• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

[Opgelost] iexplorer start automatisch

Status
Niet open voor verdere reacties.
T

tja12345

Junior lid
Lid geworden
26 okt 2008
Berichten
81
Waarderingsscore
0
Goedendag,

ik weet niet of een virus of malware de oorzaak is maar ik heb sinds enkele dagen het verschijnsel dat internet explorer automatisch wordt opgestart op de achtergrond, soms zelf meerder instances ervan. Als dit proces blijft lopen neemt het ook aardig wat geheugen in beslag, zelfs > 1 G.
Ik heb Mbam/Nod32 al laten scannen en ondanks na het vinden van enkele issues blijft het verschijnsel zich voordoen.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scandatum: 13-7-2014
Scantijd: 10:14:15
Logbestand: Mbamlog.txt
Beheerder: Ja

Versie: 2.00.2.1012
Malwaredatabase: v2014.07.13.01
Rootkitdatabase: v2014.07.09.01
Licentie: Gratis
Malwarebescherming: Uitgeschakeld
Kwaadaardige Website Bescherming: Uitgeschakeld
Self-protection: Uitgeschakeld

Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: Adminestrator

Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 300310
Verstreken Tijd: 20 m, 51 s

Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristics: Ingeschakeld
POP: Waarschuwen
POA: Ingeschakeld

Processen: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registersleutels: 0
(No malicious items detected)

Registerwaardes: 0
(No malicious items detected)

Registerdata: 0
(No malicious items detected)

Mappen: 0
(No malicious items detected)

Bestanden: 1
PUP.Optional.Soft32.A, C:\$Recycle.Bin\S-1-5-21-2484079096-2104976079-3194713389-1000\$R74AGI5.exe, , [8e773a65bac1d56183794df155acda26],

Fysieke Sectoren: 0
(No malicious items detected)


(end)

Heeft er iemand enig idee?

Bij voorbaat dank.
 
Re: iexplorer start automatisch

Je hebt het over iexplorer, klopt dat? Internet explorer is iexplore.exe, dus zonder "r" aan het einde. Heb je de eerste, dan is het vrijwel zeker een virus.
 
Re: iexplorer start automatisch

Het gaat hier om echt internet explore, of te wel iexplore.exe zonder een R. Het klopt als ik de bijbehorende bestandslocatie open, het is inderdaad de .exe vanuit de internet explorer map.

Zie onder:
Untitled.png
 
Laatst bewerkt door een moderator:
Re: iexplorer start automatisch

Dat ie in die map staat, betekent natuurlijk niets. Maar nogmaals, internet explorer is iexplore.exe, dus je hebt volgens mij een virus te pakken.

Heb je trouwens die "pup.optional..." in mbam wel laten verwijderen?

Je kunt je iexplorer.exe ook eens hier scannen: https://www.metascan-online.com/en
 
Laatst bewerkt door een moderator:
Re: iexplorer start automatisch

Download
52063a40e2e64-Farbar_Recovery_Scan_Tool_canned.png
Farbar Recovery Scan Tool 32 of 64 bit van n van de onderstaande links
Farbar Recovery Scan Tool 32 bit (x86)
Farbar Recovery Scan Tool 64 bit (x64)
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
FRST opstarten:
  • Windows 2000 en Windows XP: dubbelklik op FRST.exe.
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op FRST.exe of FRST64.exe en kies voor "Als Administrator uitvoeren".
FRST is opgestart:
  • Wanneer het programma is geopend klik dan op de knop Yes bij de disclaimer.


    53b7e197bbd45-farbar.jpg
    .

  • Druk vervolgens op de Scan knop.
  • Aansluitend zal een logbestand (FRST.txt) aangemaakt worden en op het bureaublad opgeslagen worden.
  • Post de inhoud van FRST.txt in je volgende bericht
.
 
Re: iexplorer start automatisch

En waarom niet die iexplorer.exe?

Maar goed, abraham is ook wakker, dus succes met z'n beiden. :)
 
Laatst bewerkt door een moderator:
Re: iexplorer start automatisch

De iexplorer.exe die zag ik niet in de map staan, ik heb denk een fout in de topic titel heb gemaakt :wall:

Hierbij de FRST log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2014
Ran by Adminestrator (administrator) on HENK on 13-07-2014 12:13:23
Running from C:\Users\Adminestrator\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-06] (Egis Technology Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2692520 2009-05-14] (ESET)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-08-12] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [128296 2009-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-08-05] (Acer Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2484079096-2104976079-3194713389-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2484079096-2104976079-3194713389-1000\...\MountPoints2: J - J:\Setup.exe
HKU\S-1-5-21-2484079096-2104976079-3194713389-1000\...\MountPoints2: {28bdffd6-7601-11e3-9b2a-00226865378c} - J:\VEKAROM.EXE
Startup: C:\Users\Adminestrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe (Leader Technologies)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.msn.com/?ocid=U218DHP&pc=U218
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - 1CE6DF0FEC674E10BC44AF7EED8176F2 URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_nl
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 212.54.35.25 212.54.40.25

