Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hardnekkige toolbars

None
32 antwoorden
  • Na installatie en uninstall. van "Unlocker" zag ik in HJT een aantal hardnekkige toolbars. HGraag zou ik advies hier over willen hebben hoe ik van die handel afkom:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:00:58, on 4-1-2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\MailWasher Pro\MailWasher.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
    O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe
    O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe


    End of file - 6589 bytes

    Met name die toolbar "no name" "sweet"en "sweetpacks" zijn met die Unlocker meegekomen. Uniblue-gedoe had ik al eerder verwijderd.
  • Ik weet niet waar je Unlocker vandaan hebt gehaald.
    Maar was dat Softonic - ja dan is alles duidelijk!
    Lees alles over wrappers hier: https://www.emsisoft.com/en/kb/articles/tec120224/

  • hier het ADW log:
    # AdwCleaner v2.104 - Verslag gemaakt op 04/01/2013 om 16:49:34
    # Geactualiseerd op 29/12/2012 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Gebruiker : Ultimate - ULTIMATE-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Ultimate\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    File Verwijdert : C:\END
    File Verwijdert : C:\Users\Ultimate\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
    File Verwijdert : C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
    File Verwijdert : C:\Users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\7ailpn14.default\searchplugins\SweetIm.xml
    Map Verwijdert : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
    Map Verwijdert : C:\Program Files\SweetIM
    Map Verwijdert : C:\ProgramData\SweetIM
    Map Verwijdert : C:\ProgramData\Tarma Installer
    Map Verwijdert : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
    Map Verwijdert : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\APN PIP
    Sleutel Verwijdert : HKCU\Software\Ask.com.tmp
    Sleutel Verwijdert : HKCU\Software\Softonic
    Sleutel Verwijdert : HKCU\Software\SweetIM
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\sim-packages
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
    Sleutel Verwijdert : HKLM\Software\PIP
    Sleutel Verwijdert : HKLM\Software\SweetIM
    Sleutel Verwijdert : HKLM\Software\Tarma Installer
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]

    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Mozilla Firefox v17.0.1 (nl)

    File : C:\Users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\7ailpn14.default\prefs.js

    Verwijdert : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\[…]

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\Ultimate\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [2083 octets] - [15/12/2012 13:41:44]
    AdwCleaner[S2].txt - [3712 octets] - [04/01/2013 16:49:34]

    ########## EOF - C:\AdwCleaner[S2].txt - [3772 octets] ##########

    en hier OTL.txt

    OTL logfile created on: 4-1-2013 16:59:54 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ultimate\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,43% Memory free
    6,50 Gb Paging File | 5,18 Gb Available in Paging File | 79,80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232,79 Gb Total Space | 192,10 Gb Free Space | 82,52% Space Free | Partition Type: NTFS
    Drive X: | 465,73 Gb Total Space | 245,77 Gb Free Space | 52,77% Space Free | Partition Type: NTFS
    Drive Z: | 298,09 Gb Total Space | 236,63 Gb Free Space | 79,38% Space Free | Partition Type: NTFS

    Computer Name: ULTIMATE-PC | User Name: Ultimate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

  • ik zag dat ik de vinkjes vergeten was bij "scan all user", bij LOP check en bij Purity check.
    Ik hoor wel of ik iets over moet doen. heb nu 3 (identieke?) logbestanden van OTX verzameld.
  • Het log is niet compleet.
    En het tweede log mist dus ook.
  • ik krijg echt maar één txt bestand:
    OTL logfile created on: 4-1-2013 20:31:40 - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ultimate\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,22% Memory free
    6,50 Gb Paging File | 5,13 Gb Available in Paging File | 79,03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232,79 Gb Total Space | 191,83 Gb Free Space | 82,41% Space Free | Partition Type: NTFS
    Drive X: | 465,73 Gb Total Space | 245,77 Gb Free Space | 52,77% Space Free | Partition Type: NTFS
    Drive Z: | 298,09 Gb Total Space | 236,63 Gb Free Space | 79,38% Space Free | Partition Type: NTFS

    Computer Name: ULTIMATE-PC | User Name: Ultimate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

  • Start OTL.exe wel op met administartorrechten.
    En je hebt OTL nu drie keer gebruikt, waarom is mij niet duidelijk en het log is weer incompleet of heb je mogelijk de aanvullende handelingen voor de start van OTL niet gedaan?

