Mededeling

Collapse
No announcement yet.

Opstarten van de pc opent automatisch de internet explorer.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Opstarten van de pc opent automatisch de internet explorer.

    Beste lezer,

    Om het probleem te verhelpen heb ik al een aantal scans gemaakt met: Comodo (mijn standaard anti-virus programma), MBAM (mijn standaard probleem oplosser), Emsisoft (back-up probleem oplosser) en ook nog Trendmicro. Uiteindelijk heb ik het systeem teruggezet tot 28-10-2013, maar ook dit mocht niet baten. De scans hebben overigens niets opgeleverd.

    Het probleem:
    Bij het opstarten van de pc worden er op het eind een aantal webpagina's geopend. Namelijk deze vijf:

    https://fbcdn-photos-a-a.akamaihd.ne...locdn.html?v=1
    https://fbcdn-profile-a.akamaihd.net...locdn.html?v=1
    https://fbcdn-photos-a-a.akamaihd.ne...locdn.html?v=1
    https://fbcdn-profile-a.akamaihd.net...locdn.html?v=1
    https://photos-a.xx.fbcdn.net/hphoto...locdn.html?v=1

    Het enige dat je ziet is de genoemde adresregel en verder is de pagina gewoon wit.


    Hierbij de DDS log:
    #####################################################################
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2
    Run by Mitchell Eestermans at 20:02:01 on 2013-11-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3574.2038 [GMT 1:00]
    .
    AV: COMODO Antivirus *Enabled/Outdated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Program Files\HitmanPro.Alert\hmpalert.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\EscSvc.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Ask.com\Updater\Updater.exe
    C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Samsung\Kies\Kies.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\Samsung\Kies\KiesAirMessage.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIJE.EXE
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIIJE.EXE
    C:\Users\Mitchell Eestermans\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=NL&userid=2e58eb95-8a53-4093-85aa-7abf4bdd3e0d&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
    TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Facebook Update] "c:\users\mitchell eestermans\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_fatiije.exe /ept "epltarget\P0000000000000000" /M "XP-402 403 405 406 Series"
    uRun: [EPLTarget\P0000000000000001] c:\windows\system32\spool\drivers\w32x86\3\e_fatiije.exe /ept "epltarget\P0000000000000001" /M "XP-402 403 405 406 Series"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero backitup 4\NBKeyScan.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
    mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\mitche~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\mitchell eestermans\appdata\local\facebook\messenger\2.1.4814.0\FacebookMessenger.exe
    StartupFolder: c:\users\mitche~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    TCP: Interfaces\{4E87F4FA-2A05-49F1-BCFC-076681FA3754} : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    TCP: Interfaces\{4E87F4FA-2A05-49F1-BCFC-076681FA3754}\3585535313346433431434 : DHCPNameServer = 192.168.2.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 20072]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-6-18 582936]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-6-18 44752]
    R1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\trusteer\rapport\store\exts\rapportcerber us\baseline\RapportCerberus32_51755.sys [2013-6-24 317112]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
    R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2013-10-31 142432]
    R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-9-19 122000]
    R2 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-5 39272]
    R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    R2 hmpalert;HitmanPro.Alert Service;c:\program files\hitmanpro.alert\hmpalert.exe [2013-6-25 531304]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\comodo\comodo internet security\cmdvirth.exe [2013-6-18 131288]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864]
    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2008-3-20 23040]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-7-21 36608]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-31 14848]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-2-6 181784]
    S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [2013-2-6 181912]
    S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [2012-10-20 181344]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-31 49664]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-1 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2013-11-05 18:54:13 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{164CC0CF-3D60-49A5-80AA-FD7E2CEB2DB9}
    2013-11-05 18:44:33 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{85F07977-1138-41D2-BED0-8984557F5119}
    2013-11-05 18:27:58 -------- d-----w- c:\program files\Filseclab
    2013-11-05 11:55:10 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{F2740A55-A17E-4E30-9B3D-36A652FD48F8}
