schults2005
Vaak hier
- Lid geworden
- 11 nov 2005
- Berichten
- 559
- Waarderingsscore
- 7
Bij openen IE en Chrome komt steeds NationZoom als startpagina. Zag dat er nog niets op dit forum erover stond en eerst maar eens mbam gedraaid. Tot 2 keer toe vond die bedreigingen. Pas bij de 3de keer geen problemen gevonden, maar nog steeds dat nationzoom, die start NB ook yahoo als zoekmachine op.
Zag verder op internet tip om adwcleaner - dds en mbam te draaien. Meen op google chrome forum ivm nation zoom
Dat dus maar gedaan en nu hier posten.
Maar de browsers starten nog steeds met nation zoom op. Heb ook alle laatste geinstalleerde progs verwijderd, want er zaten een paar "rare" tussen 1tje met iets van 365 in de naam. Zeker met iets anders meegekomen helaas, want o.a. dit progje heeft te maken met nationzoom probleem zag ik ergens.
Adwcleaner log
# AdwCleaner v3.014 - Report created 10/12/2013 at 04:16:53
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris - CHRIS-HP
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\Chris\AppData\Local\jZip
Folder Deleted : C:\Users\Chris\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Chris\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\YourFile Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Plastic Surgery Software - VPSS_is1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\winzipersvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4095 octets] - [10/12/2013 00:31:27]
AdwCleaner[R1].txt - [3758 octets] - [10/12/2013 04:15:11]
AdwCleaner[S0].txt - [3732 octets] - [10/12/2013 04:16:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3792 octets] ##########
dds kleur log
[hjt]
dds (ver_2012-11-20.01) - ntfs_amd64
internet explorer: 10.0.9200.16736 browserjavaversion: 10.45.2
run by chris at 4:27:17 on 2013-12-10
microsoft windows 7 home premium 6.1.7601.1.1252.31.1043.18.6143.4345 [gmt 1:00]
.
av: avast! antivirus *enabled/updated* {17ad7d40-ba12-9c46-7131-94903a54ad8b}
sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
sp: avast! antivirus *enabled/updated* {accc9ca4-9c28-93c8-4b81-afe241d3e736}
.
============== running processes ===============
.
c:\windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k gpsvcgroup
c:\program files\tablet\pen\pen_touchservice.exe
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k networkservice
c:\windows\system32\atieclxx.exe
c:\program files\avast software\avast\avastsvc.exe
c:\program files\tablet\pen\pen_touchuser.exe
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
c:\program files (x86)\common files\arcsoft\connection service\bin\acservice.exe
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
c:\windows\syswow64\ezsharedsvchost.exe
c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe
c:\windows\system32\taskeng.exe
c:\program files (x86)\common files\lightscribe\lssrvc.exe
c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe
c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe
c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe
c:\program files (x86)\sony\pmb\pmbdeviceinfoprovider.exe
c:\program files (x86)\common files\protexis\license service\psiservice_2.exe
c:\program files\tablet\pen\pen_tablet.exe
c:\program files\tablet\pen\pen_tabletuser.exe
c:\program files (x86)\tuneup utilities 2013\tuneuputilitiesservice64.exe
c:\windows\system32\svchost.exe -k secsvcs
c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
c:\program files\tablet\pen\pen_tablet.exe
c:\program files\common files\microsoft shared\windows live\wlidsvcm.exe
c:\windows\system32\taskeng.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
c:\program files (x86)\tuneup utilities 2013\tuneuputilitiesapp64.exe
c:\windows\servicing\trustedinstaller.exe
c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
c:\program files (x86)\nokia\nokia suite\nokiasuite.exe
c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe
c:\program files (x86)\garmin\express tray\expresstray.exe
c:\program files\windows sidebar\sidebar.exe
c:\program files (x86)\sony\pmb\pmbvolumewatcher.exe
c:\program files\avast software\avast\avastui.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
c:\windows\system32\wisptis.exe
c:\program files (x86)\ati technologies\ati.ace\core-static\mom.exe
c:\program files (x86)\ati technologies\ati.ace\core-static\ccc.exe
c:\program files (x86)\google\update\googleupdate.exe
c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
c:\program files (x86)\google\update\1.3.22.3\googlecrashhandler.exe
c:\program files (x86)\google\update\1.3.22.3\googlecrashhandler64.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\svchost.exe -k wersvcgroup
c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
c:\windows\system32\wbem\wmiprvse.exe
c:\windows\system32\cscript.exe
.