FireFox:
========
FF ProfilePath: C:\Users\Adminestrator\AppData\Roaming\Mozilla\Firefox\Profiles\vh6q05ih.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pptv.com/plugin - C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.2130\npplugin2.dll (PPLive Corporation)
FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @qq.com/npqscall,version=1.0.0 - %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll (LizardTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: Adblock Plus - C:\Users\Adminestrator\AppData\Roaming\Mozilla\Firefox\Profiles\vh6q05ih.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-04]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-06-18]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-06-25]

==================== Services (Whitelisted) =================

S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-05-14] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [731840 2009-05-14] (ESET)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-08-28] ()
S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-05] (Disc Soft Ltd)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [142776 2009-05-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134024 2009-05-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [121152 2009-05-14] (ESET)
R3 gwfilt64; C:\Windows\System32\drivers\gwfilt64.sys [34840 2008-09-23] (Creative Technology Ltd.)
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-13 12:13 - 2014-07-13 12:13 - 00014510 _____ () C:\Users\Adminestrator\Desktop\FRST.txt
2014-07-13 12:13 - 2014-07-13 12:13 - 00000000 ___DC () C:\FRST
2014-07-13 12:11 - 2014-07-13 12:11 - 02086912 _____ (Farbar) C:\Users\Adminestrator\Desktop\FRST64.exe
2014-07-13 10:52 - 2014-07-13 10:52 - 11799332 _____ () C:\Users\Adminestrator\Desktop\iexplore.dmp
2014-07-13 10:49 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\Adminestrator\Desktop\procexp.exe
2014-07-13 10:49 - 2006-07-28 08:32 - 00007005 _____ () C:\Users\Adminestrator\Desktop\Eula.txt
2014-07-13 10:47 - 2012-10-15 13:23 - 00072154 _____ () C:\Users\Adminestrator\Desktop\procexp.chm
2014-07-13 10:46 - 2014-07-13 10:46 - 01243655 _____ () C:\Users\Adminestrator\Downloads\ProcessExplorer.zip
2014-07-13 09:37 - 2014-07-13 09:37 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-13 09:36 - 2014-07-13 09:37 - 61205128 _____ (Microsoft Corporation) C:\Users\Adminestrator\Downloads\EIE11_NL-NL_WOL_WIN764.EXE
2014-07-13 09:27 - 2014-07-13 09:28 - 59087056 _____ (Microsoft Corporation) C:\Users\Adminestrator\Downloads\IE11-Windows6.1-x64-nl-nl.exe
2014-07-13 09:07 - 2014-07-13 09:07 - 00003352 ____N () C:\bootsqm.dat
2014-07-13 09:06 - 2014-07-13 09:06 - 00000000 __SHD () C:\found.000
2014-07-12 21:06 - 2014-07-12 21:13 - 00000000 ____D () C:\Users\Adminestrator\Downloads\The Purge Anarchy 2014
2014-07-10 21:57 - 2014-07-13 08:42 - 00000000 ____D () C:\Users\Adminestrator\Downloads\The.Purge.2013.1080p.BluRay.x264.anoXmous
2014-07-09 05:20 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 05:20 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 05:20 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 05:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 05:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 05:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 05:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 05:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 05:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 20:36 - 2014-07-08 20:42 - 943840572 _____ () C:\Users\Adminestrator\Downloads\Godzilla.2014.720p.HDTS.900MB.ShAaNiG.com.mkv
2014-07-02 17:47 - 2014-07-02 17:47 - 01058200 _____ (Adobe) C:\Users\Adminestrator\Downloads\install_flashplayer14x32au_mssd_aaa_aih(1).exe
2014-06-30 21:50 - 2014-06-30 21:56 - 982502841 _____ () C:\Users\Adminestrator\Downloads\Troll Hunter, The (Eng hardsubbed).mkv
2014-06-22 15:51 - 2014-07-13 12:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-22 15:50 - 2014-06-22 15:50 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-22 15:50 - 2014-06-22 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-22 15:50 - 2014-06-22 15:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 15:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-22 15:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 17:51 - 2014-06-21 17:51 - 00000065 _____ () C:\Users\Adminestrator\Desktop\Samsung cashback acite.txt
2014-06-18 09:59 - 2014-06-18 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 05:08 - 2014-06-18 05:08 - 01058200 _____ (Adobe) C:\Users\Adminestrator\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe

==================== One Month Modified Files and Folders =======

2014-07-13 12:13 - 2014-07-13 12:13 - 00014510 _____ () C:\Users\Adminestrator\Desktop\FRST.txt
2014-07-13 12:13 - 2014-07-13 12:13 - 00000000 ___DC () C:\FRST
2014-07-13 12:12 - 2013-09-26 09:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-13 12:11 - 2014-07-13 12:11 - 02086912 _____ (Farbar) C:\Users\Adminestrator\Desktop\FRST64.exe
2014-07-13 12:08 - 2014-06-22 15:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 12:02 - 2013-06-30 17:18 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 11:55 - 2012-03-30 00:27 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-13 11:53 - 2009-12-17 03:41 - 00000000 ____D () C:\Users\Adminestrator\AppData\Local\Paint.NET
2014-07-13 11:46 - 2009-11-21 06:33 - 01802003 _____ () C:\Windows\WindowsUpdate.log
2014-07-13 11:06 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-13 11:06 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-13 11:02 - 2013-06-30 17:18 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 11:01 - 2012-05-05 10:28 - 00102852 _____ () C:\Windows\setupact.log
2014-07-13 11:01 - 2009-11-21 06:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-13 11:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-13 11:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-13 10:52 - 2014-07-13 10:52 - 11799332 _____ () C:\Users\Adminestrator\Desktop\iexplore.dmp
2014-07-13 10:46 - 2014-07-13 10:46 - 01243655 _____ () C:\Users\Adminestrator\Downloads\ProcessExplorer.zip
2014-07-13 09:37 - 2014-07-13 09:37 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-13 09:37 - 2014-07-13 09:36 - 61205128 _____ (Microsoft Corporation) C:\Users\Adminestrator\Downloads\EIE11_NL-NL_WOL_WIN764.EXE
2014-07-13 09:37 - 2013-11-26 06:34 - 00020874 _____ () C:\Windows\IE11_main.log
2014-07-13 09:28 - 2014-07-13 09:27 - 59087056 _____ (Microsoft Corporation) C:\Users\Adminestrator\Downloads\IE11-Windows6.1-x64-nl-nl.exe
2014-07-13 09:23 - 2009-11-17 18:19 - 00746260 _____ () C:\Windows\system32\perfh013.dat
2014-07-13 09:23 - 2009-11-17 18:19 - 00153466 _____ () C:\Windows\system32\perfc013.dat
2014-07-13 09:23 - 2009-07-14 07:13 - 01671986 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-13 09:18 - 2012-02-12 20:01 - 00000000 ____D () C:\Users\Adminestrator\AppData\Roaming\Dropbox
2014-07-13 09:17 - 2014-05-07 08:14 - 00000000 ____D () C:\Users\Adminestrator\AppData\Roaming\DropboxMaster
2014-07-13 09:17 - 2012-02-12 20:02 - 00000000 ___RD () C:\Users\Adminestrator\Dropbox
2014-07-13 09:07 - 2014-07-13 09:07 - 00003352 ____N () C:\bootsqm.dat
2014-07-13 09:06 - 2014-07-13 09:06 - 00000000 __SHD () C:\found.000
2014-07-13 08:43 - 2009-12-17 00:08 - 00000000 ____D () C:\Users\Adminestrator
2014-07-13 08:42 - 2014-07-10 21:57 - 00000000 ____D () C:\Users\Adminestrator\Downloads\The.Purge.2013.1080p.BluRay.x264.anoXmous
2014-07-13 08:42 - 2013-06-22 17:14 - 00000000 ____D () C:\Users\Adminestrator\AppData\Roaming\vlc
2014-07-13 08:42 - 2010-01-21 18:18 - 00000000 ____D () C:\Users\Adminestrator\AppData\Roaming\uTorrent
2014-07-13 08:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-12 21:59 - 2014-06-03 20:36 - 00023654 _____ () C:\Users\Adminestrator\Desktop\lijst.xlsx
2014-07-12 21:13 - 2014-07-12 21:06 - 00000000 ____D () C:\Users\Adminestrator\Downloads\The Purge Anarchy 2014
2014-07-12 18:03 - 2011-08-28 23:16 - 00268952 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-12 18:03 - 2011-08-28 23:16 - 00268952 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-11 19:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-11 17:49 - 2010-02-08 20:49 - 00000000 ____D () C:\Users\Adminestrator\Documents\Tencent Files
2014-07-10 21:24 - 2011-08-28 23:16 - 00268952 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-10 19:57 - 2009-12-17 01:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-09 23:44 - 2011-08-23 22:19 - 00000000 ____D () C:\Program Files (x86)\Wolfenstein - Enemy Territory
2014-07-09 20:40 - 2009-07-14 06:45 - 00443504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 20:39 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 05:47 - 2013-07-30 23:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 05:46 - 2009-12-17 20:03 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 05:45 - 2009-08-15 04:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-08 20:42 - 2014-07-08 20:36 - 943840572 _____ () C:\Users\Adminestrator\Downloads\Godzilla.2014.720p.HDTS.900MB.ShAaNiG.com.mkv