    2013-11-04 07:42:38 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{A3D3F182-4C93-4677-8B44-56F14B1C4726}
    2013-11-02 09:56:45 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{668D3357-7979-470F-8D58-C0D17F1CD047}
    2013-11-01 10:01:00 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{1AFE900C-2721-40FB-8F9D-811E35E2144B}
    2013-10-31 18:51:31 -------- d-----w- C:\EEK
    2013-10-31 13:12:10 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{DCA04F65-6023-4589-906C-2FF7F54E32CB}
    2013-10-30 10:49:27 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{5D10CE5A-E369-4A4F-B885-E7585BAA2D09}
    2013-10-29 11:57:36 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{E776C4F1-89D4-4A3F-ACCA-DBE3DB33B072}
    2013-10-28 09:26:01 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{335272E8-E874-4184-99DD-E09EC134E3AD}
    2013-10-27 10:48:38 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{9BED664F-C325-4C5B-B32A-CD6D442874D1}
    2013-10-26 18:21:45 -------- d-----w- c:\program files\Handbrake
    2013-10-26 15:54:57 -------- d-----w- c:\users\mitchell eestermans\appdata\roaming\AnvSoft
    2013-10-26 11:38:45 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{2A6EE3BD-54A2-4322-8178-6044D7FA926A}
    2013-10-25 13:28:16 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{8FA05055-2859-49DC-8D24-22CBDAB72E8B}
    2013-10-24 10:17:43 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{184EA5E5-05A7-48C4-AD73-6ED17D469484}
    2013-10-23 12:59:47 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{31A7BC8F-93D3-486B-BD29-C23F4ECA613C}
    2013-10-22 09:38:58 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{4656942D-17FE-40A0-BB03-16A06F9FCEF3}
    2013-10-21 11:47:06 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{AD50F7DF-8985-4229-AAB5-7496D9BD0837}
    2013-10-20 14:38:16 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{3DAB3915-BDEB-46FB-9290-50A868028836}
    2013-10-18 12:36:26 -------- d-----w- c:\programdata\Oracle
    2013-10-18 12:36:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-10-18 12:27:55 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{EDC36C97-6D92-46ED-88B2-D02C05111BBF}
    2013-10-17 10:53:14 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{2D337A16-8573-49C0-98A6-EA5822FE3103}
    2013-10-16 13:07:00 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{F6D4B057-A0E5-483B-8276-218C2C181D4B}
    2013-10-15 16:55:22 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{23EF01AE-9A36-41BD-9197-D1FC8179C30F}
    2013-10-14 13:16:41 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{069D3147-E538-4B6A-8452-0BC099B1892B}
    2013-10-13 12:14:44 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{88E34993-B266-4E35-A977-A99D06F4388E}
    2013-10-12 11:42:15 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{94301789-3CD4-463D-A6E4-E84E0043B4AD}
    2013-10-10 14:41:17 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{896060B5-8DD1-4C46-B1F9-0C7634921196}
    2013-10-09 14:18:54 530432 ----a-w- c:\windows\system32\comctl32.dll
    2013-10-09 14:01:43 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{1A231A6D-E06D-4B03-B253-A8426DDFE373}
    2013-10-08 12:26:41 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{D428E69B-ACAF-4CD2-9B6A-188C674F5950}
    2013-10-07 11:02:08 -------- d-----w- c:\users\mitchell eestermans\appdata\local\{78122ED9-6E36-46E7-9C17-3E5BDEDE9FAC}
    .
    ==================== Find3M ====================
    .
    2013-10-09 14:40:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-09 14:40:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-09-24 10:54:08 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2013-09-24 10:54:08 44752 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2013-09-24 10:54:07 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2013-09-24 10:53:51 36000 ----a-w- c:\windows\system32\cmdcsr.dll
    2013-09-24 10:53:51 354240 ----a-w- c:\windows\system32\guard32.dll
    2013-09-24 10:53:35 280792 ----a-w- c:\windows\system32\cmdvrt32.dll
    2013-09-24 10:53:34 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
    2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll
    2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll
    2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll
    2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
    2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
    2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
    2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
    .
    ============= FINISH: 20:03:18,39 ===============
    #####################################################################


    En hierbij de Gmer log:
    #####################################################################
    Deze log is zeer groot, mijn totale tekst zou dan 239.319 tekens bedragen, dus ik heb deze niet gepost, omdat het bestand maar 50.000 tekens groot mag zijn. Indien dit anders kan, dan hoor ik het graag.
    #####################################################################


    Ik hoop dat iemand mij met en van dit probleem af kan helpen. Ik weet überhaupt niet of dit kwaad kan, maar het hoort in ieder geval niet.