============== pseudo hjt report ===============
.
ustart page = hxxp://www.zeelandnet.nl/index.php/
udefault_page_url = hxxp://www.google.com
mstart page = hxxp://www.google.com
msearch page = hxxp://www.google.com
mdefault_page_url = hxxp://www.google.com
mdefault_search_url = hxxp://www.google.com
msearchassistant = hxxp://www.google.com/
mcustomizesearch = hxxp://www.google.com/
bho: pdf architect helper: {3a2d5eba-f86d-4bd3-a177-019765996711} - c:\program files (x86)\pdf architect\pdfiehelper.dll
bho: java(tm) plug-in ssv helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre7\bin\ssv.dll
bho: avast! online security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
bho: aanmeldhulp voor windows live id: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
bho: java(tm) plug-in 2 ssv helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre7\bin\jp2ssv.dll
bho: hp network check helper: {e76fd755-c1ba-4dcb-9f13-99bd91223ade} - c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
tb: avast! online security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
urun: [nokiasuite.exe] c:\program files (x86)\nokia\nokia suite\nokiasuite.exe -tray
urun: [lightscribe control panel] c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe -hidden
urun: [garminexpresstrayapp] c:\program files (x86)\garmin\express tray\expresstray.exe
urun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autorun
mrun: [mypoi monitor] c:\program files (x86)\common files\mypoiworld shared\mypoimonitor\mypoimonitor.exe
mrun: [pmbvolumewatcher] c:\program files (x86)\sony\pmb\pmbvolumewatcher.exe
mrun: [smkrun] c:\program files (x86)\justwrite office\screenmark.exe -i
mrun: [apsdaemon] c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
mrun: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
mrun: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
mrun: [avastui.exe] c:\program files\avast software\avast\avastui.exe /nogui
mrun: [20131121] c:\program files\avast software\avast\setup\emupdate\991770ab-afc8-4779-a147-d7f72b2803a9.exe /check
mrun: [mobilegeni daemon] c:\program files (x86)\mobogenie\daemonprocess.exe
startupfolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\adobe gamma loader.exe
upolicies-explorer: nodrivetypeautorun = dword:145
mpolicies-explorer: enableshellexecutehooks = dword:1
mpolicies-explorer: noresolvetrack = dword:1
mpolicies-system: consentpromptbehavioradmin = dword:5
mpolicies-system: consentpromptbehavioruser = dword:3
mpolicies-system: enableuiadesktoptoggle = dword:0
mpolicies-system: hidefastuserswitching = dword:0
ie: {25510184-5a38-4a99-b273-dca8eef6cd08} - c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
ie: {36ecaf82-3300-8f84-092e-aff36d6c7040} - {86529161-034e-4f8a-88d2-3c625e612e04} - c:\program files (x86)\winhttrack\winhttrackiebar.dll
dpf: garmin communicator plug-in - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/garminaxcontrol_32.cab
dpf: {cb50428b-657f-47df-9b32-671f82aa73f7} - hxxp://www.photodex.com/pxplay.cab
dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
dpf: {f27237d7-93c8-44c2-ac6e-d6057b9a918f} - hxxps://webaccess.minvenw.nl/dana-cached/sc/junipersetupclient.cab
tcp: nameserver = 62.238.255.69 212.115.192.100
tcp: interfaces\{f2a0558d-b9c8-4c73-8a0e-4076cc58faf6} : dhcpnameserver = 62.238.255.69 212.115.192.100
handler: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files (x86)\windows live\photo gallery\albumdownloadprotocolhandler.dll
masetup: {10880d85-aad9-4558-abdc-2ab1552d831f} - c:\program files (x86)\common files\lightscribe\lsrunonce.exe
masetup: {8a69d345-d564-463c-aff1-a69d9e530f96} - c:\program files (x86)\google\chrome\application\31.0.1650.63\installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mstart page = hxxp://www.nationzoom.com/?type=hp&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx
x64-msearch page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx&q={searchterms}
x64-mdefault_page_url = hxxp://www.nationzoom.com/?type=hp&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx
x64-mdefault_search_url = hxxp://www.nationzoom.com/web/?type=ds&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx&q={searchterms}
x64-msearchassistant = hxxp://www.nationzoom.com/web/?type=ds&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx&q={searchterms}
x64-mcustomizesearch = hxxp://www.nationzoom.com/web/?type=ds&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx&q={searchterms}
x64-bho: explorerwnd helper: {10921475-03ce-4e04-90ce-e2e7ef20c814} -
x64-bho: avast! online security: {318a227b-5e9f-45bd-8999-7f8f10ca4cf5} - c:\program files\avast software\avast\aswwebrepie64.dll
x64-bho: windows live id sign-in helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
x64-bho: hp network check helper: {e76fd755-c1ba-4dcb-9f13-99bd91223ade} - c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckpluginx64.dll
x64-tb: avast! online security: {318a227b-5e9f-45bd-8999-7f8f10ca4cf5} - c:\program files\avast software\avast\aswwebrepie64.dll
x64-run: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
x64-runonce: [ncpluginupdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe update
x64-ie: {25510184-5a38-4a99-b273-dca8eef6cd08} - c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
x64-dpf: {73ecb3aa-4717-450c-a2ab-d00dad9ee203} - hxxp://h20614.www2.hp.com/ediags/gmd/install/cab/hpdetect121.cab
x64-dpf: {aa570693-00e2-4907-b6f1-60a1199b030c} - hxxps://juniper.net/dana-cached/sc/junipersetupclient64.cab
x64-dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-handler: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - <orphaned>
.
