Ga naar inhoud

EightFourSix

Lid
  • Items

    31
  • Registratiedatum

  • Laatst bezocht

EightFourSix's prestaties

  1. Ok, dat is gelukt! Verder nog iets? Mag die Emisoft emergency kit en CCleaner gebruikt blijven worden om regelmatig de pc te scannen?
  2. Ccleaner heb ik gedaan.. Bij combofix verwijderen krijg ik het bericht: "Kan het bestand Combofix niet vinden. Controleer of u de naam juist hebt ingevoerd."
  3. Nee precies niet.. Kzou alleen nog een andere antivirus willen installeren.. En wat moet er gebeuren met de programma's zoals zoek, combofix, dds...?
  4. Zoek.exe Version 4.0.0.1 Updated 08-February-2013 Tool run by Annaïck on vr 08/02/2013 at 16:58:03,21. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\prefs.js: user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=115845&tt=4512_2&babsrc=HP_ss&mntrId=68a5d85400000000000000234dd3ad49"); user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://search.conduit.com/?ctid=CT2776682&SearchSource=13"); user_pref("browser.search.defaulturl", ""); user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="); user_pref("browser.newtab.url", "http://search.babylon.com/?affID=115845&tt=4512_2&babsrc=NT_ss&mntrId=68a5d85400000000000000234dd3ad49"); user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Ask.com"); user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"); Added to C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\prefs.js: ==== Firefox Extensions ====================== ProfilePath: C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default - Undetermined - C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF - Conduit Engine - %ProfilePath%\extensions\engine@conduit.com - <Description><em:locale>ru-<em:locale>Ask Toolbar<em:description> <em:description><Description> - %ProfilePath%\extensions\toolbar@ask.com - Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} - BrotherSoft Extreme Community Toolbar - %ProfilePath%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} - Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - <?xml version=1.0?><RDF xmlns=http:PC Helpforum - Gratis hulp bij computer problemen xmlns:em=http:www.mozilla.org2004em-rdf><Description about=urn:mozilla:install-manifest><em:id>xpiral@gmail.com<em:id>Ver Pelis<em:version>3.1<em:version><em:description>Permite ver videos online alojados en diferentes servidores a travs de Ver-Pelis.net<em:description><em:creator>Ver Pelis<em:creator><em:homepageURL>http:www.ver-pelis.net<em:homepageURL><em:targetApplication><Description><em:id>ec8030f7-c20a-464f-9b0e-13a3a9e97384<em:id><em:minVersion>2.0<em:minVersion><em:maxVersion>20.<em:maxVersion><Description><em:targetApplication><Description><RDF> - %ProfilePath%\extensions\xpiral@gmail.com.xpi - Undetermined - %ProfilePath%\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - SweetPacks Toolbar for Firefox - %ProfilePath%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - shARES Toolbar - %AppDir%\extensions\{9c905b42-976e-43c1-bc30-fc5937017909} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - Undetermined - %AppDir%\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} ==== Firefox Plugins ======================
  5. ComboFix 13-02-07.02 - Annaïck 08/02/2013 16:23:42.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1648 [GMT 1:00] Gestart vanuit: c:\users\Anna´ck\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\ESET\MiNODLogin c:\program files\ESET\MiNODLogin\MiNODLogin.jar c:\program files\ESET\MiNODLogin\servidores.xml c:\program files\Smiley Bar for Facebook\ScRIpthost.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2013-01-08 to 2013-02-08 )))))))))))))))))))))))))))))) . . 2013-02-08 15:34 . 2013-02-08 15:34 -------- d-----w- c:\users\Gast\AppData\Local\temp 2013-02-08 15:34 . 2013-02-08 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 15:15 . 2013-02-08 15:15 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E884D55-D7D7-4E1B-9405-DD0920526B5A}\offreg.dll 2013-02-08 09:08 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E884D55-D7D7-4E1B-9405-DD0920526B5A}\mpengine.dll 2013-02-07 09:36 . 2013-02-07 09:37 -------- d-----w- c:\users\Annaïck\AppData\Local\{763A878E-F84A-4CB4-A2A7-087A71571CA2} 2013-02-06 11:14 . 2013-02-06 11:14 -------- d-----w- c:\users\Annaïck\AppData\Local\{AEDEA490-6E3A-409B-A50C-822ABBA3D580} 2013-02-05 13:42 . 2013-02-05 13:42 -------- d-----w- c:\users\Annaïck\AppData\Local\{EC09933C-656D-4B65-A4D7-1F7551CD1E15} 2013-02-04 15:22 . 2013-02-08 15:34 -------- d-----w- c:\users\Annaïck\AppData\Local\Temp 2013-02-04 15:22 . 2013-02-04 15:22 -------- d-----w- c:\users\Anna´ck 2013-02-04 11:52 . 2013-02-04 11:52 -------- d-----w- c:\users\Annaïck\AppData\Local\{DB79D774-AC7B-45DB-9174-3C126B368D76} 2013-02-03 13:20 . 2013-02-03 13:20 -------- d-----w- c:\users\Annaïck\AppData\Local\{C8CEBBEB-565A-4ED0-9647-47EA938376A4} 2013-01-31 19:24 . 2013-01-31 19:24 -------- d-----w- c:\users\Annaïck\AppData\Local\{14DA63E1-C7F7-4B26-A323-49D1004A385E} 2013-01-30 00:53 . 2013-01-30 00:53 -------- d-----w- c:\users\Annaïck\AppData\Local\{7FD168C3-A5D3-45BE-808F-11FBAF462EF2} 2013-01-28 15:43 . 2013-01-28 15:43 -------- d-----w- c:\users\Annaïck\AppData\Local\{99762EC7-FCA7-4A9F-8050-C27F7F996EE0} 2013-01-27 22:50 . 