    Groet,

    Kidaatje.

  • #2
    Beste lezer,

    Nog even een aanvulling op het probleem.
    Op het moment dat ik meteen na het opstarten enige vorm van applicatie opstart, dan gebeurt er qua 'spookopstarten' niets, maar als ik de pc opgestart heb en ik wacht dan enige tijd, dan worden de lege browservensters automatisch geopend.

    Groet,

    Kidaatje.

    Comment


    • #3
      Download Zoek.zip naar het bureaublad.
      1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
      2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

      • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
      • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
      • Kopieer nu onderstaande code en plak die in het grote invulvenster:
      • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
        Code:
        emptyclsid;
        emptyfolderscheck;delete
        firefoxlook; 
        Chromelook;  
        autoclean; 
        iedefaults; 
        filesrcm;
      • Klik nu op de knop "Run script".
      • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
      • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
      • Post het geopende logje in het volgende bericht als bijlage.

      Windows 10 opstarten in Veilige Modus

      Comment


      • #4
        Beste Juisterr,

        Hierbij het logje:

        Zoek.exe Version 4.0.0.5 Updated 05-November-2013
        Tool run by Mitchell Eestermans on do 07-11-2013 at 14:18:58,14.
        Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
        Running in: Normal Mode Internet Access Detected
        Launched: C:\Users\Mitchell Eestermans\Desktop\Zoek\zoek.exe [Script inserted]

        ==== System Restore Info ======================

        7-11-2013 14:21:05 Zoek.exe System Restore Point Created Succesfully.

