be http://36164.searchallengine.com/fly?q=floralux&enk=JpHGgea5j5mPiY+ZxonGoY+JZqmmwcaZJrmm4ybjJg== http://50795.newbetterresults.com/fly4?sid=133156&sa=49&p=1&s=50795&qt=1355863209&q=floralux&rf=http%3A%2F%2F36164.searchallengine.com%2Ffly%3Fq%3Dfloralux%26enk%3DJpHGgea5j5mPiY%2BZxonGoY%2BJZqmmwcaZJrmm4ybjJg%3D%3D&enc=&enk=Jplmiaaxj6En4ybjpoHmyabjJpmmqQexZpEGyY%2BJj6E%3D&xsc=&xsp=&xsm=&xuc=&xcf=&xai=&qxcli=a35113311e5d48b1&qxsi=0836bd4cdce9c91d&mk=1&sx=1523&sy=857&bx=1523&by=734&mx=0&my=0&ifm=0&ol=615606b3451f00103a405f48c11746ff&tm=1355863208.85&etm=1355863208.86&cskey=hdr97&cookie_hostname=.newbetterresults.com Wat kan ik nu nog meer doen? Met dank bij voorbaat.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:42:05, on 17-12-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Core Temp\Core Temp.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Users\Ludo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\PROGRA~1\AD-AWA~1\AdAware.exe C:\Users\Ludo\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Windows\explorer.exe C:\Windows\system32\taskmgr.exe C:\Program Files\Microsoft Office\Office14\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe C:\Windows\system32\msfeedssync.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search Microsoft.com LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file) O1 - Hosts: # Copyright © 1993-2006 Microsoft Corp. O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ghostery BHO - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files \GhosteryIEplugin\GhosteryBrowserHelperObject.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16 -1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - (no file) O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files \Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft \Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C: \PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files \Java\jre7\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files \McAfee\SystemCore\ScriptSn.20120818123132.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C: \Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files \Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C: \PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files \Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" - check_deprecation O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support \APSDaemon.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support \AppleSyncNotifier.exe O4 - HKLM\..\Run: [smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection \adawarebp.exe" O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" -- windows-run O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Ludo\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Ludo\AppData\Roaming\Spotify\Data \SpotifyWebHelper.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: AutorunsDisabled O4 - Startup: Dropbox.lnk = Ludo\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office \Office14\ONENOTEM.EXE O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Trojan Guarder.lnk = C:\Program Files\Trojan Guarder\Trojan Guarder.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C: \PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows \system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C: \PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Inhoud van geselecteerde koppelingen toevoegen aan bestaand PDF- bestand - res://C:\Program Files\Nuance\PDF Professional 6\Bin \ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Koppelingsinhoud toevoegen aan bestaand PDF-bestand - res://C: \Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Openen in PDF Professional 6 - res://C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm O8 - Extra context menu item: Openen met Nuance PDF Converter 6.0 - res://C:\Program Files\Nuance \PDF Professional 6\cnvres_dut.dll /100 O8 - Extra context menu item: PDF-bestand maken - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-bestand maken van koppelingsinhoud - res://C:\Program Files \Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: PDF-bestanden maken van geselecteerde koppelingen - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - res://C:\Program Files\Nuance \PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B- C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer \WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer \WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files \Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files \GhosteryIEplugin\GhosteryBrowserHelperObject.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C: \Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307- 00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile \INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3- 9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C: \Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849- EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669- 0800200c9a66} - (no file) O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live \wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live \wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.dexia.be O15 - Trusted Zone: *.exact.nl O15 - Trusted Zone: *.exactonline.be O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://virusscanner.telenet.be/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype \SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files \GhosteryIEplugin\GhosteryMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus \AdAwareService.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files \Intel\IntelDH\CCU\AlertService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files \Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS \AdpPlugins\DQLWinService.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: Google Updateservice (gupdate1c9f90f25e0dfb8) (gupdate1c9f90f25e0dfb8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google \Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files \Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel \IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee \Common Framework\FrameworkService.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee \SystemCore\\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee \VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows \system32\mfevtps.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files \Clarus\Samsung SecretZone\MSSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib \NMIndexingService.exe O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files \Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows \system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect \HelperService.exe O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect \ConversionService.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files \Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater \Updater.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C: \Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files \HomeCinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files \Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program Files\Common Files \X10\Common\X10nets.exe -- End of file - 18874 bytes

Wanneer ik in Google een zoekopdracht geef en daarna op één van de resultaten klik wordt de webpagina afgeleid naar een webpagina die ik niet gevraagd heb. O.a. naar: Newbetterresults.com , http://freesearchquick.com/search.php?q= of http://46056.hotfeed.net/result/?affiliate= Dit doet zich zowel voor met IE9, met Firefox als met Google Chrome. Ik heb McAfee als standaard virusscanner. Ik heb ook al gescand met CCleaner, Malwarebytes Antimalware, AdAware en Spybot Search & Destroy. Tot op heden zonder enig resultaat. Wat kan, moet ik doen?