============= services / drivers ===============
.
r0 aswrvrt;avast! revert;c:\windows\system32\drivers\aswrvrt.sys [2013-3-15 65776]
r0 aswvmm;avast! vm monitor;c:\windows\system32\drivers\aswvmm.sys [2013-3-15 205320]
r0 bthidbus;bluetooth hid bus service;c:\windows\system32\drivers\bthidbus.sys [2011-12-21 25056]
r1 aswsnx;aswsnx;c:\windows\system32\drivers\aswsnx.sys [2011-11-27 1032416]
r1 aswsp;aswsp;c:\windows\system32\drivers\aswsp.sys [2011-11-27 409832]
r1 csn5pdts82x64;csn5pdts82x64 ndis protocol driver;c:\windows\system32\drivers\csn5pdts82x64.sys [2013-10-24 34840]
r2 amd external events utility;amd external events utility;c:\windows\system32\atiesrxx.exe [2013-5-14 204288]
r2 aswfsblk;aswfsblk;c:\windows\system32\drivers\aswfsblk.sys [2011-11-27 38984]
r2 aswmonflt;aswmonflt;c:\windows\system32\drivers\aswmonflt.sys [2011-11-27 84328]
r2 avast! antivirus;avast! antivirus;c:\program files\avast software\avast\avastsvc.exe [2013-11-19 50344]
r2 ezsharedsvc;easybits services for windows;c:\windows\system32\ezsharedsvchost.exe --> c:\windows\system32\ezsharedsvchost.exe [?]
r2 garmin core update service;garmin core update service;c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe [2013-8-22 220504]
r2 hp support assistant service;hp support assistant service;c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe [2012-9-27 86528]
r2 mbamscheduler;mbamscheduler;c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe [2013-12-9 418376]
r2 mbamservice;mbamservice;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2013-12-9 701512]
r2 pmbdeviceinfoprovider;pmbdeviceinfoprovider;c:\program files (x86)\sony\pmb\pmbdeviceinfoprovider.exe [2009-10-24 360224]
r2 tabletservicepen;tabletservicepen;c:\program files\tablet\pen\pen_tablet.exe [2012-11-25 6583160]
r2 touchservicepen;wacom consumer touch service;c:\program files\tablet\pen\pen_touchservice.exe [2012-11-25 528760]
r2 tuneup.utilitiessvc;tuneup utilities service;c:\program files (x86)\tuneup utilities 2013\tuneuputilitiesservice64.exe [2013-10-11 2409272]
r3 atihdaudioservice;amd function driver for hd audio service;c:\windows\system32\drivers\atihdw76.sys [2013-5-14 231440]
r3 mbamprotector;mbamprotector;c:\windows\system32\drivers\mbam.sys [2013-12-9 25928]
r3 netr28x;ralink 802.11n extensible wireless driver;c:\windows\system32\drivers\netr28x.sys [2010-8-3 2431792]
r3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys [2010-8-3 346144]
r3 tuneuputilitiesdrv;tuneuputilitiesdrv;c:\program files (x86)\tuneup utilities 2013\tuneuputilitiesdriver64.sys [2012-9-19 11880]
r3 usbfilter;amd usb filter driver;c:\windows\system32\drivers\usbfilter.sys [2010-8-3 39480]
r3 wacmoumonitor;wacom mode helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-11-25 13312]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
s2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
s2 liveupdatesvc;liveupdate;c:\program files (x86)\iobit\liveupdate\liveupdate.exe --> c:\program files (x86)\iobit\liveupdate\liveupdate.exe [?]
s3 btcom;bluetooth serial port driver;c:\windows\system32\drivers\btcomport.sys [2011-7-27 29576]
s3 btcombus;bluetooth serial port bus service;c:\windows\system32\drivers\btcombus.sys [2011-7-27 25352]
s3 btnetbus;bluetooth pan bus service;c:\windows\system32\drivers\btnetbus.sys [2011-12-21 31968]
s3 ivtbtbus;ivt bluetooth bus service;c:\windows\system32\drivers\ivtbtbus.sys [2010-4-6 27016]
s3 ov550i;ovt scanner;c:\windows\system32\drivers\ov550ivx.sys [2008-2-21 196992]
s3 pcdsrvc{56782d80-7eacdb16-06000000}_0;pcdsrvc{56782d80-7eacdb16-06000000}_0 - pcdr kernel mode service helper driver;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [2010-1-19 23536]
s3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys [2011-11-28 59392]
s3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [2011-11-28 1255736]
s4 fabs;fabs - helping agent for magix media database;c:\program files (x86)\common files\magix services\database\bin\fabs.exe [2011-5-24 1840128]
s4 gamesappservice;gamesappservice;c:\program files (x86)\wildtangent games\app\gamesappservice.exe [2010-10-12 206072]
s4 pdf architect helper service;pdf architect helper service;c:\program files (x86)\pdf architect\helperservice.exe [2012-11-22 1522312]
s4 pdf architect service;pdf architect service;c:\program files (x86)\pdf architect\conversionservice.exe [2012-11-22 905864]
.