    En bij de eerste run van OTL met ook het tweede log zijn aangemaaakt!
  • Ik meen dat ik gewoon administratorrechten heb; hoe kan ik dat nagaan? De allereerste keer met OTL had ik niet aangevinkt (zoals ik schreef) en toen een keer over gedaan. dat zag er identiek uit (maar ik kan me vergissen).Er komt maar één txtbestand op bureaublad, wel steeds met een nieuw nummer. Nu dus voor de 3e keer in de hoop twéé txt bestanden te krijgen. Nee dus.
  • Je bent met jouw administratorrechten toch onderschikt aan de Trusted Installer in Windows.

    En daarom middels rechtsklik tools opstarten zoals beschreven!
    Dat staat er niet voor niks.
    En daarom ook dat jij je zelf extra werk bezorgt!
  • Abraham, ik heb opnieuw (met R klik en als administrator geselecteerd ) OTL gestart, de drie vinkjes gezet, en er komt maar één txt bestand uit. M.i. gelijk aan dat van gisteren. wat kan ik nog verder doen?
  • Hoi, dat vind ik dan vreemd.
    Ik acht het dan mogelijk, dat iets in jouw Windows OTL tegenwerkt.

    Dus gaan we nu eerst wat anders doen:

    [b:43a7a0c9c7]Welk programma[/b:43a7a0c9c7]:
  • Dat duurde langer dan bij eerdere gelegenheden, ook het maken van het log bestand:
    ComboFix 13-01-05.01 - Ultimate 05-01-2013 11:35:16.2.3 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3327.1943 [GMT 1:00]
    Gestart vanuit: C:\Users\Ultimate\Desktop\ComboFix.exe
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Windows\system32\roboot.exe

    —- Voorgaande Run ——-

    C:\Users\Ultimate\Desktop\Internet Explorer.lnk


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_uvnc_service
    ——-\Legacy_NPF


    (((((((((((((((((((( Bestanden Gemaakt van 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))