        ==== Empty Folders Check ======================

        C:\Program Files\Bitdefender deleted successfully
        C:\Program Files\Filseclab deleted successfully
        C:\Program Files\MSXML 4.0 deleted successfully
        C:\Program Files\TomTom DesktopSuite deleted successfully
        C:\ProgramData\Oracle deleted successfully
        C:\Users\Mitchell Eestermans\AppData\Roaming\Google deleted successfully
        C:\Users\Mitchell Eestermans\AppData\Roaming\NeroDigital(TM) deleted successfully
        C:\Users\Mitchell Eestermans\AppData\Roaming\WinRAR deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{02494BF1-4242-4B75-AACC-BC927DFBEB5C} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{02BC8037-3A3F-43E0-9263-3887CE8B926F} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{0825FD54-55D4-49AA-BCBF-06D0CE2B3040} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{0BFD8FCF-F7E0-4D7C-B73D-E6D1820F1D0C} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{125550AB-C1CF-490A-B8F1-94D1DAE55B77} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{131CEED9-FE00-4218-BD92-83BFB6AC0738} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{1731F8B0-1286-4A9E-A6AF-137372EAB4AC} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{1A00BEB0-5460-45D1-B8FC-EC4177F91D73} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{1B83FB47-5CB3-439A-8529-53DCCD6AA687} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{1C9DCD49-5AD4-4634-B524-34467EF4B2B0} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{22F12893-5468-43E1-95BD-4E29039B0AB4} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{236B28C0-A15B-4BBA-B549-66B787653DF2} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{262ACCDF-ACFF-48F6-9B33-B78C6B71C0D0} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{30EDBB10-528E-47FA-BDA1-0AA2F7608097} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{37473B7B-D098-4A7C-86E2-DCC43D08C160} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{3EAEB435-9155-47EC-8040-3BA7BA1CB037} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{4171205B-CC4E-4007-AB3D-7FD088A5931A} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{43D784A4-D689-47D2-83C0-261FDC28D05D} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{4E68D5F8-D886-453C-93CE-6CD31CF4F932} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{4F298C91-8836-4646-B426-A962F8AD78BE} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{4FDC1C60-49D0-48A9-83AE-2B0ADD20D74E} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{534C29BC-73C6-46FC-815D-F1022C0F56F4} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{54020BF2-43C0-41D5-9165-663A62B7EB17} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{5527EEC6-CD27-48A6-8709-1CA3CF47AB27} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{556921E0-5507-4FAF-9E84-01C55BF4A8D5} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{593898E7-E152-4A1D-81EF-0D6C46029DBC} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{59A64B08-F020-4408-B9F6-3A3F7684B885} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{5B2557A3-7357-475B-925F-4035C3B5B4B4} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{63A61630-06AD-4FFA-99FF-41500F4660E3} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{6A64DA9C-B804-497C-8396-336FC787E544} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{6CE92AA6-08AC-485C-96ED-B3D125134DAF} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{70821F17-42EF-48B1-9FED-F5404B7D25F8} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{7297317E-B8E7-4060-95CB-C6722F9D18F4} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{74170698-B900-46B5-BB1C-F2BAB2CC5A35} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{7893D2A7-CF41-45AF-B1E4-CB4F6612BB2F} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{79308F45-AE4A-4C61-A9E4-332C1BE7960E} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{79CDC75C-13DA-40B1-9B4E-10F4466D0CF6} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{7B1B21F3-A9D1-4D67-B9A2-CA8BC3DC7D75} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{7D346303-5B28-4201-90FB-41F717F793EA} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{812393C5-9DBB-4C38-BC6E-6FC1936348DC} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{866A2001-2EAC-4F93-85DF-BFCEC29DF952} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{89D0A1F8-6127-4753-AD47-34D1AF224D9F} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{89FDA30F-1B0F-4B96-A79E-5948C5C4D743} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{927AC779-282F-40CA-ADB2-AB2DDE555754} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{9349DAEE-4A49-494B-81F4-B2E3887C6036} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{94CAEF13-83E7-4267-8FDE-263E4975108F} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{97B2D90F-03E8-4055-9077-424B4E845B52} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{9BD5241F-18BB-4A4D-9666-E48A3DFF40D5} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{A0E63FA0-AD55-4896-A088-2830D0515A48} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{A1BF965C-55F4-49BB-94E5-9AEB13E4791C} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{A1FBC801-AA8D-4B2C-A775-506D8BFEB7C9} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{A3CD5010-F165-4A58-BC96-86FAF8251575} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{A598C9D6-8252-426D-8280-278ABCB28076} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{A988CAEC-398F-4F5D-8F2E-B0CB7BACDB04} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{ABAB16AF-E70E-4A98-93DE-2A2A0F5179A5} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{AED707BF-916D-468A-AB1D-BB69E51877B6} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{B042CA68-386F-4507-BF06-D849522A8CF7} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{BB10CD0C-135A-48F8-9AD7-4F699A180F38} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{BDB33D47-8FB9-46F9-B3C5-E6536301ECC8} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{BF25EA2A-0BC8-4F18-9E20-A33F0D2F29FB} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{BF46F560-CB7E-4306-89A8-8C32A0BBD6EA} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{C0D13CA1-8EBE-4346-8F89-68B51ED71138} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{C2E604ED-6B22-4368-B7FF-DE6CD4379893} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{C6D46D67-DB34-4273-AAEB-7D3D161E6EE0} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{CBD59EE3-7F25-434B-B225-E85FCE4253AB} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{CD825BDF-F36A-4668-BDD0-2B0AE08EBC67} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{D12DB8E3-C358-434D-ABE8-61492A2D734B} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{D9DE0CD1-B06C-4FD6-A752-B5020B91B3A2} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{DE63807B-64DE-4974-AC79-868363314155} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{E48FB980-6926-4C11-9EB0-7C404AEBD5F6} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{E6751B72-9F03-4FD3-BB7A-6E2C3F4F5C80} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{F049C16D-D717-431B-BB45-E68C4CC100D6} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{F3E72254-6875-45F8-BBDC-CFF9A81196A7} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{F85FB706-71E1-46D6-AD80-EDFD9D461617} deleted successfully
        C:\Users\Lena Eestermans\AppData\Local\{FDD0A069-4B53-4901-A224-6BE0F2205EF1} deleted successfully
        C:\Users\Mitchell Eestermans\AppData\Local\Conduit deleted successfully