=============== file associations ===============
.
shellexec: ff30.exe: open=c:\program files (x86)\reallusion\facefilter3\ffapp.exe "%1"
.
=============== created last 30 ================
.
2013-12-10 00:28:48 -------- d-----w- c:\program files\enigma software group
2013-12-10 00:28:33 -------- d-----w- c:\windows\72aaf4551e54475bb0ab5413c78d0e63.tmp
2013-12-09 23:31:23 -------- d-----w- c:\adwcleaner
2013-12-09 06:20:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-09 06:20:05 -------- d-----w- c:\program files (x86)\malwarebytes' anti-malware
2013-12-09 05:58:01 -------- d-----w- c:\users\chris\grabit downloads
2013-12-09 01:05:17 -------- d-----w- c:\windows\system32\log
2013-12-09 01:04:17 -------- d-----w- c:\users\chris\.android
2013-12-09 01:04:15 -------- d-----w- c:\users\chris\appdata\local\cache
2013-12-09 01:04:14 -------- d-----w- c:\users\chris\appdata\local\mobogenie
2013-12-09 01:03:36 -------- d-----w- c:\program files (x86)\mobogenie
2013-12-09 01:03:19 -------- d-----w- c:\programdata\wpm
2013-12-07 00:31:55 10285968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f4bf6e58-afa9-4171-873f-9617e012be11}\mpengine.dll
2013-12-03 19:30:20 10285968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-12-03 08:26:56 -------- d-----w- c:\program files (x86)\citrix
2013-11-28 13:36:55 -------- d-----w- c:\users\chris\appdata\local\juniper networks
2013-11-19 19:35:34 -------- d-----w- c:\users\chris\appdata\roaming\avast software
2013-11-13 19:36:57 1474048 ----a-w- c:\windows\system32\crypt32.dll
.
==================== find3m ====================
.
2013-12-09 06:35:25 73216 ----a-w- c:\windows\st6unst.exe
2013-12-09 06:35:25 249856 ------w- c:\windows\setup1.exe
2013-12-04 06:56:40 71048 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2013-12-04 06:56:40 692616 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2013-11-19 19:33:16 92544 ----a-w- c:\windows\system32\drivers\aswrdr2.sys
2013-11-19 19:33:16 84328 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2013-11-19 19:33:16 65776 ----a-w- c:\windows\system32\drivers\aswrvrt.sys
2013-11-19 19:33:16 43152 ----a-w- c:\windows\avastss.scr
2013-11-19 19:33:16 205320 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2013-11-19 19:33:16 1032416 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2013-11-11 04:50:16 267936 ------w- c:\windows\system32\mpsigstub.exe
2013-10-12 08:45:20 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\syswow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\syswow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\syswow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\syswow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- c:\windows\system32\registeriepkeys.exe
2013-10-12 05:15:39 71680 ----a-w- c:\windows\syswow64\registeriepkeys.exe
2013-10-12 02:30:42 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- c:\windows\system32\ikeext.dll
2013-10-12 02:29:08 324096 ----a-w- c:\windows\system32\fwpuclnt.dll
2013-10-12 02:03:08 656896 ----a-w- c:\windows\syswow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- c:\windows\syswow64\fwpuclnt.dll
2013-10-11 14:38:12 35640 ----a-w- c:\windows\system32\turegopt.exe
2013-10-11 14:38:08 38200 ----a-w- c:\windows\system32\uxtuneup.dll
2013-10-11 14:38:08 30520 ----a-w- c:\windows\syswow64\uxtuneup.dll
2013-10-11 14:38:08 26936 ----a-w- c:\windows\system32\authuitu.dll
2013-10-11 14:38:08 22328 ----a-w- c:\windows\syswow64\authuitu.dll
2013-10-08 06:50:37 96168 ----a-w- c:\windows\syswow64\windowsaccessbridge-32.dll
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\syswow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- c:\windows\system32\smartcardcredentialprovider.dll
2013-10-04 02:25:17 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- c:\windows\syswow64\smartcardcredentialprovider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\syswow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- c:\windows\syswow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- c:\windows\syswow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\syswow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\syswow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\syswow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- c:\windows\system32\lsass.exe
.