2013-01-27 22:50 -------- d-----w- c:\users\Annaïck\AppData\Local\{1C3C1F70-2019-4D94-9F8F-5BB18A3354A6} 2013-01-24 23:03 . 2013-01-24 23:03 -------- d-----w- c:\users\Annaïck\AppData\Local\{36E8A72D-80DC-4F65-9AB9-D8BEDADE6590} 2013-01-23 09:41 . 2013-01-23 09:42 -------- d-----w- c:\users\Annaïck\AppData\Local\{E201D2E9-4A9E-4CB0-A41F-2B05AFB0933D} 2013-01-20 17:54 . 2013-01-20 17:54 -------- d-----w- c:\users\Annaïck\AppData\Local\{6686B29C-B4D9-4F3A-971A-591DC4E68627} 2013-01-20 00:42 . 2013-01-20 00:42 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-01-20 00:42 . 2013-01-20 00:42 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2013-01-20 00:41 . 2013-01-20 00:41 193168 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2013-01-20 00:41 . 2013-01-20 00:41 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2013-01-20 00:41 . 2013-01-20 00:41 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2013-01-20 00:41 . 2013-01-20 00:41 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2013-01-20 00:41 . 2013-01-20 00:41 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2013-01-20 00:41 . 2013-01-20 00:41 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2013-01-18 23:08 . 2013-01-18 23:08 -------- d-----w- c:\users\Annaïck\AppData\Local\{D3E33869-FAE2-4B66-8D88-9B2BD35AB04B} 2013-01-17 23:35 . 2013-01-17 23:35 -------- d-----w- c:\users\Annaïck\AppData\Local\{6D119DDF-F5BB-4FEE-9F70-72517F427398} 2013-01-15 20:12 . 2013-01-15 20:12 -------- d-----w- c:\users\Annaïck\AppData\Local\{FE427EFB-FADD-41BD-853D-505A092C7E15} 2013-01-14 11:08 . 2013-01-14 11:08 -------- d-----w- c:\users\Annaïck\AppData\Local\{80224204-2E1D-4241-B534-8062AF83601A} 2013-01-13 20:22 . 2013-01-13 20:22 -------- d-----w- c:\users\Annaïck\AppData\Local\APN 2013-01-13 20:05 . 2013-01-13 20:05 -------- d-----w- c:\users\Annaïck\AppData\Local\{55F50B09-8D2B-433D-8513-5D69BDEFC2D8} 2013-01-12 18:17 . 2013-01-12 18:17 -------- d-----w- c:\users\Annaïck\AppData\Local\{BA3490E3-20F0-4C8D-83A6-313BFEBDE82A} 2013-01-11 14:49 . 2013-01-11 14:49 -------- d-----w- c:\users\Annaïck\AppData\Local\{F843EA05-C84C-4E21-B267-41EC730B51E5} 2013-01-10 14:01 . 2013-01-10 14:01 -------- d-----w- c:\users\Annaïck\AppData\Local\{DC6CC1D4-4AE9-4F28-9F6D-811A06AF1CDA} 2013-01-09 19:26 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 19:25 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 19:25 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-17 00:28 . 2009-10-03 14:44 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-09 20:03 . 2012-11-28 22:02 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 20:03 . 2011-11-06 12:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 13:12 . 2012-12-21 16:08 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-21 16:08 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49 . 2012-01-13 23:45 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-14 03:52 . 2012-10-14 17:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-14 03:52 . 2010-10-19 17:50 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-14 02:09 . 2012-12-13 23:18 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58 . 2012-12-13 23:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 23:18 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49 . 2012-12-13 23:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 23:18 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44 . 2012-12-13 23:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 01:29 . 2012-12-12 16:53 2048 ----a-w- c:\windows\system32\tzres.dll 2013-01-20 00:42 . 2012-01-14 18:45 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Facebook Update"="c:\users\Annaïck\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] "MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Actualizar la licencia de ESET.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [N/A] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-9 525640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^Annaïck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-06-16 07:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-02-26 13:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-05-12 13:10 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2008-06-11 20:17 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2009-04-03 19:23 3558648 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-04 17:14 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 20:03] . 2013-02-08 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 13:03] . 2013-02-07 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-04-07 17:40] . 2013-02-07 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-07-16 15:02] . 2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 14:48] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 14:48] . 2013-01-11 c:\windows\Tasks\HPCeeScheduleForAnnaïck.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-07-26 13:14] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.131 195.130.131.131 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab FF - ProfilePath - c:\users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=115845&tt=4512_2&babsrc=HP_ss&mntrId=68a5d85400000000000000234dd3ad49 FF - ExtSQL: 2013-01-13 21:11; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} FF - ExtSQL: 2013-01-13 21:22; toolbar@ask.com; c:\users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\extensions\toolbar@ask.com FF - ExtSQL: 2013-01-13 22:02; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi FF - ExtSQL: !HIDDEN! 