2014-07-08 19:55 - 2012-03-30 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 19:55 - 2012-03-30 00:27 - 00003878 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 19:55 - 2011-05-16 00:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-02 17:47 - 2014-07-02 17:47 - 01058200 _____ (Adobe) C:\Users\Adminestrator\Downloads\install_flashplayer14x32au_mssd_aaa_aih(1).exe
2014-07-02 11:45 - 2010-04-10 00:03 - 00000000 ____D () C:\Users\Adminestrator\AppData\Roaming\Skype
2014-06-30 21:56 - 2014-06-30 21:50 - 982502841 _____ () C:\Users\Adminestrator\Downloads\Troll Hunter, The (Eng hardsubbed).mkv
2014-06-23 05:30 - 2009-08-15 04:56 - 00816182 _____ () C:\Windows\PFRO.log
2014-06-22 16:03 - 2013-06-08 10:13 - 00000000 ____D () C:\Windows\Symbols
2014-06-22 15:50 - 2014-06-22 15:50 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-22 15:50 - 2014-06-22 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-22 15:50 - 2014-06-22 15:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-22 15:50 - 2009-12-17 01:38 - 00000000 ____D () C:\Users\Adminestrator\AppData\Roaming\Malwarebytes
2014-06-22 15:50 - 2009-12-17 01:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-22 15:50 - 2009-12-17 01:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-21 17:51 - 2014-06-21 17:51 - 00000065 _____ () C:\Users\Adminestrator\Desktop\Samsung cashback acite.txt
2014-06-20 19:57 - 2013-06-30 17:18 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 19:57 - 2013-06-30 17:18 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 11:34 - 2012-04-28 00:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 09:59 - 2014-06-18 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 05:08 - 2014-06-18 05:08 - 01058200 _____ (Adobe) C:\Users\Adminestrator\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-06-18 04:18 - 2014-07-09 05:20 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-09 05:20 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-09 05:20 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Adminestrator\AppData\Local\Temp\AutoRun.exe
C:\Users\Adminestrator\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Adminestrator\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphe56bj.dll
C:\Users\Adminestrator\AppData\Local\Temp\eauninstall.exe
C:\Users\Adminestrator\AppData\Local\Temp\fwupnp.dll
C:\Users\Adminestrator\AppData\Local\Temp\hotchannel.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Adminestrator\AppData\Local\Temp\logclient.dll
C:\Users\Adminestrator\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Adminestrator\AppData\Local\Temp\msvcr80.dll
C:\Users\Adminestrator\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Adminestrator\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Adminestrator\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Adminestrator\AppData\Local\Temp\nvStInst.exe
C:\Users\Adminestrator\AppData\Local\Temp\qqsafeud.exe
C:\Users\Adminestrator\AppData\Local\Temp\rootsupd.exe
C:\Users\Adminestrator\AppData\Local\Temp\SC4_uninst.exe
C:\Users\Adminestrator\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Adminestrator\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Adminestrator\AppData\Local\Temp\sfextra.dll
C:\Users\Adminestrator\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Adminestrator\AppData\Local\Temp\SimPack.exe
C:\Users\Adminestrator\AppData\Local\Temp\tipsbubble.dll
C:\Users\Adminestrator\AppData\Local\Temp\tipsclient.dll
C:\Users\Adminestrator\AppData\Local\Temp\tipsdone.dll
C:\Users\Adminestrator\AppData\Local\Temp\Uninstaller-920.exe
C:\Users\Adminestrator\AppData\Local\Temp\uttEF37.tmp.exe
C:\Users\Adminestrator\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Adminestrator\AppData\Local\Temp\zlib1.dll
C:\Users\Adminestrator\AppData\Local\Temp\_is337B.exe
C:\Users\Adminestrator\AppData\Local\Temp\_is72FA.exe
C:\Users\Adminestrator\AppData\Local\Temp\_isD3A5.exe
C:\Users\Adminestrator\AppData\Local\Temp\_isDFBB.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 16:31