============= finish: 4:27:58,46 ===============
[/hjt]
mbam log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.12.10.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Chris :: CHRIS-HP [administrator]
10-12-2013 4:44:07
mbam-log-2013-12-10 (04-44-07).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 216540
Verstreken tijd: 4 minuut/minuten, 44 seconde
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Zag verder op internet tip om adwcleaner - dds en mbam te draaien. Meen op google chrome forum ivm nation zoom
Dat dus maar gedaan en nu hier posten.
Maar de browsers starten nog steeds met nation zoom op. Heb ook alle laatste geinstalleerde progs verwijderd, want er zaten een paar "rare" tussen 1tje met iets van 365 in de naam. Zeker met iets anders meegekomen helaas, want o.a. dit progje heeft te maken met nationzoom probleem zag ik ergens.
Adwcleaner log
# AdwCleaner v3.014 - Report created 10/12/2013 at 04:16:53
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Chris - CHRIS-HP
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\Chris\AppData\Local\jZip
Folder Deleted : C:\Users\Chris\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Chris\AppData\Roaming\WinZipper
Folder Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\YourFile Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Plastic Surgery Software - VPSS_is1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\winzipersvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4095 octets] - [10/12/2013 00:31:27]
AdwCleaner[R1].txt - [3758 octets] - [10/12/2013 04:15:11]
AdwCleaner[S0].txt - [3732 octets] - [10/12/2013 04:16:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3792 octets] ##########
dds kleur log
[hjt]
dds (ver_2012-11-20.01) - ntfs_amd64
internet explorer: 10.0.9200.16736 browserjavaversion: 10.45.2
run by chris at 4:27:17 on 2013-12-10
microsoft windows 7 home premium 6.1.7601.1.1252.31.1043.18.6143.4345 [gmt 1:00]
.
av: avast! antivirus *enabled/updated* {17ad7d40-ba12-9c46-7131-94903a54ad8b}
sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
sp: avast! antivirus *enabled/updated* {accc9ca4-9c28-93c8-4b81-afe241d3e736}
.
============== running processes ===============
.
c:\windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k gpsvcgroup
c:\program files\tablet\pen\pen_touchservice.exe
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k networkservice
c:\windows\system32\atieclxx.exe
c:\program files\avast software\avast\avastsvc.exe
c:\program files\tablet\pen\pen_touchuser.exe
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
c:\program files (x86)\common files\arcsoft\connection service\bin\acservice.exe
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
c:\windows\syswow64\ezsharedsvchost.exe
c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe
c:\windows\system32\taskeng.exe
c:\program files (x86)\common files\lightscribe\lssrvc.exe
c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe
c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe
c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe
c:\program files (x86)\sony\pmb\pmbdeviceinfoprovider.exe
c:\program files (x86)\common files\protexis\license service\psiservice_2.exe
c:\program files\tablet\pen\pen_tablet.exe
c:\program files\tablet\pen\pen_tabletuser.exe
c:\program files (x86)\tuneup utilities 2013\tuneuputilitiesservice64.exe
c:\windows\system32\svchost.exe -k secsvcs
c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
c:\program files\tablet\pen\pen_tablet.exe
c:\program files\common files\microsoft shared\windows live\wlidsvcm.exe
c:\windows\system32\taskeng.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
c:\program files (x86)\tuneup utilities 2013\tuneuputilitiesapp64.exe
c:\windows\servicing\trustedinstaller.exe
c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
c:\program files (x86)\nokia\nokia suite\nokiasuite.exe
c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe
c:\program files (x86)\garmin\express tray\expresstray.exe
c:\program files\windows sidebar\sidebar.exe
c:\program files (x86)\sony\pmb\pmbvolumewatcher.exe
c:\program files\avast software\avast\avastui.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
c:\windows\system32\wisptis.exe
c:\program files (x86)\ati technologies\ati.ace\core-static\mom.exe
c:\program files (x86)\ati technologies\ati.ace\core-static\ccc.exe
c:\program files (x86)\google\update\googleupdate.exe
c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
c:\program files (x86)\google\update\1.3.22.3\googlecrashhandler.exe
c:\program files (x86)\google\update\1.3.22.3\googlecrashhandler64.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\svchost.exe -k wersvcgroup
c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
c:\windows\system32\wbem\wmiprvse.exe
c:\windows\system32\cscript.exe
.
============== pseudo hjt report ===============
.