        ==== Deleting CLSID Registry Keys ======================

        HKEY_USERS\S-1-5-21-1334680140-3209928166-36067395-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
        HKEY_USERS\S-1-5-21-1334680140-3209928166-36067395-1000\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully
        HKEY_USERS\S-1-5-21-1334680140-3209928166-36067395-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EA221F7B-70BF-41C7-BBC4-4740A96A80F8} deleted successfully
        HKEY_USERS\S-1-5-21-1334680140-3209928166-36067395-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EE05DD7D-213D-45E0-8EF9-8C7E543494A5} deleted successfully
        HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

        ==== Deleting CLSID Registry Values ======================


        ==== Deleting Services ======================


        ==== Deleting Files \ Folders ======================

        C:\Program Files\MyFree Codec deleted
        C:\Program Files\Conduit deleted
        C:\Users\Mitchell Eestermans\AppData\Roaming\OpenCandy deleted
        C:\ProgramData\Ask deleted
        C:\Users\Mitchell Eestermans\AppData\Local\APN deleted
        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
        C:\Users\Avy Eestermans\AppData\LocalLow\AskToolbar deleted
        C:\Users\Danley Eestermans\AppData\LocalLow\AskToolbar deleted
        C:\Users\Lena Eestermans\AppData\LocalLow\AskToolbar deleted
        C:\Users\Mitchell Eestermans\AppData\LocalLow\IAC deleted
        C:\Users\Mitchell Eestermans\AppData\LocalLow\AskToolbar deleted
        C:\Users\Mitchell Eestermans\AppData\LocalLow\PriceGong deleted
        C:\Users\Mitchell Eestermans\AppData\LocalLow\Conduit deleted
        C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted
        C:\END deleted
        C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
        "C:\Program Files\Ask.com\Updater\Updater.exe" deleted
        "C:\Program Files\Ask.com" deleted
        "C:\Program Files\Ask.com\Updater" deleted

