EightFourSix

Ok, dat is gelukt! Verder nog iets? Mag die Emisoft emergency kit en CCleaner gebruikt blijven worden om regelmatig de pc te scannen?

Ccleaner heb ik gedaan.. Bij combofix verwijderen krijg ik het bericht: "Kan het bestand Combofix niet vinden. Controleer of u de naam juist hebt ingevoerd."

Nee precies niet.. Kzou alleen nog een andere antivirus willen installeren.. En wat moet er gebeuren met de programma's zoals zoek, combofix, dds...?

Zoek.exe Version 4.0.0.1 Updated 08-February-2013 Tool run by Annaïck on vr 08/02/2013 at 16:58:03,21. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\prefs.js: user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=115845&tt=4512_2&babsrc=HP_ss&mntrId=68a5d85400000000000000234dd3ad49"); user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://search.conduit.com/?ctid=CT2776682&SearchSource=13"); user_pref("browser.search.defaulturl", ""); user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="); user_pref("browser.newtab.url", "http://search.babylon.com/?affID=115845&tt=4512_2&babsrc=NT_ss&mntrId=68a5d85400000000000000234dd3ad49"); user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Ask.com"); user_pref("extensions.asktb.ff-original-keyword-url", ""); user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"); Added to C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\prefs.js: ==== Firefox Extensions ====================== ProfilePath: C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default - Undetermined - C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF - Conduit Engine - %ProfilePath%\extensions\engine@conduit.com - <Description><em:locale>ru-<em:locale>Ask Toolbar<em:description> <em:description><Description> - %ProfilePath%\extensions\toolbar@ask.com - Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} - BrotherSoft Extreme Community Toolbar - %ProfilePath%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} - Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - <?xml version=1.0?><RDF xmlns=http:PC Helpforum - Gratis hulp bij computer problemen xmlns:em=http:www.mozilla.org2004em-rdf><Description about=urn:mozilla:install-manifest><em:id>xpiral@gmail.com<em:id>Ver Pelis<em:version>3.1<em:version><em:description>Permite ver videos online alojados en diferentes servidores a travs de Ver-Pelis.net<em:description><em:creator>Ver Pelis<em:creator><em:homepageURL>http:www.ver-pelis.net<em:homepageURL><em:targetApplication><Description><em:id>ec8030f7-c20a-464f-9b0e-13a3a9e97384<em:id><em:minVersion>2.0<em:minVersion><em:maxVersion>20.<em:maxVersion><Description><em:targetApplication><Description><RDF> - %ProfilePath%\extensions\xpiral@gmail.com.xpi - Undetermined - %ProfilePath%\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi - SweetPacks Toolbar for Firefox - %ProfilePath%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - shARES Toolbar - %AppDir%\extensions\{9c905b42-976e-43c1-bc30-fc5937017909} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - Undetermined - %AppDir%\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} ==== Firefox Plugins ======================