ustart page = hxxp://www.zeelandnet.nl/index.php/
udefault_page_url = hxxp://www.google.com
mstart page = hxxp://www.google.com
msearch page = hxxp://www.google.com
mdefault_page_url = hxxp://www.google.com
mdefault_search_url = hxxp://www.google.com
msearchassistant = hxxp://www.google.com/
mcustomizesearch = hxxp://www.google.com/
bho: pdf architect helper: {3a2d5eba-f86d-4bd3-a177-019765996711} - c:\program files (x86)\pdf architect\pdfiehelper.dll
bho: java(tm) plug-in ssv helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre7\bin\ssv.dll
bho: avast! online security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
bho: aanmeldhulp voor windows live id: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
bho: java(tm) plug-in 2 ssv helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre7\bin\jp2ssv.dll
bho: hp network check helper: {e76fd755-c1ba-4dcb-9f13-99bd91223ade} - c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
tb: avast! online security: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
urun: [nokiasuite.exe] c:\program files (x86)\nokia\nokia suite\nokiasuite.exe -tray
urun: [lightscribe control panel] c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe -hidden
urun: [garminexpresstrayapp] c:\program files (x86)\garmin\express tray\expresstray.exe
urun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autorun
mrun: [mypoi monitor] c:\program files (x86)\common files\mypoiworld shared\mypoimonitor\mypoimonitor.exe
mrun: [pmbvolumewatcher] c:\program files (x86)\sony\pmb\pmbvolumewatcher.exe
mrun: [smkrun] c:\program files (x86)\justwrite office\screenmark.exe -i
mrun: [apsdaemon] c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
mrun: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun
mrun: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
mrun: [avastui.exe] c:\program files\avast software\avast\avastui.exe /nogui
mrun: [20131121] c:\program files\avast software\avast\setup\emupdate\991770ab-afc8-4779-a147-d7f72b2803a9.exe /check
mrun: [mobilegeni daemon] c:\program files (x86)\mobogenie\daemonprocess.exe
startupfolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\adobe gamma loader.exe
upolicies-explorer: nodrivetypeautorun = dword:145
mpolicies-explorer: enableshellexecutehooks = dword:1
mpolicies-explorer: noresolvetrack = dword:1
mpolicies-system: consentpromptbehavioradmin = dword:5
mpolicies-system: consentpromptbehavioruser = dword:3
mpolicies-system: enableuiadesktoptoggle = dword:0
mpolicies-system: hidefastuserswitching = dword:0
ie: {25510184-5a38-4a99-b273-dca8eef6cd08} - c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
ie: {36ecaf82-3300-8f84-092e-aff36d6c7040} - {86529161-034e-4f8a-88d2-3c625e612e04} - c:\program files (x86)\winhttrack\winhttrackiebar.dll
dpf: garmin communicator plug-in - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/garminaxcontrol_32.cab
dpf: {cb50428b-657f-47df-9b32-671f82aa73f7} - hxxp://www.photodex.com/pxplay.cab
dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
dpf: {f27237d7-93c8-44c2-ac6e-d6057b9a918f} - hxxps://webaccess.minvenw.nl/dana-cached/sc/junipersetupclient.cab
tcp: nameserver = 62.238.255.69 212.115.192.100
tcp: interfaces\{f2a0558d-b9c8-4c73-8a0e-4076cc58faf6} : dhcpnameserver = 62.238.255.69 212.115.192.100
handler: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files (x86)\windows live\photo gallery\albumdownloadprotocolhandler.dll
masetup: {10880d85-aad9-4558-abdc-2ab1552d831f} - c:\program files (x86)\common files\lightscribe\lsrunonce.exe
masetup: {8a69d345-d564-463c-aff1-a69d9e530f96} - c:\program files (x86)\google\chrome\application\31.0.1650.63\installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mstart page = hxxp://www.nationzoom.com/?type=hp&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx
x64-msearch page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx&q={searchterms}
x64-mdefault_page_url = hxxp://www.nationzoom.com/?type=hp&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx
x64-mdefault_search_url = hxxp://www.nationzoom.com/web/?type=ds&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx&q={searchterms}
x64-msearchassistant = hxxp://www.nationzoom.com/web/?type=ds&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx&q={searchterms}
x64-mcustomizesearch = hxxp://www.nationzoom.com/web/?type=ds&ts=1386550966&from=adks&uid=hitachixhds721010cla332_jp2940hd0s1ymc0s1ymcx&q={searchterms}
x64-bho: explorerwnd helper: {10921475-03ce-4e04-90ce-e2e7ef20c814} -
x64-bho: avast! online security: {318a227b-5e9f-45bd-8999-7f8f10ca4cf5} - c:\program files\avast software\avast\aswwebrepie64.dll
x64-bho: windows live id sign-in helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
x64-bho: hp network check helper: {e76fd755-c1ba-4dcb-9f13-99bd91223ade} - c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckpluginx64.dll
x64-tb: avast! online security: {318a227b-5e9f-45bd-8999-7f8f10ca4cf5} - c:\program files\avast software\avast\aswwebrepie64.dll
x64-run: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
x64-runonce: [ncpluginupdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe update
x64-ie: {25510184-5a38-4a99-b273-dca8eef6cd08} - c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
x64-dpf: {73ecb3aa-4717-450c-a2ab-d00dad9ee203} - hxxp://h20614.www2.hp.com/ediags/gmd/install/cab/hpdetect121.cab
x64-dpf: {aa570693-00e2-4907-b6f1-60a1199b030c} - hxxps://juniper.net/dana-cached/sc/junipersetupclient64.cab
x64-dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-handler: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - <orphaned>
.