        ==== Files Recently Created / Modified ======================

        ====== C:\Windows ====
        ====== C:\Users\MITCHE~1\AppData\Local\Temp ====
        2013-10-28 11:42:32 C3B2ACC07BB0610405FC786E3432BEF9 150400 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\ISBEWX64.exe
        2013-10-28 11:42:32 A93F625EF42B54C2B0F4D38201E67606 267128 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\ISRT.dll
        2013-10-28 11:42:31 FD18DA2A10CC48304A5D15F103A1D124 335872 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0816.dll
        2013-10-28 11:42:31 E2B4EE858C2C5F82C7CA2A0724D4E783 323584 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x041d.dll
        2013-10-28 11:42:31 D6BBF7FF6984213C7F1F0F8F07C51E6A 553067 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0809.dll
        2013-10-28 11:42:31 CBD52FA65DECCB4BB6B615FAC2862356 327680 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x041b.dll
        2013-10-28 11:42:31 B7E3F7ADCE24E22D85497443E5FDB91A 274432 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0804.dll
        2013-10-28 11:42:31 AE476FF14BDE8E6C6D432E73DD636CF7 323584 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x041f.dll
        2013-10-28 11:42:31 3122474A4FAA5813A0FA4BA0B47A17EF 323968 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\ISBEWI64.exe
        2013-10-28 11:42:31 1B9F0857D3C02FC12D43101503CE5A38 327680 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0419.dll
        2013-10-28 11:42:30 E124564CABFBD3B31F338644404A6DBD 327680 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0414.dll
        2013-10-28 11:42:30 D26C33A89917D7E6291E300B603C9B1B 339968 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x040a.dll
        2013-10-28 11:42:30 AC7E1B78D58440110FF42D3C8CD0CD3A 331776 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x040e.dll
        2013-10-28 11:42:30 A3019A6A89BD36BD0198AF99B6525661 335872 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0410.dll
        2013-10-28 11:42:30 9A5EE236B50A02E0828CB2D1BFF96F83 335872 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0413.dll
        2013-10-28 11:42:30 96521C0328D147DD0016FE074D8D38C7 323584 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x040b.dll
        2013-10-28 11:42:30 946142DEAB8757AD6CC94E23C54A6051 339968 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x040c.dll
        2013-10-28 11:42:30 780B2FC9DB905F7CC9B6290F538FAE8B 331776 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0415.dll
        2013-10-28 11:42:30 53DE5B697EE985E80CDD1AD8203681D6 331776 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0416.dll
        2013-10-28 11:42:29 DCBEF44687886453A934FC971A096C6A 335872 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0403.dll
        2013-10-28 11:42:29 D6BBF7FF6984213C7F1F0F8F07C51E6A 553067 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0409.dll
        2013-10-28 11:42:29 CDB9841F728C1CB5BF3B15666EE2F1D5 327680 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0405.dll
        2013-10-28 11:42:29 BE66EA498B8188FAEFAA50FF0D7A76EA 327680 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0406.dll
        2013-10-28 11:42:29 6B29601A050A6B66A36D79C6582A8942 274432 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0404.dll
        2013-10-28 11:42:29 62850E91E5A496B1B53DF16754E521A9 339968 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0407.dll
        2013-10-28 11:42:29 5EE37FCB4F10A5E95E6D191D01DA5CB0 339968 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{5D15288C-79EB-4AFC-93FA-9B9D45FA1739}\_isres_0x0408.dll
        2013-10-28 11:42:26 EFEE8385C410615AD2AB5D0B030E6787 27390976 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Temp\{01513801-E949-4385-B2D8-408B66289B53}\TomTom HOME.msi
        ====== Java Cache =====
        2013-11-03 14:17:14 D61A5CFAC68AB05385C077A1B6E8D2EC 79 ----a-w- C:\Users\Avy Eestermans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2acce842-6.0.lap
        2013-11-03 14:17:26 88E293544AF3BAC13CE693CCED5007E8 150580 ----a-w- C:\Users\Avy Eestermans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4fd6cb3f-11f4e84b
        ====== C:\Windows\system32 =====
        ====== C:\Windows\system32\drivers =====
        2013-10-09 14:18:53 FDA6F2BB7FA034D95863ED8788B4E416 284672 ----a-w- C:\Windows\System32\drivers\usbport.sys
        2013-10-09 14:18:53 DCDF9855145A14DFCA0AB32308871961 20480 ----a-w- C:\Windows\System32\drivers\usbohci.sys
        2013-10-09 14:18:53 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 ----a-w- C:\Windows\System32\drivers\usbehci.sys
        2013-10-09 14:18:53 8E51D04175BAA14C4F79AA5F6D248770 24064 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
        2013-10-09 14:18:53 86AA95ACB611001E26CD2C0145F2225A 258560 ----a-w- C:\Windows\System32\drivers\usbhub.sys
        2013-10-09 14:18:53 71D97F1A3CC47A56728F7A400A3F8295 76288 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
        2013-10-09 14:18:53 6FB17D7A2E76B838886E5E8C60239DAE 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys
        2013-10-09 14:18:52 FC6B21DB4B5B398AB93DBE59CBF11036 36352 ----a-w- C:\Windows\System32\drivers\usbscan.sys
        2013-10-09 14:18:52 F1B27299F547D452EDAEF01FC187CB91 25728 ----a-w- C:\Windows\System32\drivers\hidparse.sys
        2013-10-09 14:18:52 50ABE682EBE752EAF62B18790D6D491C 55808 ----a-w- C:\Windows\System32\drivers\hidclass.sys
        2013-10-09 14:18:50 F81BB7E487EDCEAB630A7EE66CF23913 338944 ----a-w- C:\Windows\System32\drivers\afd.sys
        2013-10-09 14:18:50 CA59F7C570AF70BC174F477CFE2D9EE3 1294272 ----a-w- C:\Windows\System32\drivers\tcpip.sys
        2013-10-09 14:18:47 71BC35067CABC02C9453AEAA42B2E43E 729024 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
        2013-10-09 14:18:32 21F4B24ACFC79A483515BD986DD9043F 115712 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
        2013-10-09 14:18:31 2352AB5F9F8F097BF9D41D5A4718A041 86016 ----a-w- C:\Windows\System32\drivers\usbcir.sys
        2013-10-09 14:18:30 25944D2CC49E0A6C581D02A74B7D6645 527064 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
        ====== C:\Windows\Tasks ======
        ====== C:\Windows\Temp ======
        ======= C:\Program Files =====
        2013-10-26 18:21:45 -------- d-----w- C:\Program Files\Handbrake
        2013-10-18 12:36:21 -------- d-----w- C:\Program Files\Common Files\Java
        2013-10-18 12:35:56 -------- d-----w- C:\Program Files\Java
        ======= C: =====
        ====== C:\Users\Mitchell Eestermans\AppData\Roaming ======
        2013-10-31 21:35:25 1F9224547B84BB07AF7C650AFF971F77 287139 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\census.cache
        2013-10-31 21:35:16 5FF385E0D580FD36C2F3B0B457888D56 135343 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\ars.cache
        2013-10-26 15:54:57 -------- d-----w- C:\Users\Mitchell Eestermans\AppData\Roaming\AnvSoft
        2013-10-23 12:57:22 0F5C16998859836A67246B00F0EF22E8 246 ----a-w- C:\Users\Avy Eestermans\AppData\Roaming\default.rss
        2013-10-23 11:53:52 -------- d-----w- C:\Users\Avy Eestermans\AppData\Roaming\Epson
        2013-10-12 09:04:33 -------- d-----w- C:\Users\Danley Eestermans\AppData\Roaming\Epson
        ====== C:\Users\Mitchell Eestermans ======
        2013-11-05 19:07:31 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Mitchell Eestermans\Desktop\gmer.exe
        2013-11-05 19:01:12 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Mitchell Eestermans\Desktop\dds.com
        2013-10-18 12:36:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

        ====== C: exe-files ==
        2013-11-05 19:07:31 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Mitchell Eestermans\Desktop\gmer.exe
        2013-10-31 18:09:14 979FE17DD465750D2D696D023F327B2A 101016 ----a-w- C:\Windows\System32\spool\drivers\w32x86\3\E_1ECM0BE.EXE
        2013-10-31 17:57:30 A2349A0013832F58260FC0C95914AA22 142432 ----a-w- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
        === C: other files ==
        2013-11-07 12:21:31 8E6682FF2A3A176F9E9F4D1BEDB88B58 58354 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UAYBKXS9\538skin-fullscreen[1].zip
        2013-11-05 19:01:12 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Mitchell Eestermans\Desktop\dds.com
        2013-10-31 17:55:56 607612C624513381DA281C2A016621BD 9166714 ----a-w- C:\Users\Mitchell Eestermans\AppData\Local\temp\EPSON\Download\Resource\E-Web_Print_11700.zip

        ==== Chrome Look ======================

        HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
        aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Mitchell Eestermans\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx

        HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
        nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx

        Gmail - Danley Eestermans - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
        Google Docs - Mitchell Eestermans - Default\Extensions\aohghmighlieiainnegkcijnfilokake
        Google Drive - Mitchell Eestermans - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
        YouTube - Mitchell Eestermans - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
        Google Search - Mitchell Eestermans - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
        Gmail - Mitchell Eestermans - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