==================== End Of Log ============================
 
Re: iexplorer start automatisch

Iexplore.exe is legitiem; zo wordt Internet Explorer weergegeven in onder andere Taakbeheer.

@ tja12345: doe nu datgene wat in mijn vorige bericht staat.
 
Re: iexplorer start automatisch

Abraham54 zei:
@ tja12345: doe nu datgene wat in mijn vorige bericht staat.
Klik om te vergroten...

Hey Abraham54, gedaan wat je vroeg en de log staat in mijn voorlaatste post, kan je iets hiermee?
 
Re: iexplorer start automatisch

Doe nu onderstaande:

Stap 1
Download
5204fb054866c-TFC_nieuw_25x25.png
TFC/TheFileCleaner
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

TFC opstarten:
  • Windows 2000 en Windows XP: dubbelklik op TFC.exe.
  • Windows Vista, Windows 7 en Windows 8 rechtsklik op TFC.exe en kies "Als Administrator uitvoeren".
  • Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
  • Vervolgens klik je op de knop Start om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht tot TFC klaar is.
  • Indien TFC gereed is, dan kan de melding komen, dat de computer opnieuw opgestart wordt.
  • Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
  • Noot: TFC vertoont geen log!
  • Je mag TFC blijvend gebruiken

Stap 2
Download
522adc2487fb5-SecurityCheck_cannednieuw.jpg
Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:
  • Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
  • Windows Vista, Windows 7 en Windows 8 rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
  • Let op de instrukties in het zwarte venster.
  • Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
  • Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.
Post de inhoud van checkup.txt in jouw volgende post

Alternatieve downloadlink: http://www.bleepingcomputer.com/download/securitycheck/
 
Re: iexplorer start automatisch

Hey Abraham54 ik heb je instructies opgevolgd, hierbij de inhoud van de checkup.txt

Results of screen317's Security Check version 0.99.85
x64
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
ESET NOD32 Antivirus 4.0
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Java version out of Date!
Adobe Flash Player 14.0.0.145
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Re: iexplorer start automatisch

Gebruik vanaf nu enkel de 64-bit versie van Java.

Download eerst Java SE Runtime Environment 7 Update 60 Windows Offline (64-bits) groot 29,5 MB

Echter nog niet de nieuwe versie installeren!

Ga daarna eerst naar Configuratiescherm
  • Software - Windows 2000/Windows XP
  • Programma's en onderdelen - Windows Vista, Windows 7 en Windows 8
en verwijder Java 7 Update 55.

Belangrijk: start nu eerst PC of notebook opnieuw op, zodat de oude Java instellingen verwijderd worden.
Nadat de computer opnieuw is opgestart, mag de nieuwste Java versie genstalleerd worden.


Download
51c590ce361e7-ComboFix_resized_2.png
ComboFix via n van deze locaties:
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Start dan de computer opnieuw op.
 
Re: iexplorer start automatisch

Als je java niet per se nodig hebt, zou ik deze geheel verwijderen.
 
Re: iexplorer start automatisch

Hierbij de log van ComboFix.txt:

[hjt]
combofix 14-07-14.01 - adminestrator 14-07-2014 18:59:15.1.8 - x64
microsoft windows 7 home premium 6.1.7601.1.1252.31.1043.18.6135.3977 [gmt 2:00]
gestart vanuit: c:\users\adminestrator\desktop\combofix.exe
av: eset nod32 antivirus 4.0 *disabled/updated* {cb0f8167-5331-ba19-698e-64816b6801a5}
sp: eset nod32 antivirus 4.0 *disabled/updated* {706e6083-750b-b597-533e-5ff310ef4b18}
sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\common files\acer gamezone online.ico
c:\users\adminestrator\appdata\roaming\.#
c:\users\adminestrator\appdata\roaming\microsoft\windows\start menu\programs\startup\powerreg scheduler v3.exe
c:\windows\syswow64\kindling.dll
c:\windows\syswow64\pptvlauncher.exe
d:\install.exe
.
.
(((((((((((((((((((( bestanden gemaakt van 2014-06-14 to 2014-07-14 ))))))))))))))))))))))))))))))
.
.
2014-07-14 17:05 . 2014-07-14 17:05 -------- d-----w- c:\users\default\appdata\local\temp
2014-07-14 16:53 . 2014-07-14 16:53 313256 ----a-w- c:\windows\system32\javaws.exe
2014-07-14 16:53 . 2014-07-14 16:53 111016 ----a-w- c:\windows\system32\windowsaccessbridge-64.dll
2014-07-14 16:53 . 2014-07-14 16:53 189352 ----a-w- c:\windows\system32\javaw.exe
2014-07-14 16:53 . 2014-07-14 16:53 189352 ----a-w- c:\windows\system32\java.exe
2014-07-13 14:01 . 2014-07-13 14:03 -------- d-----w- c:\users\adminestrator\appdata\roaming\mount&blade warband
2014-07-13 10:13 . 2014-07-13 10:14 -------- dc----w- c:\frst
2014-07-13 07:06 . 2014-07-13 07:06 -------- d-----w- c:\found.000
2014-07-11 16:24 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1e333ea6-41f1-4d9d-8b6d-fda14c701711}\mpengine.dll
2014-06-22 13:51 . 2014-07-14 16:56 122584 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-06-22 13:50 . 2014-06-22 13:50 -------- d-----w- c:\program files (x86)\malwarebytes anti-malware
2014-06-22 13:50 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-22 13:50 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-12 16:03 . 2011-08-28 21:16 268952 ----a-w- c:\windows\syswow64\pnkbstrb.exe
2014-07-12 16:03 . 2011-08-28 21:16 268952 ----a-w- c:\windows\syswow64\pnkbstrb.xtr
2014-07-10 19:24 . 2011-08-28 21:16 268952 ----a-w- c:\windows\syswow64\pnkbstrb.ex0
2014-07-09 03:46 . 2009-12-17 18:03 96441528 ----a-w- c:\windows\system32\mrt.exe
2014-07-08 17:55 . 2012-03-29 22:27 699056 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2014-07-08 17:55 . 2011-05-15 22:23 71344 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2014-06-06 10:47 . 2014-06-06 10:47 4558848 ----a-w- c:\windows\syswow64\gphotos.scr
2014-05-12 05:25 . 2009-12-16 23:38 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-25 02:34 . 2014-06-12 07:46 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-12 07:46 626688 ----a-w- c:\windows\syswow64\usp10.dll
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrive1]
@="{f241c880-6982-4ce5-8cf7-7085ba96da5a}"
[hkey_classes_root\clsid\{f241c880-6982-4ce5-8cf7-7085ba96da5a}]
2013-10-11 14:03 220632 ----a-w- c:\users\adminestrator\appdata\local\microsoft\skydrive\16.4.6013.0910\skydriveshell.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrive2]
@="{a0396a93-dc06-4aef-bee9-95ffccaef20e}"
[hkey_classes_root\clsid\{a0396a93-dc06-4aef-bee9-95ffccaef20e}]
2013-10-11 14:03 220632 ----a-w- c:\users\adminestrator\appdata\local\microsoft\skydrive\16.4.6013.0910\skydriveshell.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrive3]
@="{bbacc218-34ea-4666-9d7a-c78f2274a524}"
[hkey_classes_root\clsid\{bbacc218-34ea-4666-9d7a-c78f2274a524}]
2013-10-11 14:03 220632 ----a-w- c:\users\adminestrator\appdata\local\microsoft\skydrive\16.4.6013.0910\skydriveshell.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext1]
@="{fb314ed9-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ed9-a251-47b7-93e1-cdd82e34af8b}]
2013-09-11 02:09 131248 ----a-w- c:\users\adminestrator\appdata\roaming\dropbox\bin\dropboxext.22.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext2]
@="{fb314eda-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314eda-a251-47b7-93e1-cdd82e34af8b}]
2013-09-11 02:09 131248 ----a-w- c:\users\adminestrator\appdata\roaming\dropbox\bin\dropboxext.22.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext3]
@="{fb314edb-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edb-a251-47b7-93e1-cdd82e34af8b}]
2013-09-11 02:09 131248 ----a-w- c:\users\adminestrator\appdata\roaming\dropbox\bin\dropboxext.22.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext4]
@="{fb314edc-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edc-a251-47b7-93e1-cdd82e34af8b}]
2013-09-11 02:09 131248 ----a-w- c:\users\adminestrator\appdata\roaming\dropbox\bin\dropboxext.22.dll
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egispsdp]
@="{30a0a3f6-38ac-4c53-bb8b-0d95238e25ba}"
[hkey_classes_root\clsid\{30a0a3f6-38ac-4c53-bb8b-0d95238e25ba}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\egistec\mywinlocker 3\x86\psdprotect.dll
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"daemon tools lite"=c:\program files (x86)\daemon tools lite\dtlite.exe [2013-10-28 3675352]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"backupmanagertray"=c:\program files (x86)\newtech infosystems\acer backup manager\backupmanagertray.exe [2009-08-12 261888]