============= services / drivers ===============
.
r0 aswrvrt;avast! revert;c:\windows\system32\drivers\aswrvrt.sys [2013-3-15 65776]
r0 aswvmm;avast! vm monitor;c:\windows\system32\drivers\aswvmm.sys [2013-3-15 205320]
r0 bthidbus;bluetooth hid bus service;c:\windows\system32\drivers\bthidbus.sys [2011-12-21 25056]
r1 aswsnx;aswsnx;c:\windows\system32\drivers\aswsnx.sys [2011-11-27 1032416]
r1 aswsp;aswsp;c:\windows\system32\drivers\aswsp.sys [2011-11-27 409832]
r1 csn5pdts82x64;csn5pdts82x64 ndis protocol driver;c:\windows\system32\drivers\csn5pdts82x64.sys [2013-10-24 34840]
r2 amd external events utility;amd external events utility;c:\windows\system32\atiesrxx.exe [2013-5-14 204288]
r2 aswfsblk;aswfsblk;c:\windows\system32\drivers\aswfsblk.sys [2011-11-27 38984]
r2 aswmonflt;aswmonflt;c:\windows\system32\drivers\aswmonflt.sys [2011-11-27 84328]
r2 avast! antivirus;avast! antivirus;c:\program files\avast software\avast\avastsvc.exe [2013-11-19 50344]
r2 ezsharedsvc;easybits services for windows;c:\windows\system32\ezsharedsvchost.exe --> c:\windows\system32\ezsharedsvchost.exe [?]
r2 garmin core update service;garmin core update service;c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe [2013-8-22 220504]
r2 hp support assistant service;hp support assistant service;c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe [2012-9-27 86528]
r2 mbamscheduler;mbamscheduler;c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe [2013-12-9 418376]
r2 mbamservice;mbamservice;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2013-12-9 701512]
r2 pmbdeviceinfoprovider;pmbdeviceinfoprovider;c:\program files (x86)\sony\pmb\pmbdeviceinfoprovider.exe [2009-10-24 360224]
r2 tabletservicepen;tabletservicepen;c:\program files\tablet\pen\pen_tablet.exe [2012-11-25 6583160]
r2 touchservicepen;wacom consumer touch service;c:\program files\tablet\pen\pen_touchservice.exe [2012-11-25 528760]
r2 tuneup.utilitiessvc;tuneup utilities service;c:\program files (x86)\tuneup utilities 2013\tuneuputilitiesservice64.exe [2013-10-11 2409272]
r3 atihdaudioservice;amd function driver for hd audio service;c:\windows\system32\drivers\atihdw76.sys [2013-5-14 231440]
r3 mbamprotector;mbamprotector;c:\windows\system32\drivers\mbam.sys [2013-12-9 25928]
r3 netr28x;ralink 802.11n extensible wireless driver;c:\windows\system32\drivers\netr28x.sys [2010-8-3 2431792]
r3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys [2010-8-3 346144]
r3 tuneuputilitiesdrv;tuneuputilitiesdrv;c:\program files (x86)\tuneup utilities 2013\tuneuputilitiesdriver64.sys [2012-9-19 11880]
r3 usbfilter;amd usb filter driver;c:\windows\system32\drivers\usbfilter.sys [2010-8-3 39480]
r3 wacmoumonitor;wacom mode helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-11-25 13312]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
s2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
s2 liveupdatesvc;liveupdate;c:\program files (x86)\iobit\liveupdate\liveupdate.exe --> c:\program files (x86)\iobit\liveupdate\liveupdate.exe [?]
s3 btcom;bluetooth serial port driver;c:\windows\system32\drivers\btcomport.sys [2011-7-27 29576]
s3 btcombus;bluetooth serial port bus service;c:\windows\system32\drivers\btcombus.sys [2011-7-27 25352]
s3 btnetbus;bluetooth pan bus service;c:\windows\system32\drivers\btnetbus.sys [2011-12-21 31968]
s3 ivtbtbus;ivt bluetooth bus service;c:\windows\system32\drivers\ivtbtbus.sys [2010-4-6 27016]
s3 ov550i;ovt scanner;c:\windows\system32\drivers\ov550ivx.sys [2008-2-21 196992]
s3 pcdsrvc{56782d80-7eacdb16-06000000}_0;pcdsrvc{56782d80-7eacdb16-06000000}_0 - pcdr kernel mode service helper driver;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [2010-1-19 23536]
s3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys [2011-11-28 59392]
s3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [2011-11-28 1255736]
s4 fabs;fabs - helping agent for magix media database;c:\program files (x86)\common files\magix services\database\bin\fabs.exe [2011-5-24 1840128]
s4 gamesappservice;gamesappservice;c:\program files (x86)\wildtangent games\app\gamesappservice.exe [2010-10-12 206072]
s4 pdf architect helper service;pdf architect helper service;c:\program files (x86)\pdf architect\helperservice.exe [2012-11-22 1522312]
s4 pdf architect service;pdf architect service;c:\program files (x86)\pdf architect\conversionservice.exe [2012-11-22 905864]
.