ComboFix 13-02-07.02 - Annaïck 08/02/2013 16:23:42.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1648 [GMT 1:00] Gestart vanuit: c:\users\Anna´ck\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\ESET\MiNODLogin c:\program files\ESET\MiNODLogin\MiNODLogin.jar c:\program files\ESET\MiNODLogin\servidores.xml c:\program files\Smiley Bar for Facebook\ScRIpthost.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2013-01-08 to 2013-02-08 )))))))))))))))))))))))))))))) . . 2013-02-08 15:34 . 2013-02-08 15:34 -------- d-----w- c:\users\Gast\AppData\Local\temp 2013-02-08 15:34 . 2013-02-08 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 15:15 . 2013-02-08 15:15 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E884D55-D7D7-4E1B-9405-DD0920526B5A}\offreg.dll 2013-02-08 09:08 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E884D55-D7D7-4E1B-9405-DD0920526B5A}\mpengine.dll 2013-02-07 09:36 . 2013-02-07 09:37 -------- d-----w- c:\users\Annaïck\AppData\Local\{763A878E-F84A-4CB4-A2A7-087A71571CA2} 2013-02-06 11:14 . 2013-02-06 11:14 -------- d-----w- c:\users\Annaïck\AppData\Local\{AEDEA490-6E3A-409B-A50C-822ABBA3D580} 2013-02-05 13:42 . 2013-02-05 13:42 -------- d-----w- c:\users\Annaïck\AppData\Local\{EC09933C-656D-4B65-A4D7-1F7551CD1E15} 2013-02-04 15:22 . 2013-02-08 15:34 -------- d-----w- c:\users\Annaïck\AppData\Local\Temp 2013-02-04 15:22 . 2013-02-04 15:22 -------- d-----w- c:\users\Anna´ck 2013-02-04 11:52 . 2013-02-04 11:52 -------- d-----w- c:\users\Annaïck\AppData\Local\{DB79D774-AC7B-45DB-9174-3C126B368D76} 2013-02-03 13:20 . 2013-02-03 13:20 -------- d-----w- c:\users\Annaïck\AppData\Local\{C8CEBBEB-565A-4ED0-9647-47EA938376A4} 2013-01-31 19:24 . 2013-01-31 19:24 -------- d-----w- c:\users\Annaïck\AppData\Local\{14DA63E1-C7F7-4B26-A323-49D1004A385E} 2013-01-30 00:53 . 2013-01-30 00:53 -------- d-----w- c:\users\Annaïck\AppData\Local\{7FD168C3-A5D3-45BE-808F-11FBAF462EF2} 2013-01-28 15:43 . 2013-01-28 15:43 -------- d-----w- c:\users\Annaïck\AppData\Local\{99762EC7-FCA7-4A9F-8050-C27F7F996EE0} 2013-01-27 22:50 . 2013-01-27 22:50 -------- d-----w- c:\users\Annaïck\AppData\Local\{1C3C1F70-2019-4D94-9F8F-5BB18A3354A6} 2013-01-24 23:03 . 2013-01-24 23:03 -------- d-----w- c:\users\Annaïck\AppData\Local\{36E8A72D-80DC-4F65-9AB9-D8BEDADE6590} 2013-01-23 09:41 . 2013-01-23 09:42 -------- d-----w- c:\users\Annaïck\AppData\Local\{E201D2E9-4A9E-4CB0-A41F-2B05AFB0933D} 2013-01-20 17:54 . 2013-01-20 17:54 -------- d-----w- c:\users\Annaïck\AppData\Local\{6686B29C-B4D9-4F3A-971A-591DC4E68627} 2013-01-20 00:42 . 2013-01-20 00:42 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-01-20 00:42 . 2013-01-20 00:42 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2013-01-20 00:41 . 2013-01-20 00:41 193168 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2013-01-20 00:41 . 2013-01-20 00:41 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2013-01-20 00:41 . 2013-01-20 00:41 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2013-01-20 00:41 . 2013-01-20 00:41 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2013-01-20 00:41 . 2013-01-20 00:41 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2013-01-20 00:41 . 2013-01-20 00:41 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2013-01-18 23:08 . 2013-01-18 23:08 -------- d-----w- c:\users\Annaïck\AppData\Local\{D3E33869-FAE2-4B66-8D88-9B2BD35AB04B} 2013-01-17 23:35 . 2013-01-17 23:35 -------- d-----w- c:\users\Annaïck\AppData\Local\{6D119DDF-F5BB-4FEE-9F70-72517F427398} 2013-01-15 20:12 . 2013-01-15 20:12 -------- d-----w- c:\users\Annaïck\AppData\Local\{FE427EFB-FADD-41BD-853D-505A092C7E15} 2013-01-14 11:08 . 2013-01-14 11:08 -------- d-----w- c:\users\Annaïck\AppData\Local\{80224204-2E1D-4241-B534-8062AF83601A} 2013-01-13 20:22 . 2013-01-13 20:22 -------- d-----w- c:\users\Annaïck\AppData\Local\APN 2013-01-13 20:05 . 2013-01-13 20:05 -------- d-----w- c:\users\Annaïck\AppData\Local\{55F50B09-8D2B-433D-8513-5D69BDEFC2D8} 2013-01-12 18:17 . 2013-01-12 18:17 -------- d-----w- c:\users\Annaïck\AppData\Local\{BA3490E3-20F0-4C8D-83A6-313BFEBDE82A} 2013-01-11 14:49 . 2013-01-11 14:49 -------- d-----w- c:\users\Annaïck\AppData\Local\{F843EA05-C84C-4E21-B267-41EC730B51E5} 2013-01-10 14:01 . 2013-01-10 14:01 -------- d-----w- c:\users\Annaïck\AppData\Local\{DC6CC1D4-4AE9-4F28-9F6D-811A06AF1CDA} 2013-01-09 19:26 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 19:25 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 19:25 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-17 00:28 . 