        ==== Set IE to Default ======================

        Old Values:
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
        "Start Page"="http://www.google.nl/"
        [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
        "Default"="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=NL&userid=2e58eb95-8a53-4093-85aa-7abf4bdd3e0d&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}"
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
        "Default"="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=NL&userid=2e58eb95-8a53-4093-85aa-7abf4bdd3e0d&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}"
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
        "Default_Search_URL"="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=NL&userid=2e58eb95-8a53-4093-85aa-7abf4bdd3e0d&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}"
        "SearchAssistant"="http://feed.helperbar.com/?publisher=OC&dpid=OC&co=NL&userid=2e58eb95-8a53-4093-85aa-7abf4bdd3e0d&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}"
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
        "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

        New Values:
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
        "Start Page"="http://www.google.nl/"
        [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
        "(Default)"="http://search.msn.com/results.asp?q=%s"
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
        "(Default)"="http://search.msn.com/results.asp?q=%s"
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
        "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
        "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
        "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

        ==== All HKCU SearchScopes ======================

        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
        {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
        {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"

        ==== Deleting CLSID Registry Keys ======================

        HKEY_USERS\S-1-5-21-1334680140-3209928166-36067395-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
        HKEY_USERS\S-1-5-21-1334680140-3209928166-36067395-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
        HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
        HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

        ==== Deleting CLSID Registry Values ======================

        HKEY_USERS\S-1-5-21-1334680140-3209928166-36067395-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
        HKEY_USERS\S-1-5-21-1334680140-3209928166-36067395-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

        ==== Deleting Registry Keys ======================

        HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo deleted successfully
        HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully

        ==== Empty IE Cache ======================

        C:\Users\Avy Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Users\Avy Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
        C:\Users\Danley Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Users\Danley Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
        C:\Users\Lena Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Users\Lena Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
        C:\Users\Mitchell Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Users\Mitchell Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
        C:\Users\Mitchell Eestermans\Downloads\Bestanden SanDisk Cruzer 16Gb\Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Users\Mitchell Eestermans\Downloads\Bestanden SanDisk Cruzer 16Gb\Eestermans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
        C:\Users\Mitchell Eestermans\Downloads\Bestanden SanDisk Cruzer 16Gb\Eestermans\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Users\Mitchell Eestermans\Downloads\Bestanden SanDisk Cruzer 16Gb\Eestermans\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
        C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

        ==== Empty FireFox Cache ======================

        No FireFox Profiles found

        ==== Empty Chrome Cache ======================

        C:\Users\Danley Eestermans\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
        C:\Users\Mitchell Eestermans\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

        ==== Empty All Flash Cache ======================

        Flash Cache Emptied Successfully

        ==== Empty All Java Cache ======================

        Java Cache cleared successfully

        ==== After Reboot ======================

        ==== Empty Temp Folders ======================

        C:\Windows\Temp successfully emptied
        C:\Users\MITCHE~1\AppData\Local\Temp successfully emptied

        ==== Empty Recycle Bin ======================

        C:\$RECYCLE.BIN successfully emptied

        ==== EOF on do 07-11-2013 at 15:17:10,05 ======================

        Ik weet alleen niet hoe ik het logje als bijlage mee kan sturen.

        Groet,

        Kidaatje.

        Comment


        • #5
          Geeft niks, hoe gaat het nu?

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Hey Juisterr,

            Tot op heden komen de pop-ups niet meer tevoorschijn.
            Mochten ze weer komen, dan zal ik weer een melding doen.

            Wat mij betreft mag deze post dus gesloten worden.

            Enig idee wat er aan de hand was?

            In ieder geval heel erg bedankt voor al de hulp.

            Groet,

            Kidaatje.

            Comment


            • #7
              Prima, het was hoofdzakelijk malware en restjes, wil je onderstaande aub nog even doen.



              Download Delfix by Xplode naar het bureaublad.

              Dubbelklik op Delfix.exe om de tool te starten.
              Zet nu vinkjes voor de volgende items:
              • Activate UAC
              • Remove disinfection tools
              • Create registry backup
              • Purge System Restore
              • Reset system settings

              Klik nu op "Run" en wacht geduldig tot de tool gereed is.
              Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Oke, tool gerund en alles klaar.

                Nogmaals bedankt.

                Kidaatje.

                Comment


                • #9
                  Graag gedaan,

                  Windows 10 opstarten in Veilige Modus

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X