2009-12-19 16:04; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - ExtSQL: !HIDDEN! 2012-11-11 21:39; statuswinks@StatusWinks; c:\users\Annaïck\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=68a5d85400000000000000234dd3ad49&q= FF - user.js: extensions.BabylonToolbar.id - 68a5d85400000000000000234dd3ad49 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15655 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.821:40 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe AddRemove-Searchqu Toolbar - c:\program files\Searchqu Toolbar\uninstall.exe AddRemove-FLV Player - c:\program files\FLVPlayer\Uninstall\Uninstall.exe AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-02-08 16:34 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2013-02-08 16:36:32 ComboFix-quarantined-files.txt 2013-02-08 15:36 . Pre-Run: 110.050.119.680 bytes beschikbaar Post-Run: 110.304.944.128 bytes beschikbaar . - - End Of File - - 5DD45BB9D93688ABE66177514851B5F3 - - - Updated - - - Even gecheckt en het is nu mogelijk om herstelpunten te maken en te verwijderen.. Dit mag ik nu doen?
  6. 2 objecten konden niet worden verwijderd: C:\Program Files\Free Offers from Freeze.com C:\Program Files\Free Offers from Freeze.com\control.txt Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 7/02/2013 19:46:03 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 7/02/2013 19:47:12 C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk Ontdekt: Trace.File.RansomReveton (A) C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares Ontdekt: Trace.File.Ares (A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares Ontdekt: Trace.File.Ares 5.0 (A) C:\Program Files\Free Offers from Freeze.com\ Ontdekt: Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com Ontdekt: Trace.File.Freeze (A) C:\Program Files\Ares\data\ChanListFilter.txt Ontdekt: Trace.File.Ares (A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Ares.lnk Ontdekt: Trace.File.Ares 5.0 (A) C:\Program Files\Free Offers from Freeze.com\control.txt Ontdekt: Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\dolphinico.ico Ontdekt: Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico Ontdekt: Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\whalesico.ico Ontdekt: Trace.File.Freeze (A) Value: HKEY_CLASSES_ROOT\ARLNK -> URL Protocol Ontdekt: Trace.Registry.Ares Galaxy P2P Plus (A) Value: hkey_users\s-1-5-21-4214379145-256237986-2173896754-1000\software\microsoft\windows\currentversion\run -> ares Ontdekt: Trace.Registry.Ares (A) C:\Program Files\Free Offers from Freeze.com\16676.url Ontdekt: Adware.Win32.Freeze (A) C:\Program Files\Free Offers from Freeze.com\16700.url Ontdekt: Adware.Win32.Freeze (A) C:\Program Files\Free Offers from Freeze.com\16714.url Ontdekt: Adware.Win32.Freeze (A) C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\Weight1[2].pdf -> (INFECTED_JS) Ontdekt: PDF:Exploit.PDF-JS.UV ( Gescand 539230 Gevonden 17 Scan geëindigd: 7/02/2013 21:32:27 Scantijd: 1:45:15 C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\Weight1[2].pdf -> (INFECTED_JS) Verwijderd PDF:Exploit.PDF-JS.UV ( C:\Program Files\Free Offers from Freeze.com\16676.url Verwijderd Adware.Win32.Freeze (A) C:\Program Files\Free Offers from Freeze.com\16700.url Verwijderd Adware.Win32.Freeze (A) C:\Program Files\Free Offers from Freeze.com\16714.url Verwijderd Adware.Win32.Freeze (A) Value: hkey_users\s-1-5-21-4214379145-256237986-2173896754-1000\software\microsoft\windows\currentversion\run -> ares Verwijderd Trace.Registry.Ares (A) Value: HKEY_CLASSES_ROOT\ARLNK -> URL Protocol Verwijderd Trace.Registry.Ares Galaxy P2P Plus (A) C:\Program Files\Free Offers from Freeze.com\ Verwijderd Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\dolphinico.ico Verwijderd Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico Verwijderd Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\whalesico.ico Verwijderd Trace.File.Freeze (A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares Verwijderd Trace.File.Ares 5.0 (A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Ares.lnk Verwijderd Trace.File.Ares 5.0 (A) C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares Verwijderd Trace.File.Ares (A) C:\Program Files\Ares\data\ChanListFilter.txt Verwijderd Trace.File.Ares (A) C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk Verwijderd Trace.File.RansomReveton (A) Verwijderd 15
  7. Kan ze ng altijd niet tegelijk aanvinken, bij de reset weer hetzelfde bericht en bij het restore point krijg ik dit: Zoek.exe Version 4.0.0.1 Updated 07-February-2013 Tool run by Anna‹ck on do 07/02/2013 at 17:06:30,32. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== System Restore Info ====================== 7/02/2013 17:06:43 System Restore is disabled. ==== System Restore Info ====================== 7/02/2013 17:07:05 Zoek.exe System Restore Point Created Succesfully. (Bij configuratiescherm zijn herstelpunten ng steeds uitgeschakeld door groepsbeleid)
  8. Bij de reset kreeg ik de melding: "Probably you misinterpreted your helpers instructions." System restore point ging wel.