2009-10-03 14:44 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-09 20:03 . 2012-11-28 22:02 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 20:03 . 2011-11-06 12:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 13:12 . 2012-12-21 16:08 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-21 16:08 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49 . 2012-01-13 23:45 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-14 03:52 . 2012-10-14 17:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-14 03:52 . 2010-10-19 17:50 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-14 02:09 . 2012-12-13 23:18 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58 . 2012-12-13 23:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 23:18 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49 . 2012-12-13 23:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 23:18 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44 . 2012-12-13 23:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 01:29 . 2012-12-12 16:53 2048 ----a-w- c:\windows\system32\tzres.dll 2013-01-20 00:42 . 2012-01-14 18:45 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Facebook Update"="c:\users\Annaïck\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] "MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Actualizar la licencia de ESET.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [N/A] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-9 525640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Users^Annaïck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] 2008-06-16 07:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-02-26 13:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-05-12 13:10 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2008-06-11 20:17 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2009-04-03 19:23 3558648 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-04 17:14 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 20:03] . 2013-02-08 c:\windows\Tasks\Epson Printer Software Downloader.job - c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 13:03] . 2013-02-07 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-04-07 17:40] . 2013-02-07 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2009-07-16 15:02] . 2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 14:48] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 14:48] . 2013-01-11 c:\windows\Tasks\HPCeeScheduleForAnnaïck.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-07-26 13:14] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.131 195.130.131.131 DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab FF - ProfilePath - c:\users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=115845&tt=4512_2&babsrc=HP_ss&mntrId=68a5d85400000000000000234dd3ad49 FF - ExtSQL: 2013-01-13 21:11; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} FF - ExtSQL: 2013-01-13 21:22; toolbar@ask.com; c:\users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\extensions\toolbar@ask.com FF - ExtSQL: 2013-01-13 22:02; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi FF - ExtSQL: !HIDDEN! 2009-12-19 16:04; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} FF - ExtSQL: !HIDDEN! 2012-11-11 21:39; statuswinks@StatusWinks; c:\users\Annaïck\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=68a5d85400000000000000234dd3ad49&q= FF - user.js: extensions.BabylonToolbar.id - 68a5d85400000000000000234dd3ad49 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15655 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.821:40 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe AddRemove-Searchqu Toolbar - c:\program files\Searchqu Toolbar\uninstall.exe AddRemove-FLV Player - c:\program files\FLVPlayer\Uninstall\Uninstall.exe AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-02-08 16:34 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2013-02-08 16:36:32 ComboFix-quarantined-files.txt 2013-02-08 15:36 . Pre-Run: 110.050.119.680 bytes beschikbaar Post-Run: 110.304.944.128 bytes beschikbaar . - - End Of File - - 5DD45BB9D93688ABE66177514851B5F3 - - - Updated - - - Even gecheckt en het is nu mogelijk om herstelpunten te maken en te verwijderen.. Dit mag ik nu doen?