"egistecliveupdate"=c:\program files (x86)\egistec egis software update\egisupdate.exe [2009-08-04 199464]
"adobe reader speed launcher"=c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe [2013-05-08 41056]
"arcadedeluxeagent"=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe [2009-08-01 128296]
"playmovie"=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe [2009-08-05 181480]
"groovemonitor"=c:\program files (x86)\microsoft office\office12\groovemonitor.exe [2009-02-26 30040]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2013-04-04 958576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"consentpromptbehavioruser"= 3 (0x3)
"enablelua"= 0 (0x0)
"enableuiadesktoptoggle"= 0 (0x0)
"promptonsecuredesktop"= 0 (0x0)
.
[hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[hkey_local_machine\system\currentcontrolset\control\keyboard layouts\e0200804]
ime file reg_sz pinyinput.ime
.
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [x]
r2 skypeupdate;skype updater;c:\program files (x86)\skype\updater\updater.exe;c:\program files (x86)\skype\updater\updater.exe [x]
r3 brynsvc;brynsvc;c:\program files (x86)\browny02\brynsvc.exe;c:\program files (x86)\browny02\brynsvc.exe [x]
r3 iamtve;driver for intel(r) active management technology - kcs;c:\windows\system32\drivers\iamtve.sys;c:\windows\sysnative\drivers\iamtve.sys [x]
r3 iamtxpe;driver for intel(r) active management technology - kcs;c:\windows\system32\drivers\iamtxpe.sys;c:\windows\sysnative\drivers\iamtxpe.sys [x]
r3 ieetwcollectorservice;internet explorer etw collector service;c:\windows\system32\ieetwcollector.exe;c:\windows\sysnative\ieetwcollector.exe [x]
r3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd162x64.sys;c:\windows\sysnative\drivers\qd162x64.sys [x]
r3 ioatdma2;intel(r) quickdata technology device ver.2;c:\windows\system32\drivers\qd262x64.sys;c:\windows\sysnative\drivers\qd262x64.sys [x]
r3 msicdsetup;msicdsetup;e:\cdriver64.sys;e:\cdriver64.sys [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\sysnative\drivers\tsusbflt.sys [x]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe;c:\windows\sysnative\wat\watadminsvc.exe [x]
s1 dtsoftbus01;daemon tools virtual bus driver;c:\windows\system32\drivers\dtsoftbus01.sys;c:\windows\sysnative\drivers\dtsoftbus01.sys [x]
s1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys;c:\windows\sysnative\drivers\ehdrv.sys [x]
s1 mwlpsdfilter;mwlpsdfilter;c:\windows\system32\drivers\mwlpsdfilter.sys;c:\windows\sysnative\drivers\mwlpsdfilter.sys [x]
s1 mwlpsdnserv;mwlpsdnserv;c:\windows\system32\drivers\mwlpsdnserv.sys;c:\windows\sysnative\drivers\mwlpsdnserv.sys [x]
s1 mwlpsdvdisk;mwlpsdvdisk;c:\windows\system32\drivers\mwlpsdvdisk.sys;c:\windows\sysnative\drivers\mwlpsdvdisk.sys [x]
s2 ekrn;eset service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [x]
s2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys;c:\windows\sysnative\drivers\epfwwfpr.sys [x]
s2 greg_service;gregservice;c:\program files (x86)\acer\registration\greghsrw.exe;c:\program files (x86)\acer\registration\greghsrw.exe [x]
s2 mwlservice;mywinlocker service;c:\program files (x86)\egistec\mywinlocker 3\x86\\mwlservice.exe;c:\program files (x86)\egistec\mywinlocker 3\x86\\mwlservice.exe [x]
s2 nti ischedulesvc;nti ischedulesvc;c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe;c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe [x]
s2 stereo service;nvidia stereoscopic 3d driver service;c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe;c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe [x]
s2 updater service;updater service;c:\program files\acer\acer updater\updaterservice.exe;c:\program files\acer\acer updater\updaterservice.exe [x]
s3 e1yexpress;intel(r) gigabit network connections driver;c:\windows\system32\drivers\e1y62x64.sys;c:\windows\sysnative\drivers\e1y62x64.sys [x]
s3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys;c:\windows\sysnative\drivers\gwfilt64.sys [x]
.
.
--- andere services/drivers in geheugen ---
.
*deregistered* - procexp152
.
inhoud van de 'gedeelde taken' map
.
2014-07-14 c:\windows\tasks\adobe flash player updater.job
- c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2012-03-29 17:55]
.
2014-07-14 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2013-06-30 15:18]
.
2014-07-14 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2013-06-30 15:18]
.
.
--------- x64 entries -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrive1]
@="{f241c880-6982-4ce5-8cf7-7085ba96da5a}"
[hkey_classes_root\clsid\{f241c880-6982-4ce5-8cf7-7085ba96da5a}]
2013-10-11 14:03 244696 ----a-w- c:\users\adminestrator\appdata\local\microsoft\skydrive\16.4.6013.0910\amd64\skydriveshell64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrive2]
@="{a0396a93-dc06-4aef-bee9-95ffccaef20e}"
[hkey_classes_root\clsid\{a0396a93-dc06-4aef-bee9-95ffccaef20e}]
2013-10-11 14:03 244696 ----a-w- c:\users\adminestrator\appdata\local\microsoft\skydrive\16.4.6013.0910\amd64\skydriveshell64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ skydrive3]
@="{bbacc218-34ea-4666-9d7a-c78f2274a524}"
[hkey_classes_root\clsid\{bbacc218-34ea-4666-9d7a-c78f2274a524}]
2013-10-11 14:03 244696 ----a-w- c:\users\adminestrator\appdata\local\microsoft\skydrive\16.4.6013.0910\amd64\skydriveshell64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext1]