  9. Hey, kan de laptop nu terug gewoon gebruikt worden? Ik was ook van plan om avast te verwijderen en er een andere gratis antivirus op te zetten want deze was maar een one year trial en das op zn eind. Enige tips misschien of welke goed is? Ik gebruik AVG op die van mij en ben er content van dus dacht deze ook hierop te installeren..
  10. Kan nog steeds geen herstelpunten verwijderen.. "de configuratie is uitgeschakeld door groepsbeleid" Voor de rest lijkt alles prima te werken.
  11. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38 Run by Annaïck at 16:10:55 on 2013-02-05 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1565 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Ares\Ares.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\MyTomTom 3\MyTomTomSA.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - c:\program files\smiley bar for facebook\ScriptHost.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ares] "c:\program files\ares\Ares.exe" -h uRun: [Epson Stylus SX510W(Netwerk)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_S1ED6.tmp" /EF "HKCU" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Facebook Update] "c:\users\annaïck\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk - c:\windows\system32\rundll32.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\actual~1.lnk - c:\program files\eset\minodlogin\MiNODLogin.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab TCP: NameServer = 195.130.130.131 195.130.131.131 TCP: Interfaces\{2EC13A7D-2F24-434B-BE9D-FD6E7418AE04} : DHCPNameServer = 195.130.130.131 195.130.131.131 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\annaïck\appdata\roaming\mozilla\firefox\profiles\0jooq1dn.default\ . ============= SERVICES / DRIVERS =============== . R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-28 20624] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-3 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-3 361032] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-3 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-3 58680] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-3 44808] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-26 361808] R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-6-25 185640] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-26 193840] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-16 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-20 19968] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2013-02-05 14:06:55 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1787c517-4fc1-44d9-aaa0-41b3b790dcfa}\offreg.dll 2013-02-05 13:49:00 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1787c517-4fc1-44d9-aaa0-41b3b790dcfa}\mpengine.dll 2013-02-04 15:28:06 -------- d-sh--w- C:\$RECYCLE.BIN 2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Temp 2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Microsoft 2013-01-20 00:42:05 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-01-20 00:42:01 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-01-20 00:41:59 193168 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2013-01-20 00:41:59 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2013-01-20 00:41:58 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2013-01-20 00:41:58 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2013-01-20 00:41:55 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2013-01-20 00:41:55 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2013-01-09 19:26:15 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 19:25:37 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 19:25:31 1400832 ----a-w- c:\windows\system32\msxml6.dll . ==================== Find3M ==================== . 2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-09 20:03:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 20:03:32 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-14 03:52:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-14 03:52:14 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll . ============= FINISH: 16:12:02,39 ===============
  12. ja heb het als admin uitgevoerd maar krijg weer hetzelfde :s
  13. Had idd een snelkoppeling op het bureaublad staan.. heb deze dan gewist en zoek.exe van de map downloads naar het bureaublad gesleept, heb de laatste fix opnieuw gedaan maar ik krijg weer hetzelfde log..
  14. Zoek.exe Version 4.0.0.1 Updated 04-February-2013 Tool run by Anna‹ck on ma 04/02/2013 at 19:59:57,85. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 "DATAMNGR"=- "ApnUpdater"=- - - - Updated - - - Mss ook even bij vermelden dat ik de melding krijg dat zoek.exe mogelijk niet goed is geïnstalleerd..
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.