2 objecten konden niet worden verwijderd: C:\Program Files\Free Offers from Freeze.com C:\Program Files\Free Offers from Freeze.com\control.txt Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 7/02/2013 19:46:03 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 7/02/2013 19:47:12 C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk Ontdekt: Trace.File.RansomReveton (A) C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares Ontdekt: Trace.File.Ares (A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares Ontdekt: Trace.File.Ares 5.0 (A) C:\Program Files\Free Offers from Freeze.com\ Ontdekt: Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com Ontdekt: Trace.File.Freeze (A) C:\Program Files\Ares\data\ChanListFilter.txt Ontdekt: Trace.File.Ares (A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Ares.lnk Ontdekt: Trace.File.Ares 5.0 (A) C:\Program Files\Free Offers from Freeze.com\control.txt Ontdekt: Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\dolphinico.ico Ontdekt: Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico Ontdekt: Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\whalesico.ico Ontdekt: Trace.File.Freeze (A) Value: HKEY_CLASSES_ROOT\ARLNK -> URL Protocol Ontdekt: Trace.Registry.Ares Galaxy P2P Plus (A) Value: hkey_users\s-1-5-21-4214379145-256237986-2173896754-1000\software\microsoft\windows\currentversion\run -> ares Ontdekt: Trace.Registry.Ares (A) C:\Program Files\Free Offers from Freeze.com\16676.url Ontdekt: Adware.Win32.Freeze (A) C:\Program Files\Free Offers from Freeze.com\16700.url Ontdekt: Adware.Win32.Freeze (A) C:\Program Files\Free Offers from Freeze.com\16714.url Ontdekt: Adware.Win32.Freeze (A) C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\Weight1[2].pdf -> (INFECTED_JS) Ontdekt: PDF:Exploit.PDF-JS.UV ( Gescand 539230 Gevonden 17 Scan geëindigd: 7/02/2013 21:32:27 Scantijd: 1:45:15 C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\Weight1[2].pdf -> (INFECTED_JS) Verwijderd PDF:Exploit.PDF-JS.UV ( C:\Program Files\Free Offers from Freeze.com\16676.url Verwijderd Adware.Win32.Freeze (A) C:\Program Files\Free Offers from Freeze.com\16700.url Verwijderd Adware.Win32.Freeze (A) C:\Program Files\Free Offers from Freeze.com\16714.url Verwijderd Adware.Win32.Freeze (A) Value: hkey_users\s-1-5-21-4214379145-256237986-2173896754-1000\software\microsoft\windows\currentversion\run -> ares Verwijderd Trace.Registry.Ares (A) Value: HKEY_CLASSES_ROOT\ARLNK -> URL Protocol Verwijderd Trace.Registry.Ares Galaxy P2P Plus (A) C:\Program Files\Free Offers from Freeze.com\ Verwijderd Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\dolphinico.ico Verwijderd Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico Verwijderd Trace.File.Freeze (A) C:\Program Files\Free Offers from Freeze.com\whalesico.ico Verwijderd Trace.File.Freeze (A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares Verwijderd Trace.File.Ares 5.0 (A) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Ares.lnk Verwijderd Trace.File.Ares 5.0 (A) C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares Verwijderd Trace.File.Ares (A) C:\Program Files\Ares\data\ChanListFilter.txt Verwijderd Trace.File.Ares (A) C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk Verwijderd Trace.File.RansomReveton (A) Verwijderd 15

Kan ze ng altijd niet tegelijk aanvinken, bij de reset weer hetzelfde bericht en bij het restore point krijg ik dit: Zoek.exe Version 4.0.0.1 Updated 07-February-2013 Tool run by Anna‹ck on do 07/02/2013 at 17:06:30,32. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== System Restore Info ====================== 7/02/2013 17:06:43 System Restore is disabled. ==== System Restore Info ====================== 7/02/2013 17:07:05 Zoek.exe System Restore Point Created Succesfully. (Bij configuratiescherm zijn herstelpunten ng steeds uitgeschakeld door groepsbeleid)

Bij de reset kreeg ik de melding: "Probably you misinterpreted your helpers instructions." System restore point ging wel.

kan ze niet allebei tegelijk aanvinken..

Hey, kan de laptop nu terug gewoon gebruikt worden? Ik was ook van plan om avast te verwijderen en er een andere gratis antivirus op te zetten want deze was maar een one year trial en das op zn eind. Enige tips misschien of welke goed is? Ik gebruik AVG op die van mij en ben er content van dus dacht deze ook hierop te installeren..

Kan nog steeds geen herstelpunten verwijderen.. "de configuratie is uitgeschakeld door groepsbeleid" Voor de rest lijkt alles prima te werken.

DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38 Run by Annaïck at 16:10:55 on 2013-02-05 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1565 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Ares\Ares.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE C:\Windows\ehome\ehtray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\MyTomTom 3\MyTomTomSA.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - c:\program files\smiley bar for facebook\ScriptHost.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ares] "c:\program files\ares\Ares.exe" -h uRun: [Epson Stylus SX510W(Netwerk)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_S1ED6.tmp" /EF "HKCU" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Facebook Update] "c:\users\annaïck\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk - c:\windows\system32\rundll32.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\actual~1.lnk - c:\program files\eset\minodlogin\MiNODLogin.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab TCP: NameServer = 195.130.130.131 195.130.131.131 TCP: Interfaces\{2EC13A7D-2F24-434B-BE9D-FD6E7418AE04} : DHCPNameServer = 195.130.130.131 195.130.131.131 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\annaïck\appdata\roaming\mozilla\firefox\profiles\0jooq1dn.default\ . ============= SERVICES / DRIVERS =============== . R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-28 20624] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-3 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-3 361032] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-3 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-3 58680] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-3 44808] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-26 361808] R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-6-25 185640] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-26 193840] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-16 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-20 19968] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2013-02-05 14:06:55 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1787c517-4fc1-44d9-aaa0-41b3b790dcfa}\offreg.dll 2013-02-05 13:49:00 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1787c517-4fc1-44d9-aaa0-41b3b790dcfa}\mpengine.dll 2013-02-04 15:28:06 -------- d-sh--w- C:\$RECYCLE.BIN 2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Temp 2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Microsoft 2013-01-20 00:42:05 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-01-20 00:42:01 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-01-20 00:41:59 193168 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2013-01-20 00:41:59 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2013-01-20 00:41:58 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2013-01-20 00:41:58 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2013-01-20 00:41:55 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2013-01-20 00:41:55 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2013-01-09 19:26:15 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 19:25:37 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 19:25:31 1400832 ----a-w- c:\windows\system32\msxml6.dll . ==================== Find3M ==================== . 2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-09 20:03:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 20:03:32 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-14 03:52:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-14 03:52:14 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll . ============= FINISH: 16:12:02,39 ===============

ja heb het als admin uitgevoerd maar krijg weer hetzelfde :s

Had idd een snelkoppeling op het bureaublad staan.. heb deze dan gewist en zoek.exe van de map downloads naar het bureaublad gesleept, heb de laatste fix opnieuw gedaan maar ik krijg weer hetzelfde log..

Zoek.exe Version 4.0.0.1 Updated 04-February-2013 Tool run by Anna‹ck on ma 04/02/2013 at 19:59:57,85. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 "DATAMNGR"=- "ApnUpdater"=- - - - Updated - - - Mss ook even bij vermelden dat ik de melding krijg dat zoek.exe mogelijk niet goed is geïnstalleerd..

Hoi, 2 probleempjes.. Net zoals vorige keer kan ik geen herstelpunten verwijderen of maken.. Ik kan ze niet aanvinken en onderaan staat: "het maken van herstelpunten is uitgeschakeld in groepsbeleid". Het 2e probleem is bij die emisoft kit, na het openen van start.exe krijg ik de menu maar bovenaan staat: "run from usb stick" en kan ik niks aanklikken..

Alles ziet er ok uit.. Is er verder nog iets wat ik moet doen of waar ik op moet letten?

DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38 Run by Annaïck at 16:58:11 on 2013-02-04 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.977 [GMT 1:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Ares\Ares.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE C:\Windows\ehome\ehtray.exe C:\Program Files\MyTomTom 3\MyTomTomSA.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\lpremove.exe C:\Windows\system32\lpksetup.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - c:\program files\smiley bar for facebook\ScriptHost.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ares] "c:\program files\ares\Ares.exe" -h uRun: [Epson Stylus SX510W(Netwerk)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_S1ED6.tmp" /EF "HKCU" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Facebook Update] "c:\users\annaïck\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk - c:\windows\system32\rundll32.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\actual~1.lnk - c:\program files\eset\minodlogin\MiNODLogin.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab TCP: NameServer = 195.130.130.131 195.130.131.131 TCP: Interfaces\{2EC13A7D-2F24-434B-BE9D-FD6E7418AE04} : DHCPNameServer = 195.130.130.131 195.130.131.131 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\annaïck\appdata\roaming\mozilla\firefox\profiles\0jooq1dn.default\ . ============= SERVICES / DRIVERS =============== . R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-28 20624] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-3 738504] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-3 361032] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-3 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-3 58680] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-3 44808] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-26 361808] R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-6-25 185640] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-26 193840] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-16 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352] S3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-20 19968] . =============== Created Last 30 ================ . 2013-02-04 15:28:06 -------- d-sh--w- C:\$RECYCLE.BIN 2013-02-04 15:22:41 24064 ----a-w- c:\windows\zoek-delete.exe 2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Temp 2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Microsoft 2013-02-04 12:00:19 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1611a83f-6b0e-4797-a4b6-447054d8cf8e}\mpengine.dll 2013-01-20 00:42:05 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-01-20 00:42:01 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-01-20 00:41:59 193168 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2013-01-20 00:41:59 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2013-01-20 00:41:58 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2013-01-20 00:41:58 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2013-01-20 00:41:55 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2013-01-20 00:41:55 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2013-01-09 19:26:15 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 19:25:37 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 19:25:31 1400832 ----a-w- c:\windows\system32\msxml6.dll . ==================== Find3M ==================== . 2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-09 20:03:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 20:03:32 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-14 03:52:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-14 03:52:14 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll . ============= FINISH: 17:05:19,08 ===============

Euhm, sinds de eerste restart na zoek.exe zit ik terug in de gewone modus en het is niet meer geblokkeerd dus.. Alles blijkt normaal te werken..

Zoek.exe Version 4.0.0.1 Updated 04-February-2013 Tool run by Anna‹ck on ma 04/02/2013 at 16:10:47,97. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\conime.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Ares\Ares.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE C:\Windows\ehome\ehtray.exe C:\Program Files\MyTomTom 3\MyTomTomSA.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\taskeng.exe C:\Users\Annaïck\Downloads\zoek.exe C:\Users\ANNACK~1\AppData\Local\Temp\RarSFX1\zoek.com C:\Windows\system32\wbem\wmiprvse.exe ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 hijackthis [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- ==== Deleting Files \ Folders ====================== "C:\Users\Annaïck\AppData\Roaming\Babylon" not found "C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk" not found "C:\Users\Annaïck\AppData\Local\Ilivid Player" not found "C:\Users\Annaïck\AppData\Local\APN" not found "C:\Users\Annaïck\AppData\Local\Conduit" not found "C:\Users\Annaïck\AppData\LocalLow\AskToolbar" not found "C:\Users\Annaïck\AppData\LocalLow\facemoods.com" not found "C:\Users\Annaïck\AppData\LocalLow\BabylonToolbar" not found "C:\Users\Annaïck\AppData\LocalLow\DataMngr" not found "C:\Users\Annaïck\AppData\LocalLow\searchqutoolbar" not found "C:\Users\Annaïck\AppData\LocalLow\Conduit" not found "C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences" not found "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted "C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml" deleted "C:\ProgramData\0tbpw.pad" deleted "C:\ProgramData\ism_0_llatsni.pad" deleted "C:\Program Files\Ask.com\Updater\Updater.exe" deleted "C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe" deleted "C:\Program Files\BabylonToolbar" deleted "C:\Program Files\Ask.com" deleted "C:\Program Files\Searchqu Toolbar" not deleted "C:\ProgramData\Ask" deleted "C:\ProgramData\boost_interprocess" deleted "C:\ProgramData\Babylon" deleted "C:\Program Files\Ask.com\Updater" deleted "C:\Program Files\Searchqu Toolbar\Datamngr" not deleted ==== System Specs ====================== Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002) Internet Explorer: 9.0.8112.16421 Memory (RAM): 3003 MB CPU Info: Intel® Pentium® Dual CPU T3200 @ 2.00GHz CPU Speed: 1374,4 MHz Sound Card: Luidsprekers (Conexant High Def | Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Atheros AR5007 802.11b/g WiFi Adapter | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0) CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-7561S Ports: COM3 LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 223,5GB | D: 9,4GB Hard Disks - Free: C: 100,4GB | D: 1,7GB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 10/01/08 | HPQOEM - 1 Time Zone: Romance (standaardtijd) Motherboard *: Wistron 360C Sun Java version: 1.6.0_38 Country: Belgi‰ Language: NLB ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ANNACK~1\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-01-20 00:42:05 -------- d-----w- C:\Program Files\Mozilla Maintenance Service ======= C: ===== ====== C:\Users\Anna‹ck\AppData\Roaming ====== 2013-01-14 10:12:09 -------- d-----w- C:\users\Gast\AppData\Locallow\AskToolbar ====== C:\Users\Anna‹ck ====== 2013-01-20 00:42:05 -------- d-----w- C:\ProgramData\Mozilla ====== C: exe-files == 2013-02-01 00:54:27 52F4DB8858B265619B3AB0E95E737CA9 135168 ----a-w- C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\calc[1].exe === C: other files == 2013-02-03 13:33:28 4335D8DA53A3717E1C400AE1835ADAC7 12459888 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll 2013-02-01 17:51:55 F253012A5F20FC6EB1923346D9E9EB98 4537856 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll 2013-02-01 17:51:55 A532B0F927C7D00EAF26E9B53E15F6A2 100864 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "ares"="C:\Program Files\Ares\Ares.exe -h" "Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU C:\Windows\TEMP\E_S1ED6.tmp /EF HKCU" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Facebook Update"="C:\Users\Anna‹ck\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "EEventManager"="C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui" "DATAMNGR"="C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "ares"="C:\Program Files\Ares\Ares.exe -h" "Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU C:\Windows\TEMP\E_S1ED6.tmp /EF HKCU" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Facebook Update"="C:\Users\Anna‹ck\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ares" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehTray.exe" "hkey"="HKCU" "command"="C:\\Windows\\ehome\\ehTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Health Check Scheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Health Check Scheduler" "hkey"="HKLM" "command"="c:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LightScribe Control Panel" "hkey"="HKCU" "command"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QlbCtrl.exe" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QPService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QPService" "hkey"="HKLM" "command"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UCam_Menu" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\YouCam\" update \"Software\\CyberLink\\YouCam\\2.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VeohPlugin] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VeohPlugin" "hkey"="HKCU" "command"="\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Defender" "hkey"="HKLM" "command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WindowsWelcomeCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WindowsWelcomeCenter" "hkey"="HKCU" "command"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Anna‹ck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MICROS~3\\Office12\\ONENOTEM.EXE /tsr" "item"="OneNote 2007 Schermopname en Snel starten" ==== Startup Folders ====================== 2012-10-23 12:12:12 1115 ----a-w- C:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2009-07-15 23:23:30 965 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Actualizar la licencia de ESET.lnk 2009-12-19 15:05:32 1788 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/01/2013 21:03] C:\Windows\tasks\Epson Printer Software Downloader.job --a------ C:\Program Files\EPSON\EPAPDL\E_SAPDL2.exe [23/01/2009 14:03] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4214379145-256237986-2173896754-1000Core.job --a------ C:\Users\Annack\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4214379145-256237986-2173896754-1000UA.job --a------ C:\Users\Annack\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\Final Media Player Update Checker.job --a------ C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [02/09/2012 18:40] C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [10/01/2009 16:02] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2011 15:48] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2011 15:48] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - shARES Toolbar - %AppDir%\extensions\{9c905b42-976e-43c1-bc30-fc5937017909} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - Undetermined - %AppDir%\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Anna‹ck\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx[10/12/2012 19:28] hgojaaaiddhmiiakpejiklijbalpckih - C:\Users\Anna‹ck\AppData\Roaming\StatusWinks\statuswinks.crx[11/10/2012 10:27] icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30/10/2012 23:48] naipdapbimiiikbbgjcpbgmfhnlbagpj - C:\Users\ANNACK~1\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx[] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 14:13] Ver Pelis - Gast - Default\Extensions\ckchdgodndeffcmfjficoalklnbjhpfl What type of content does this site provide? - Gast - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda elgrancine - Gast - Default\Extensions\kbmiomhjamieefbjmklgeopckffcdfbn Cuevana Stream - Gast - Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg DivX Plus Web Player HTML5 \u003Cvideo\u003E - Gast - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.babylon.com/?affID=115845&tt=4512_2&babsrc=HP_ss&mntrId=68a5d85400000000000000234dd3ad49" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Presario&pf=cnnb" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Presario&pf=cnnb" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Presario&pf=cnnb" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {019955B4-74EC-4576-8B80-A6313EBB5D6F} Kelkoo Url="http://nb.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913938" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {A030D37F-874C-40E9-8B38-56929AD5001B} AOL Zoeken Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1547&query={searchTerms}&invocationType=tb50hpcnnbie7-nl-be" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_CLASSES_ROOT\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_CLASSES_ROOT\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj deleted successfully ==== HijackThis Entries ====================== O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe ==== Empty IE Cache ====================== C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Annaïck\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gast\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\users\Gast\AppData\Local\Mozilla\Firefox\Profiles\r83tkwgi.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ANNACK~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Program Files\Searchqu Toolbar" not found

Bedankt! Hier is het logje.. Zoek.exe Version 4.0.0.1 Updated 04-February-2013 Tool run by Anna‹ck on ma 04/02/2013 at 12:39:01,43. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Safe Mode NETWORK Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ANNACK~1\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-01-20 00:42:05 -------- d-----w- C:\Program Files\Mozilla Maintenance Service 2013-01-13 20:22:17 -------- d-----w- C:\Program Files\Ask.com ======= C: ===== ====== C:\Users\Anna‹ck\AppData\Roaming ====== 2013-01-14 10:12:09 -------- d-----w- C:\users\Gast\AppData\Locallow\AskToolbar ====== C:\Users\Anna‹ck ====== 2013-02-01 00:54:34 485F5A5029F594C9BF45D1D3D7FDD104 95023320 ----atw- C:\ProgramData\0tbpw.pad 2013-01-20 00:42:05 -------- d-----w- C:\ProgramData\Mozilla 2013-01-13 20:11:56 -------- d-----w- C:\ProgramData\Ask ====== C: exe-files == 2013-02-01 00:54:27 52F4DB8858B265619B3AB0E95E737CA9 135168 ----a-w- C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\calc[1].exe === C: other files == 2013-02-03 13:33:28 4335D8DA53A3717E1C400AE1835ADAC7 12459888 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll 2013-02-01 17:51:55 F253012A5F20FC6EB1923346D9E9EB98 4537856 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll 2013-02-01 17:51:55 A532B0F927C7D00EAF26E9B53E15F6A2 100864 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "ares"="C:\Program Files\Ares\Ares.exe -h" "Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU C:\Windows\TEMP\E_S1ED6.tmp /EF HKCU" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Facebook Update"="C:\Users\Anna‹ck\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" "EEventManager"="C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui" "DATAMNGR"="C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "ares"="C:\Program Files\Ares\Ares.exe -h" "Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU C:\Windows\TEMP\E_S1ED6.tmp /EF HKCU" "ehTray.exe"="C:\Windows\ehome\ehTray.exe" "Facebook Update"="C:\Users\Anna‹ck\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ares" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ehTray.exe" "hkey"="HKCU" "command"="C:\\Windows\\ehome\\ehTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Health Check Scheduler] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Health Check Scheduler" "hkey"="HKLM" "command"="c:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HP Software Update" "hkey"="HKLM" "command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LightScribe Control Panel" "hkey"="HKCU" "command"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QlbCtrl.exe" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QPService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QPService" "hkey"="HKLM" "command"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UCam_Menu" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\YouCam\" update \"Software\\CyberLink\\YouCam\\2.0\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VeohPlugin] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="VeohPlugin" "hkey"="HKCU" "command"="\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Windows Defender" "hkey"="HKLM" "command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WindowsWelcomeCenter] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WindowsWelcomeCenter" "hkey"="HKCU" "command"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Anna‹ck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk] "backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~1\\MICROS~3\\Office12\\ONENOTEM.EXE /tsr" "item"="OneNote 2007 Schermopname en Snel starten" ==== Startup Folders ====================== 2012-10-23 12:12:12 1115 ----a-w- C:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk 2009-07-15 23:23:30 965 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Actualizar la licencia de ESET.lnk 2009-12-19 15:05:32 1788 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/01/2013 21:03] C:\Windows\tasks\Epson Printer Software Downloader.job --a------ C:\Program Files\EPSON\EPAPDL\E_SAPDL2.exe [23/01/2009 14:03] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4214379145-256237986-2173896754-1000Core.job --a------ C:\Users\Annack\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4214379145-256237986-2173896754-1000UA.job --a------ C:\Users\Annack\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\Final Media Player Update Checker.job --a------ C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [02/09/2012 18:40] C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [10/01/2009 16:02] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2011 15:48] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2011 15:48] After Reboot

Hallo, het loopt nu al sinds gisteren.. Zo'n 20-tal uur.. Heb ng altijd hetzelfde scherm: "Zoek.exe is running now. please wait! this window will close when finished" Geduldig afwachten? Heb alle stappen correct gevolgd..

Hoi, heb zoek.exe vrijdag enkele uren laten werken maar er gebeurde niks, heb het dan maar afgesloten omdat ik ging slapen en nu is de vraag: is het normaal dat het zo lang duurt? Moet ik het nog eens laten lopen of is er ergens een probleem?

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:59:35, on 1/02/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Annaïck\Downloads\HijackThis (3).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Epson Stylus SX510W(Netwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_S1ED6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Annaïck\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files\MyTomTom 3\MyTomTomSA.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: runctf.lnk = C:\Windows\System32\rundll32.exe O4 - Global Startup: Actualizar la licencia de ESET.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11873 bytes

Hey, mn zus heeft voor de 2e keer het politievirus.. Kzit nu in de veilige modus maar vind hijackthis niet.. Opnieuw downloaden of wat moet ik doen? Alvast bedankt! grts fabian