    2013-01-05 10:56:26 . 2013-01-05 10:56:26 ——– d—–w- C:\Users\Default\AppData\Local\temp
    2013-01-04 07:53:43 . 2012-11-08 18:00:47 6812136 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F23D9625-1353-411A-B495-A83F632FCAE5}\mpengine.dll
    2013-01-03 18:24:06 . 2013-01-03 20:06:08 ——– d—–w- C:\Program Files\Unlocker
    2013-01-03 18:24:01 . 2013-01-03 18:24:01 ——– d—–w- C:\Program Files\sweetpacks bundle uninstaller
    2013-01-03 13:51:12 . 2013-01-03 13:51:12 ——– d—–w- C:\Program Files\Macrium
    2013-01-02 14:56:43 . 2013-01-02 14:57:59 ——– d—–w- C:\Users\Ultimate\AppData\Local\Adobe
    2013-01-02 08:19:04 . 2013-01-02 08:19:15 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\InfraRecorder
    2013-01-02 08:19:03 . 2013-01-02 11:03:04 ——– d—–w- C:\Program Files\InfraRecorder
    2012-12-31 15:43:53 . 2012-12-31 15:43:53 ——– d—–w- C:\Users\Ultimate\AppData\Local\Freecorder 7 Video
    2012-12-31 15:39:41 . 2012-12-31 15:39:41 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\Freecorder 7 Video
    2012-12-31 15:39:40 . 2013-01-02 11:02:55 ——– d—–w- C:\Users\Ultimate\AppData\Local\Jaksta_Technologies_Pty_L
    2012-12-31 15:28:12 . 2012-12-31 15:49:08 ——– d—–w- C:\Program Files\Applian Technologies
    2012-12-29 08:27:03 . 2012-12-29 08:27:03 ——– d—–w- C:\Users\Ultimate\AppData\Local\Programs
    2012-12-27 11:07:17 . 2012-12-27 11:07:17 ——– d—–w- C:\Program Files\Microsoft Research
    2012-12-26 15:03:42 . 2012-12-26 15:04:57 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\Systweak
    2012-12-25 10:40:40 . 2010-08-25 04:00:00 290816 —-a-w- C:\Windows\system32\CNMLMAE.DLL
    2012-12-24 15:34:36 . 2012-12-24 15:34:36 13584 —-a-w- C:\Windows\system32\drivers\PSVolAcc.sys
    2012-12-24 15:34:12 . 2012-12-24 15:34:12 16656 —-a-w- C:\Windows\system32\drivers\pssnap.sys
    2012-12-24 15:33:14 . 2012-12-24 15:33:14 55056 —-a-w- C:\Windows\system32\drivers\psmounterex.sys
    2012-12-24 09:32:25 . 2012-12-24 09:32:25 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\AVS4YOU
    2012-12-24 09:31:36 . 2012-12-27 14:42:46 ——– d—–w- C:\Program Files\Common Files\AVSMedia
    2012-12-24 09:31:30 . 2012-12-27 14:42:43 ——– d—–w- C:\Program Files\AVS4YOU
    2012-12-24 09:31:30 . 2012-12-24 09:32:25 ——– d—–w- C:\ProgramData\AVS4YOU
    2012-12-24 09:31:30 . 2012-03-23 18:59:54 1700352 —-a-w- C:\Windows\system32\GdiPlus.dll
    2012-12-24 09:31:30 . 2012-03-23 18:59:48 24576 —-a-w- C:\Windows\system32\msxml3a.dll
    2012-12-23 18:24:28 . 2012-12-23 18:24:28 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\Rsolutions
    2012-12-23 18:24:28 . 2012-12-23 18:24:28 ——– d—–w- C:\Users\Ultimate\AppData\Local\Rsolutions
    2012-12-23 18:24:14 . 2013-01-02 03:03:39 ——– d—–w- C:\Program Files\Rsolutions
    2012-12-22 10:25:13 . 2012-12-22 10:25:13 ——– d—–w- C:\ProgramData\CanonIJ
    2012-12-22 10:05:04 . 2012-12-22 10:05:04 ——– d–h–w- C:\ProgramData\CanonBJ
    2012-12-22 10:04:55 . 2012-12-22 10:04:55 ——– d–h–w- C:\Windows\system32\CanonIJ Uninstaller Information
    2012-12-22 10:04:52 . 2010-03-18 18:25:16 307200 —-a-w- C:\Windows\system32\CNC5200L.dll
    2012-12-22 10:04:52 . 2010-03-18 16:12:28 1335296 —-a-w- C:\Windows\system32\CNC5200C.dll
    2012-12-22 10:04:52 . 2010-03-18 16:12:02 114688 —-a-w- C:\Windows\system32\CNC5200I.dll
    2012-12-22 10:04:52 . 2010-03-18 16:11:30 106496 —-a-w- C:\Windows\system32\CNC5200U.dll
    2012-12-22 10:04:27 . 2010-03-10 23:56:38 180224 —-a-w- C:\Windows\system32\CNMIUAE.DLL
    2012-12-22 10:04:19 . 2012-12-22 10:04:19 ——– d–h–w- C:\Program Files\CanonBJ
    2012-12-21 12:54:53 . 2012-12-21 12:54:53 ——– d—–w- C:\Users\Ultimate\Tracing
    2012-12-21 12:50:25 . 2012-12-21 13:11:03 ——– d—–w- C:\Program Files\Microsoft
    2012-12-21 12:38:45 . 2012-12-21 12:38:45 15712 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\1dcea4171cddf7814\MeshBetaRemover.exe
    2012-12-21 11:36:27 . 2009-09-04 16:44:40 69464 —-a-w- C:\Windows\system32\XAPOFX1_3.dll
    2012-12-21 11:36:27 . 2009-09-04 16:44:40 515416 —-a-w- C:\Windows\system32\XAudio2_5.dll
    2012-12-21 11:36:26 . 2009-09-04 16:29:34 453456 —-a-w- C:\Windows\system32\d3dx10_42.dll
    2012-12-21 11:35:57 . 2006-11-29 12:06:18 3426072 —-a-w- C:\Windows\system32\d3dx9_32.dll
    2012-12-21 11:35:02 . 2012-12-21 11:35:02 89944 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\369087f01cddf6f06\DSETUP.dll
    2012-12-21 11:35:02 . 2012-12-21 11:35:02 537432 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\369087f01cddf6f06\DXSETUP.exe
    2012-12-21 11:35:02 . 2012-12-21 11:35:02 1801048 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\369087f01cddf6f06\dsetup32.dll
    2012-12-21 11:34:57 . 2012-12-21 11:34:57 525656 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\3345decf1cddf6f05\DXSETUP.exe
    2012-12-21 11:34:57 . 2012-12-21 11:34:57 1691480 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\3345decf1cddf6f05\dsetup32.dll
    2012-12-21 11:34:56 . 2012-12-21 11:34:56 94040 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\3345decf1cddf6f05\DSETUP.dll
    2012-12-21 09:21:16 . 2012-12-16 14:13:28 295424 —-a-w- C:\Windows\system32\atmfd.dll
    2012-12-21 09:21:16 . 2012-12-16 14:13:20 34304 —-a-w- C:\Windows\system32\atmlib.dll
    2012-12-20 15:05:33 . 2012-12-30 10:31:10 ——– d—–w- C:\ProgramData\YTD Video Downloader
    2012-12-19 14:09:42 . 2012-12-19 14:09:45 ——– d—–w- C:\Users\Ultimate\AppData\Local\RawTherapee3.0.1
    2012-12-19 09:47:31 . 2012-12-19 09:47:31 ——– d—–w- C:\Windows\ERUNT
    2012-12-19 09:47:08 . 2012-12-19 10:08:36 ——– d—–w- C:\JRT
    2012-12-15 13:58:48 . 2012-12-15 13:58:48 ——– d—–w- C:\Program Files\Microsoft SkyDrive
    2012-12-15 13:58:48 . 2012-12-15 13:58:48 ——– d—–r- C:\Users\Ultimate\SkyDrive
    2012-12-15 13:58:39 . 2012-12-15 13:58:39 ——– d—–w- C:\ProgramData\Microsoft SkyDrive
    2012-12-15 13:56:17 . 2012-12-15 13:56:17 ——– d—–r- C:\MSOCache
    2012-12-15 13:52:20 . 2012-12-15 13:52:18 461464 ——w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2012-12-15 13:50:57 . 2012-12-15 14:14:10 ——– d—–w- C:\Program Files\Microsoft Office 15
    2012-12-13 14:04:11 . 2012-12-13 14:04:11 ——– d—–w- C:\Windows\Migration
    2012-12-13 14:01:59 . 2012-07-23 18:16:48 204105 —-a-w- C:\Windows\system32\winrm.vbs
    2012-12-13 08:38:45 . 2012-12-13 08:38:45 ——– d—–w- C:\ProgramData\MSScanAppDataDir
    2012-12-12 07:33:36 . 2012-11-22 02:56:02 2345984 —-a-w- C:\Windows\system32\win32k.sys
    2012-12-11 02:34:40 . 2012-12-11 02:34:40 ——– d—–w- C:\Program Files\Microsoft IntelliType Pro
    2012-12-10 20:00:37 . 2012-12-10 20:00:37 ——– d—–w- C:\Users\Default\AppData\Local\Microsoft Help
    2012-12-10 13:54:28 . 2012-12-10 13:54:28 ——– d—–w- C:\Windows\system32\%LOCALAPPDATA%
    2012-12-10 09:33:46 . 2012-12-10 09:33:46 ——– d—–w- C:\Users\Ultimate\AppData\Local\Microsoft Help
    2012-12-10 09:33:44 . 2012-12-13 08:15:01 ——– d—–w- C:\ProgramData\Microsoft Help
    2012-12-06 17:24:48 . 2013-01-05 10:33:10 ——– d—–w- C:\ProgramData\Avira
    2012-12-06 17:11:54 . 2012-12-06 17:22:42 ——– d—–w- C:\Program Files\Common Files\G Data
    .


    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-12-14 15:49:28 . 2012-10-16 13:40:22 21104 —-a-w- C:\Windows\system32\drivers\mbam.sys
    2012-12-11 20:04:42 . 2012-10-14 06:56:05 70584 —-a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
    2012-12-11 20:04:42 . 2012-10-14 06:56:05 691128 —-a-w- C:\Windows\system32\FlashPlayerApp.exe
    2012-12-05 10:29:12 . 2012-12-05 10:29:12 50080 —-a-w- C:\Windows\system32\drivers\PktIcpt.sys
    2012-11-30 11:07:16 . 2012-11-30 11:07:16 10792 —-a-w- C:\Windows\system32\GdScrSv.nl.dll
    2012-11-23 08:24:12 . 2012-06-14 12:53:10 821736 —-a-w- C:\Windows\system32
    pDeployJava1.dll
    2012-11-23 08:24:12 . 2012-06-14 12:53:10 746984 —-a-w- C:\Windows\system32\deployJava1.dll
    2012-10-29 07:50:29 . 2012-10-29 07:50:29 163056 —-a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-10-16 07:39:52 . 2012-11-28 10:07:02 561664 —-a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 17:40:31 . 2012-11-15 11:37:25 44032 —-a-w- C:\Windows\system32\dhcpcsvc6.dll
    2012-10-09 17:40:31 . 2012-11-15 11:37:25 193536 —-a-w- C:\Windows\system32\dhcpcore6.dll
    2012-10-07 14:21:12 . 2012-10-07 14:21:12 388096 —-a-r- C:\Users\Ultimate\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-11-29 08:26:57 . 2012-12-10 13:58:54 262112 —-a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 08:42:23 495616]
    "FileHippo.com"="C:\Program Files\FileHippo.com\UpdateChecker.exe" [2012-11-23 08:22:04 307712]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm"="C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 12:41:08 73392]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 15:39:48 1313640]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 17:50:00 2516296]
    "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 09:18:54 1185112]
    "ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2012-08-30 11:03:12 738984]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""

    [HKLM\~\startupfolder\C:^Users^Ultimate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasher.lnk]
    backup=C:\Windows\pss\MailWasher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
    2011-10-21 20:47:04 743560 —-a-w- C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
    2011-10-21 20:47:02 70792 —-a-w- C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EMET Notifier]
    2012-05-09 12:25:58 152152 —-a-w- C:\Program Files\EMET\EMET_notifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailWasher]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-12-14 15:49:28 824232 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2012-04-05 23:24:32 641664 —-a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2012-08-28 05:41:06 247768 —-a-w- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

    R1 Uim_Vim;UIM Virtual Image Plugin;C:\Windows\system32\Drivers\Uim_Vim.sys [x]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files\Secunia\PSI\sua.exe [x]
    R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
    S0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys [x]
    S0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys [x]
    S0 pssnap;Paramount Software Snapshot Filter;C:\Windows\system32\DRIVERS\pssnap.sys [x]
    S1 EUDSKACS;EUDSKACS;C:\Windows\system32\drivers\eudskacs.sys [x]
    S1 EUFDDISK;EUFDDISK;C:\Windows\system32\drivers\EuFdDisk.sys [x]
    S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    S2 CrossLoopService;CrossLoop Service;C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe [x]
    S2 EaseUS Agent;EaseUS Agent;C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [x]
    S2 Guard Agent;Guard Agent;C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
    S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [x]
    S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [x]
    S2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files\Secunia\PSI\PSIA.exe [x]
    S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [x]
    S3 amdiox86;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox86.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW73.sys [x]
    S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys [x]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    GPSvcGroup REG_MULTI_SZ GPSvc

    Inhoud van de 'Gedeelde Taken' map

    2013-01-05 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 06:56:05 . 2012-12-11 20:04:53]

    2013-01-05 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-07 09:05:07 . 2012-05-07 09:05:03]

    2013-01-05 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-07 09:05:07 . 2012-05-07 09:05:03]


    ——- Bijkomende Scan ——-

    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    FF - ProfilePath - C:\Users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\7ailpn14.default\
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-12-18 08:54; {37fa1426-b82d-11db-8314-0800200c9a66}; C:\Users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\7ailpn14.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi

    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe



    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_108_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_108_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"

    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"

    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
    "v5Licence0"="15-AJV9-DUDP-TER2-S5M4-FKYA-GWX7X6N"
    "Activated"="N"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    @DACL=(02 0000)
    "DisplayName"="@ieframe.dll,-12512"
    @="Live Search"
    "URL"="http://search.live.com
    esults.aspx?q={searchTerms}&src={referrer:source?}"

    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'lsass.exe'(552)
    C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'Explorer.exe'(3568)
    C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'explorer.exe'(6112)
    C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    ———————— Andere Aktieve Processen ————————

    C:\Windows\system32\atieclxx.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\MailWasher Pro\MailWasher.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    Z:\05 p r o g r a m m a s en filmpjes en meer\schoonmakertjes,diagnostiek,mailwasher\A V I R A sinds nov. 2012\avira_free_antivirus_nl.exe
    C:\Users\Ultimate\AppData\Local\Temp\RarSFX0\presetup.exe
    C:\Users\Ultimate\AppData\Local\Temp\RarSFX0\setup.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avconfig.exe
    C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    C:\Windows\System32\vdsldr.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\program files\avira\antivir desktop\avscan.exe

    **************************************************************************

    Voltooingstijd: 2013-01-05 13:03:44 - machine werd herstart

    ik hoop dat er wat te zien is.

  • Ik heb wel vraagtekens wat betreft Sweetpacks en ComboFix heeft wel degelijk het een en ander verwijderd.

    [b:1db7f92ef7]Doe de ESET online scan (Klik).[/b:1db7f92ef7]
    [list:1db7f92ef7]
    [*:1db7f92ef7]Klik op de knop [b:1db7f92ef7]ESET Online Scanner[/b:1db7f92ef7]
    [*:1db7f92ef7]Zet een vinkje bij [b:1db7f92ef7]YES, I accept the Terms of Use[/b:1db7f92ef7]
    [*:1db7f92ef7]Klik op [b:1db7f92ef7]Start[/b:1db7f92ef7]
    [*:1db7f92ef7]Sta het ActiveX control toe om te installeren.
    [*:1db7f92ef7]Zet een vinkje bij de volgende opties:
    [list:1db7f92ef7][*:1db7f92ef7][b:1db7f92ef7]Remove found threats[/b:1db7f92ef7]
    [*:1db7f92ef7][b:1db7f92ef7]Scan archives[/b:1db7f92ef7][/list:u:1db7f92ef7]
    [*:1db7f92ef7]Klik vervolgens op [b:1db7f92ef7]
  • heb na ongeveer 1/3 scan de Avira maar gedeactiveerd, want het duurt wel erg lang. Hopelijk gaat het nu wat sneller, maar een aantal uren zal het nog wel duren. Tot nu toe 3 dezelfde Win32/opencandy/application gevonden.
  • en toen gin het ineens heel snel:
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=e5ff5a6bc0e7f84cb37dc8d8afad196c
    # end=stopped
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-02 07:15:47
    # local_time=2012-07-02 09:15:47 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 4598891 4598891 0 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776573 100 94 17058 92886844 0 0
    # compatibility_mode=8192 67108863 100 0 202 202 0 0
    # scanned=37122
    # found=0
    # cleaned=0
    # scan_time=894
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6844
    # api_version=3.0.2
    # EOSSerial=e5ff5a6bc0e7f84cb37dc8d8afad196c
    # end=stopped
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=false
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-12-15 01:17:20
    # local_time=2012-12-15 02:17:20 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1023 16777215 0 0 0 0 0 0
    # compatibility_mode=1799 16775165 100 98 63430 126245145 56212 0
    # compatibility_mode=5893 16776573 100 94 106468 107208631 0 0
    # compatibility_mode=9217 16777214 75 4 458192 458192 0 0
    # scanned=64722
    # found=0
    # cleaned=0
    # scan_time=1819
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6844
    # api_version=3.0.2
    # EOSSerial=e5ff5a6bc0e7f84cb37dc8d8afad196c
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-01-05 03:11:11
    # local_time=2013-01-05 04:11:11 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1023 16777215 0 0 0 0 0 0
    # compatibility_mode=1799 16775165 100 98 13439 128066376 6226 0
    # compatibility_mode=5893 16776574 100 94 15180 109029862 0 0
    # compatibility_mode=9217 16777214 75 4 2279423 2279423 0 0
    # scanned=72298
    # found=3
    # cleaned=0
    # scan_time=9148
    B:\05 p r o g r a m m a s en filmpjes en meer\branders\cdb xp brander\cdbxp_setup_4.4.2.3442.exe Win32/OpenCandy application (unable to clean) 5ECBBB9045FE2455FB3EFA512B13C47CEAE2EA07 I
    B:\05 p r o g r a m m a s en filmpjes en meer\schoonmakertjes,diagnostiek,mailwasher\harde schijf info.exe Win32/OpenCandy application (unable to clean) FDA564CA7C6F0925F1984F8B0A247B522A11936D I
    B:\05 p r o g r a m m a s en filmpjes en meer\spelers en fraps\Kantaris_0.7.7_setup(1).exe Win32/OpenCandy application (unable to clean) 30BE86BDC92BD56B0C615172A03615D0FB5E1A6A I


    ook een melding van die drie dingen die met het brandprogramma cdburner meegekomen zijn in een (ngebouwde) extra schijf.
  • OpenCandy is geen virusmateriaal of zo.
    Maar scanners zien het anderzijds terecht als spyware!
    Want OpenCandy geeft de uitbrengers van software informatie over het gebruik van die software!

    Hoe gaat het ondertussen met jouw Windows?
  • Met mijn Windows 7 had ik geen klachten, maar ik merkte die toolbars op in een HJT. Die zijn nu verdwenen.En die "Unlocker" was mij op een ander subforum aangeraden omdat er een raar ding op mijn bureaublad stond dat ik maar niet weg kreeg. dat is toen wel gelukt. Heel veel dank voor de zoveelste keer!
  • Fijn dat de problemen zijn opgelost.

    a)
  • Ik zie dat je 7/24 werkt.Zag dat OTL dan ook zichzelf dan opruimt: handig.
    Die Eset online scanner had ik al langere tijd; vroeger had ik ook het bijbehorende antivirusprogramma (nu Avira). Nogmaals veel dank
  • Een tip dan: Avast 7 Free is The Best Free!
    Ik gebruik zelf Avast in combinatie met de Emsisoft Online Scanner.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.