=============== file associations ===============
.
shellexec: ff30.exe: open=c:\program files (x86)\reallusion\facefilter3\ffapp.exe "%1"
.
=============== created last 30 ================
.
2013-12-10 00:28:48 -------- d-----w- c:\program files\enigma software group
2013-12-10 00:28:33 -------- d-----w- c:\windows\72aaf4551e54475bb0ab5413c78d0e63.tmp
2013-12-09 23:31:23 -------- d-----w- c:\adwcleaner
2013-12-09 06:20:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-09 06:20:05 -------- d-----w- c:\program files (x86)\malwarebytes' anti-malware
2013-12-09 05:58:01 -------- d-----w- c:\users\chris\grabit downloads
2013-12-09 01:05:17 -------- d-----w- c:\windows\system32\log
2013-12-09 01:04:17 -------- d-----w- c:\users\chris\.android
2013-12-09 01:04:15 -------- d-----w- c:\users\chris\appdata\local\cache
2013-12-09 01:04:14 -------- d-----w- c:\users\chris\appdata\local\mobogenie
2013-12-09 01:03:36 -------- d-----w- c:\program files (x86)\mobogenie
2013-12-09 01:03:19 -------- d-----w- c:\programdata\wpm
2013-12-07 00:31:55 10285968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f4bf6e58-afa9-4171-873f-9617e012be11}\mpengine.dll
2013-12-03 19:30:20 10285968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-12-03 08:26:56 -------- d-----w- c:\program files (x86)\citrix
2013-11-28 13:36:55 -------- d-----w- c:\users\chris\appdata\local\juniper networks
2013-11-19 19:35:34 -------- d-----w- c:\users\chris\appdata\roaming\avast software
2013-11-13 19:36:57 1474048 ----a-w- c:\windows\system32\crypt32.dll
.
==================== find3m ====================
.
2013-12-09 06:35:25 73216 ----a-w- c:\windows\st6unst.exe
2013-12-09 06:35:25 249856 ------w- c:\windows\setup1.exe
2013-12-04 06:56:40 71048 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2013-12-04 06:56:40 692616 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2013-11-19 19:33:16 92544 ----a-w- c:\windows\system32\drivers\aswrdr2.sys
2013-11-19 19:33:16 84328 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2013-11-19 19:33:16 65776 ----a-w- c:\windows\system32\drivers\aswrvrt.sys
2013-11-19 19:33:16 43152 ----a-w- c:\windows\avastss.scr
2013-11-19 19:33:16 205320 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2013-11-19 19:33:16 1032416 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2013-11-11 04:50:16 267936 ------w- c:\windows\system32\mpsigstub.exe
2013-10-12 08:45:20 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- c:\windows\syswow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- c:\windows\syswow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- c:\windows\syswow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- c:\windows\syswow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- c:\windows\system32\registeriepkeys.exe
2013-10-12 05:15:39 71680 ----a-w- c:\windows\syswow64\registeriepkeys.exe
2013-10-12 02:30:42 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- c:\windows\system32\ikeext.dll
2013-10-12 02:29:08 324096 ----a-w- c:\windows\system32\fwpuclnt.dll
2013-10-12 02:03:08 656896 ----a-w- c:\windows\syswow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- c:\windows\syswow64\fwpuclnt.dll
2013-10-11 14:38:12 35640 ----a-w- c:\windows\system32\turegopt.exe
2013-10-11 14:38:08 38200 ----a-w- c:\windows\system32\uxtuneup.dll
2013-10-11 14:38:08 30520 ----a-w- c:\windows\syswow64\uxtuneup.dll
2013-10-11 14:38:08 26936 ----a-w- c:\windows\system32\authuitu.dll
2013-10-11 14:38:08 22328 ----a-w- c:\windows\syswow64\authuitu.dll
2013-10-08 06:50:37 96168 ----a-w- c:\windows\syswow64\windowsaccessbridge-32.dll
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\syswow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- c:\windows\system32\smartcardcredentialprovider.dll
2013-10-04 02:25:17 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- c:\windows\syswow64\smartcardcredentialprovider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\syswow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- c:\windows\syswow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- c:\windows\syswow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- c:\windows\syswow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- c:\windows\syswow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- c:\windows\syswow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- c:\windows\system32\lsass.exe
.
============= finish: 4:27:58,46 ===============
[/hjt]
mbam log
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Databaseversie: v2013.12.10.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Chris :: CHRIS-HP [administrator]
10-12-2013 4:44:07
mbam-log-2013-12-10 (04-44-07).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 216540
Verstreken tijd: 4 minuut/minuten, 44 seconde
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)