@="{fb314ed9-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314ed9-a251-47b7-93e1-cdd82e34af8b}]
2013-09-11 02:09 164016 ----a-w- c:\users\adminestrator\appdata\roaming\dropbox\bin\dropboxext64.22.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext2]
@="{fb314eda-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314eda-a251-47b7-93e1-cdd82e34af8b}]
2013-09-11 02:09 164016 ----a-w- c:\users\adminestrator\appdata\roaming\dropbox\bin\dropboxext64.22.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext3]
@="{fb314edb-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edb-a251-47b7-93e1-cdd82e34af8b}]
2013-09-11 02:09 164016 ----a-w- c:\users\adminestrator\appdata\roaming\dropbox\bin\dropboxext64.22.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\dropboxext4]
@="{fb314edc-a251-47b7-93e1-cdd82e34af8b}"
[hkey_classes_root\clsid\{fb314edc-a251-47b7-93e1-cdd82e34af8b}]
2013-09-11 02:09 164016 ----a-w- c:\users\adminestrator\appdata\roaming\dropbox\bin\dropboxext64.22.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egispsdp]
@="{30a0a3f6-38ac-4c53-bb8b-0d95238e25ba}"
[hkey_classes_root\clsid\{30a0a3f6-38ac-4c53-bb8b-0d95238e25ba}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\egistec\mywinlocker 3\x64\psdprotect.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"mwldaemon"=c:\program files (x86)\egistec\mywinlocker 3\x86\mwldaemon.exe [2009-08-06 349480]
"iaanotif"=c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe [2009-08-07 186904]
"egui"=c:\program files\eset\eset nod32 antivirus\egui.exe [2009-05-14 2692520]
"rthdvcpl"=c:\program files\realtek\audio\hda\ravcpl64.exe [2013-03-29 13513288]
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
mlocal page = c:\windows\syswow64\blank.htm
trusted zone: clonewarsadventures.com
trusted zone: freerealms.com
trusted zone: soe.com
trusted zone: sony.com
tcp: dhcpnameserver = 212.54.35.25 212.54.40.25
ff - profilepath - c:\users\adminestrator\appdata\roaming\mozilla\firefox\profiles\vh6q05ih.default\
.
.
------- bestandsassociaties -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - orphans verwijderd - - - -
.
toolbar-locked - (no file)
safeboot-mcods
hklm_wow6432node-activesetup-{2d46b6dc-2207-486b-b523-a557e6d54b47} - start
toolbar-locked - (no file)
addremove-ppstream - d:\pps.tv\ppstream\unpps.exe
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_users\s-1-5-21-2484079096-2104976079-3194713389-1000\software\securom\!caution! never a or change any key*]
"??"=hex:22,56,bf,d5,e2,08,c5,c8,cb,eb,c8,92,4f,4f,00,7f,26,78,b1,62,0e,b3,81,
df,be,46,34,49,af,40,21,c0,f0,25,3b,28,07,c6,cf,9f,5d,c5,cf,13,51,da,3b,8f,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[hkey_users\s-1-5-21-2484079096-2104976079-3194713389-1000\software\securom\license information*]
"datasecu"=hex:67,9d,1d,b2,ee,80,6a,5c,31,e6,13,2e,ff,0a,cd,c6,a1,17,e4,e0,21,
7a,09,72,33,2c,7c,71,95,c9,ad,6d,f7,15,3d,b1,2d,47,ba,48,40,11,29,2b,ef,5a,\
"rkeysecu"=hex:4a,5e,88,ca,ed,3d,d8,55,23,5b,80,96,f1,78,d0,f2
.
[hkey_local_machine\software\classes\wow6432node\clsid\{0be09cc1-42e0-11dd-ae16-0800200c9a66}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\system32\\macromed\\flash\\flashutil10a.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{0be09cc1-42e0-11dd-ae16-0800200c9a66}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{0be09cc1-42e0-11dd-ae16-0800200c9a66}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil10a.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{0be09cc1-42e0-11dd-ae16-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\fldbg10a.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.10"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\fldbg10a.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\fldbg10a.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\fldbg10a.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{ddf4ce26-4bda-42bc-b0f0-0e75243ad285}]
@denied: (a 2) (everyone)
@="iflashbroker2"
.
[hkey_local_machine\software\classes\wow6432node\interface\{ddf4ce26-4bda-42bc-b0f0-0e75243ad285}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{ddf4ce26-4bda-42bc-b0f0-0e75243ad285}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
voltooingstijd: 2014-07-14 19:08:28
combofix-quarantined-files.txt 2014-07-14 17:08
.
pre-run: 167.206.686.720 bytes beschikbaar
post-run: 166.976.688.128 bytes beschikbaar
.
- - end of file - - b0464a69e3c7aa062ab61f1a97aa3aec
70e629b51c16b3c007730c6ae57144c9

[/hjt]
 
Re: iexplorer start automatisch

Je gebruikt een al gedateerd Eset/Nod32 antivirusprogramma - is deze software soms via een fix geactiveerd?
 
Re: iexplorer start automatisch

Niet dat ik weet, moet er een nieuwere versie komen?
 
Re: iexplorer start automatisch

Hey Abraham54,

bedankt voor je hulp. Ik heb Nod32 gedeinstalleerd en je advies in de link betreffende antivirus software opgevolgd en 360InternetSecurity geinstalleerd. Echte geeft deze na een quick scan alleen SecurityChecker.exe als mogelijke Trojan aan en het probleem blijft zich voordoen :wall:
 
Re: iexplorer start automatisch

Dat is de Bitdefender engine, tools die scripts gebruiken zijn altijd verdacht voor beveiligingssoftware.
Wat vindt jij voor de rest de werking van deze beveiliging?
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan