EightFourSix
-
Items
31 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door EightFourSix
-
-
Ccleaner heb ik gedaan.. Bij combofix verwijderen krijg ik het bericht: "Kan het bestand Combofix niet vinden. Controleer of u de naam juist hebt ingevoerd."
-
Nee precies niet.. Kzou alleen nog een andere antivirus willen installeren.. En wat moet er gebeuren met de programma's zoals zoek, combofix, dds...?
-
Zoek.exe Version 4.0.0.1 Updated 08-February-2013
Tool run by Annaïck on vr 08/02/2013 at 16:58:03,21.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
Deleted from C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\prefs.js:
user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=115845&tt=4512_2&babsrc=HP_ss&mntrId=68a5d85400000000000000234dd3ad49");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://search.conduit.com/?ctid=CT2776682&SearchSource=13");
user_pref("browser.search.defaulturl", "");
user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
user_pref("browser.newtab.url", "http://search.babylon.com/?affID=115845&tt=4512_2&babsrc=NT_ss&mntrId=68a5d85400000000000000234dd3ad49");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties");
Added to C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\prefs.js:
==== Firefox Extensions ======================
ProfilePath: C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default
- Undetermined - C:\Users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
- avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Conduit Engine - %ProfilePath%\extensions\engine@conduit.com
- <Description><em:locale>ru-<em:locale>Ask Toolbar<em:description> <em:description><Description> - %ProfilePath%\extensions\toolbar@ask.com
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- BrotherSoft Extreme Community Toolbar - %ProfilePath%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
- Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
- <?xml version=1.0?><RDF xmlns=http:PC Helpforum - Gratis hulp bij computer problemen xmlns:em=http:www.mozilla.org2004em-rdf><Description about=urn:mozilla:install-manifest><em:id>xpiral@gmail.com<em:id>Ver Pelis<em:version>3.1<em:version><em:description>Permite ver videos online alojados en diferentes servidores a travs de Ver-Pelis.net<em:description><em:creator>Ver Pelis<em:creator><em:homepageURL>http:www.ver-pelis.net<em:homepageURL><em:targetApplication><Description><em:id>ec8030f7-c20a-464f-9b0e-13a3a9e97384<em:id><em:minVersion>2.0<em:minVersion><em:maxVersion>20.<em:maxVersion><Description><em:targetApplication><Description><RDF> - %ProfilePath%\extensions\xpiral@gmail.com.xpi
- Undetermined - %ProfilePath%\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- SweetPacks Toolbar for Firefox - %ProfilePath%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- shARES Toolbar - %AppDir%\extensions\{9c905b42-976e-43c1-bc30-fc5937017909}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
- Undetermined - %AppDir%\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
==== Firefox Plugins ======================
-
ComboFix 13-02-07.02 - Annaïck 08/02/2013 16:23:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1648 [GMT 1:00]
Gestart vanuit: c:\users\Anna´ck\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET\MiNODLogin
c:\program files\ESET\MiNODLogin\MiNODLogin.jar
c:\program files\ESET\MiNODLogin\servidores.xml
c:\program files\Smiley Bar for Facebook\ScRIpthost.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-01-08 to 2013-02-08 ))))))))))))))))))))))))))))))
.
.
2013-02-08 15:34 . 2013-02-08 15:34 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-02-08 15:34 . 2013-02-08 15:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-08 15:15 . 2013-02-08 15:15 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E884D55-D7D7-4E1B-9405-DD0920526B5A}\offreg.dll
2013-02-08 09:08 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E884D55-D7D7-4E1B-9405-DD0920526B5A}\mpengine.dll
2013-02-07 09:36 . 2013-02-07 09:37 -------- d-----w- c:\users\Annaïck\AppData\Local\{763A878E-F84A-4CB4-A2A7-087A71571CA2}
2013-02-06 11:14 . 2013-02-06 11:14 -------- d-----w- c:\users\Annaïck\AppData\Local\{AEDEA490-6E3A-409B-A50C-822ABBA3D580}
2013-02-05 13:42 . 2013-02-05 13:42 -------- d-----w- c:\users\Annaïck\AppData\Local\{EC09933C-656D-4B65-A4D7-1F7551CD1E15}
2013-02-04 15:22 . 2013-02-08 15:34 -------- d-----w- c:\users\Annaïck\AppData\Local\Temp
2013-02-04 15:22 . 2013-02-04 15:22 -------- d-----w- c:\users\Anna´ck
2013-02-04 11:52 . 2013-02-04 11:52 -------- d-----w- c:\users\Annaïck\AppData\Local\{DB79D774-AC7B-45DB-9174-3C126B368D76}
2013-02-03 13:20 . 2013-02-03 13:20 -------- d-----w- c:\users\Annaïck\AppData\Local\{C8CEBBEB-565A-4ED0-9647-47EA938376A4}
2013-01-31 19:24 . 2013-01-31 19:24 -------- d-----w- c:\users\Annaïck\AppData\Local\{14DA63E1-C7F7-4B26-A323-49D1004A385E}
2013-01-30 00:53 . 2013-01-30 00:53 -------- d-----w- c:\users\Annaïck\AppData\Local\{7FD168C3-A5D3-45BE-808F-11FBAF462EF2}
2013-01-28 15:43 . 2013-01-28 15:43 -------- d-----w- c:\users\Annaïck\AppData\Local\{99762EC7-FCA7-4A9F-8050-C27F7F996EE0}
2013-01-27 22:50 . 2013-01-27 22:50 -------- d-----w- c:\users\Annaïck\AppData\Local\{1C3C1F70-2019-4D94-9F8F-5BB18A3354A6}
2013-01-24 23:03 . 2013-01-24 23:03 -------- d-----w- c:\users\Annaïck\AppData\Local\{36E8A72D-80DC-4F65-9AB9-D8BEDADE6590}
2013-01-23 09:41 . 2013-01-23 09:42 -------- d-----w- c:\users\Annaïck\AppData\Local\{E201D2E9-4A9E-4CB0-A41F-2B05AFB0933D}
2013-01-20 17:54 . 2013-01-20 17:54 -------- d-----w- c:\users\Annaïck\AppData\Local\{6686B29C-B4D9-4F3A-971A-591DC4E68627}
2013-01-20 00:42 . 2013-01-20 00:42 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-20 00:42 . 2013-01-20 00:42 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-01-20 00:41 . 2013-01-20 00:41 193168 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-01-20 00:41 . 2013-01-20 00:41 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-01-20 00:41 . 2013-01-20 00:41 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2013-01-20 00:41 . 2013-01-20 00:41 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2013-01-20 00:41 . 2013-01-20 00:41 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-01-20 00:41 . 2013-01-20 00:41 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-01-18 23:08 . 2013-01-18 23:08 -------- d-----w- c:\users\Annaïck\AppData\Local\{D3E33869-FAE2-4B66-8D88-9B2BD35AB04B}
2013-01-17 23:35 . 2013-01-17 23:35 -------- d-----w- c:\users\Annaïck\AppData\Local\{6D119DDF-F5BB-4FEE-9F70-72517F427398}
2013-01-15 20:12 . 2013-01-15 20:12 -------- d-----w- c:\users\Annaïck\AppData\Local\{FE427EFB-FADD-41BD-853D-505A092C7E15}
2013-01-14 11:08 . 2013-01-14 11:08 -------- d-----w- c:\users\Annaïck\AppData\Local\{80224204-2E1D-4241-B534-8062AF83601A}
2013-01-13 20:22 . 2013-01-13 20:22 -------- d-----w- c:\users\Annaïck\AppData\Local\APN
2013-01-13 20:05 . 2013-01-13 20:05 -------- d-----w- c:\users\Annaïck\AppData\Local\{55F50B09-8D2B-433D-8513-5D69BDEFC2D8}
2013-01-12 18:17 . 2013-01-12 18:17 -------- d-----w- c:\users\Annaïck\AppData\Local\{BA3490E3-20F0-4C8D-83A6-313BFEBDE82A}
2013-01-11 14:49 . 2013-01-11 14:49 -------- d-----w- c:\users\Annaïck\AppData\Local\{F843EA05-C84C-4E21-B267-41EC730B51E5}
2013-01-10 14:01 . 2013-01-10 14:01 -------- d-----w- c:\users\Annaïck\AppData\Local\{DC6CC1D4-4AE9-4F28-9F6D-811A06AF1CDA}
2013-01-09 19:26 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 19:25 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 19:25 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2009-10-03 14:44 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 20:03 . 2012-11-28 22:02 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:03 . 2011-11-06 12:36 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-21 16:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 16:08 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49 . 2012-01-13 23:45 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 03:52 . 2012-10-14 17:54 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-14 03:52 . 2010-10-19 17:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-14 02:09 . 2012-12-13 23:18 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 23:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 23:18 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 23:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 23:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 23:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-12 16:53 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-20 00:42 . 2012-01-14 18:45 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Facebook Update"="c:\users\Annaïck\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Actualizar la licencia de ESET.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [N/A]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-9 525640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Annaïck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 07:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 13:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-12 13:10 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-06-11 20:17 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-04-03 19:23 3558648 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-04 17:14 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-28 20:03]
.
2013-02-08 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 13:03]
.
2013-02-07 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-04-07 17:40]
.
2013-02-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-16 15:02]
.
2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 14:48]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 14:48]
.
2013-01-11 c:\windows\Tasks\HPCeeScheduleForAnnaïck.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-07-26 13:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab
FF - ProfilePath - c:\users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=115845&tt=4512_2&babsrc=HP_ss&mntrId=68a5d85400000000000000234dd3ad49
FF - ExtSQL: 2013-01-13 21:11; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-13 21:22; toolbar@ask.com; c:\users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-01-13 22:02; {a3a5c777-f583-4fef-9380-ab4add1bc2a8}; c:\users\Annaïck\AppData\Roaming\Mozilla\Firefox\Profiles\0jooq1dn.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
FF - ExtSQL: !HIDDEN! 2009-12-19 16:04; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2012-11-11 21:39; statuswinks@StatusWinks; c:\users\Annaïck\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=68a5d85400000000000000234dd3ad49&q=
FF - user.js: extensions.BabylonToolbar.id - 68a5d85400000000000000234dd3ad49
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15655
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.821:40
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe
AddRemove-Searchqu Toolbar - c:\program files\Searchqu Toolbar\uninstall.exe
AddRemove-FLV Player - c:\program files\FLVPlayer\Uninstall\Uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-08 16:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2013-02-08 16:36:32
ComboFix-quarantined-files.txt 2013-02-08 15:36
.
Pre-Run: 110.050.119.680 bytes beschikbaar
Post-Run: 110.304.944.128 bytes beschikbaar
.
- - End Of File - - 5DD45BB9D93688ABE66177514851B5F3
- - - Updated - - -
Even gecheckt en het is nu mogelijk om herstelpunten te maken en te verwijderen.. Dit mag ik nu doen?
-
2 objecten konden niet worden verwijderd:
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\Free Offers from Freeze.com\control.txt
Emsisoft Emergency Kit - Versie 3.0
Laatste Update: 7/02/2013 19:46:03
Scaninstellingen:
Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
Detecteer riskware: Uit
Scan archieven: Aan
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 7/02/2013 19:47:12
C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk Ontdekt: Trace.File.RansomReveton (A)
C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares Ontdekt: Trace.File.Ares (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares Ontdekt: Trace.File.Ares 5.0 (A)
C:\Program Files\Free Offers from Freeze.com\ Ontdekt: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com Ontdekt: Trace.File.Freeze (A)
C:\Program Files\Ares\data\ChanListFilter.txt Ontdekt: Trace.File.Ares (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Ares.lnk Ontdekt: Trace.File.Ares 5.0 (A)
C:\Program Files\Free Offers from Freeze.com\control.txt Ontdekt: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\dolphinico.ico Ontdekt: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico Ontdekt: Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\whalesico.ico Ontdekt: Trace.File.Freeze (A)
Value: HKEY_CLASSES_ROOT\ARLNK -> URL Protocol Ontdekt: Trace.Registry.Ares Galaxy P2P Plus (A)
Value: hkey_users\s-1-5-21-4214379145-256237986-2173896754-1000\software\microsoft\windows\currentversion\run -> ares Ontdekt: Trace.Registry.Ares (A)
C:\Program Files\Free Offers from Freeze.com\16676.url Ontdekt: Adware.Win32.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\16700.url Ontdekt: Adware.Win32.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\16714.url Ontdekt: Adware.Win32.Freeze (A)
C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\Weight1[2].pdf -> (INFECTED_JS) Ontdekt: PDF:Exploit.PDF-JS.UV (
Gescand 539230
Gevonden 17
Scan geëindigd: 7/02/2013 21:32:27
Scantijd: 1:45:15
C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\Weight1[2].pdf -> (INFECTED_JS) Verwijderd PDF:Exploit.PDF-JS.UV (
C:\Program Files\Free Offers from Freeze.com\16676.url Verwijderd Adware.Win32.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\16700.url Verwijderd Adware.Win32.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\16714.url Verwijderd Adware.Win32.Freeze (A)
Value: hkey_users\s-1-5-21-4214379145-256237986-2173896754-1000\software\microsoft\windows\currentversion\run -> ares Verwijderd Trace.Registry.Ares (A)
Value: HKEY_CLASSES_ROOT\ARLNK -> URL Protocol Verwijderd Trace.Registry.Ares Galaxy P2P Plus (A)
C:\Program Files\Free Offers from Freeze.com\ Verwijderd Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\dolphinico.ico Verwijderd Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico Verwijderd Trace.File.Freeze (A)
C:\Program Files\Free Offers from Freeze.com\whalesico.ico Verwijderd Trace.File.Freeze (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares Verwijderd Trace.File.Ares 5.0 (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares\Ares.lnk Verwijderd Trace.File.Ares 5.0 (A)
C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares Verwijderd Trace.File.Ares (A)
C:\Program Files\Ares\data\ChanListFilter.txt Verwijderd Trace.File.Ares (A)
C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk Verwijderd Trace.File.RansomReveton (A)
Verwijderd 15
-
Kan ze ng altijd niet tegelijk aanvinken, bij de reset weer hetzelfde bericht en bij het restore point krijg ik dit:
Zoek.exe Version 4.0.0.1 Updated 07-February-2013
Tool run by Anna‹ck on do 07/02/2013 at 17:06:30,32.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
7/02/2013 17:06:43 System Restore is disabled.
==== System Restore Info ======================
7/02/2013 17:07:05 Zoek.exe System Restore Point Created Succesfully.
(Bij configuratiescherm zijn herstelpunten ng steeds uitgeschakeld door groepsbeleid)
-
Bij de reset kreeg ik de melding: "Probably you misinterpreted your helpers instructions."
System restore point ging wel.
-
kan ze niet allebei tegelijk aanvinken..
-
Hey, kan de laptop nu terug gewoon gebruikt worden? Ik was ook van plan om avast te verwijderen en er een andere gratis antivirus op te zetten want deze was maar een one year trial en das op zn eind. Enige tips misschien of welke goed is? Ik gebruik AVG op die van mij en ben er content van dus dacht deze ook hierop te installeren..
-
Kan nog steeds geen herstelpunten verwijderen.. "de configuratie is uitgeschakeld door groepsbeleid"
Voor de rest lijkt alles prima te werken.
-
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38
Run by Annaïck at 16:10:55 on 2013-02-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1565 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Ares\Ares.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - c:\program files\smiley bar for facebook\ScriptHost.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Epson Stylus SX510W(Netwerk)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_S1ED6.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\annaïck\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe"
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\actual~1.lnk - c:\program files\eset\minodlogin\MiNODLogin.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
TCP: NameServer = 195.130.130.131 195.130.131.131
TCP: Interfaces\{2EC13A7D-2F24-434B-BE9D-FD6E7418AE04} : DHCPNameServer = 195.130.130.131 195.130.131.131
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\annaïck\appdata\roaming\mozilla\firefox\profiles\0jooq1dn.default\
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-28 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-3 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-3 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-3 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-3 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-3 44808]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-26 361808]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-6-25 185640]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-26 193840]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-16 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-20 19968]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-02-05 14:06:55 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1787c517-4fc1-44d9-aaa0-41b3b790dcfa}\offreg.dll
2013-02-05 13:49:00 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1787c517-4fc1-44d9-aaa0-41b3b790dcfa}\mpengine.dll
2013-02-04 15:28:06 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Temp
2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Microsoft
2013-01-20 00:42:05 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-20 00:42:01 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-01-20 00:41:59 193168 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2013-01-20 00:41:59 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2013-01-20 00:41:58 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2013-01-20 00:41:58 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2013-01-20 00:41:55 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-01-20 00:41:55 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-01-09 19:26:15 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 19:25:37 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 19:25:31 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
==================== Find3M ====================
.
2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 20:03:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:03:32 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 03:52:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-14 03:52:14 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 16:12:02,39 ===============
-
ja heb het als admin uitgevoerd maar krijg weer hetzelfde :s
-
Had idd een snelkoppeling op het bureaublad staan.. heb deze dan gewist en zoek.exe van de map downloads naar het bureaublad gesleept, heb de laatste fix opnieuw gedaan maar ik krijg weer hetzelfde log..
-
Zoek.exe Version 4.0.0.1 Updated 04-February-2013
Tool run by Anna‹ck on ma 04/02/2013 at 19:59:57,85.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
"DATAMNGR"=-
"ApnUpdater"=-
- - - Updated - - -
Mss ook even bij vermelden dat ik de melding krijg dat zoek.exe mogelijk niet goed is geïnstalleerd..
-
Hoi, 2 probleempjes.. Net zoals vorige keer kan ik geen herstelpunten verwijderen of maken.. Ik kan ze niet aanvinken en onderaan staat: "het maken van herstelpunten is uitgeschakeld in groepsbeleid".
Het 2e probleem is bij die emisoft kit, na het openen van start.exe krijg ik de menu maar bovenaan staat: "run from usb stick" en kan ik niks aanklikken..
-
Alles ziet er ok uit.. Is er verder nog iets wat ik moet doen of waar ik op moet letten?
-
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38
Run by Annaïck at 16:58:11 on 2013-02-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.977 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Ares\Ares.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\lpremove.exe
C:\Windows\system32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - c:\program files\smiley bar for facebook\ScriptHost.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Epson Stylus SX510W(Netwerk)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_S1ED6.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Facebook Update] "c:\users\annaïck\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe"
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\actual~1.lnk - c:\program files\eset\minodlogin\MiNODLogin.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
TCP: NameServer = 195.130.130.131 195.130.131.131
TCP: Interfaces\{2EC13A7D-2F24-434B-BE9D-FD6E7418AE04} : DHCPNameServer = 195.130.130.131 195.130.131.131
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\annaïck\appdata\roaming\mozilla\firefox\profiles\0jooq1dn.default\
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-28 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-3 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-3 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-3 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-3 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-3 44808]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-26 361808]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-6-25 185640]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-26 193840]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-16 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-20 19968]
.
=============== Created Last 30 ================
.
2013-02-04 15:28:06 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-04 15:22:41 24064 ----a-w- c:\windows\zoek-delete.exe
2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Temp
2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Microsoft
2013-02-04 12:00:19 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1611a83f-6b0e-4797-a4b6-447054d8cf8e}\mpengine.dll
2013-01-20 00:42:05 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-20 00:42:01 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-01-20 00:41:59 193168 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2013-01-20 00:41:59 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2013-01-20 00:41:58 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2013-01-20 00:41:58 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2013-01-20 00:41:55 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-01-20 00:41:55 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-01-09 19:26:15 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 19:25:37 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 19:25:31 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
==================== Find3M ====================
.
2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 20:03:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 20:03:32 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 03:52:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-14 03:52:14 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 17:05:19,08 ===============
-
Euhm, sinds de eerste restart na zoek.exe zit ik terug in de gewone modus en het is niet meer geblokkeerd dus.. Alles blijkt normaal te werken..
-
Zoek.exe Version 4.0.0.1 Updated 04-February-2013
Tool run by Anna‹ck on ma 04/02/2013 at 16:10:47,97.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Running Processes ======================
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Ares\Ares.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Users\Annaïck\Downloads\zoek.exe
C:\Users\ANNACK~1\AppData\Local\Temp\RarSFX1\zoek.com
C:\Windows\system32\wbem\wmiprvse.exe
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
hijackthis
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
==== Deleting Files \ Folders ======================
"C:\Users\Annaïck\AppData\Roaming\Babylon" not found
"C:\Users\Annaïck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk" not found
"C:\Users\Annaïck\AppData\Local\Ilivid Player" not found
"C:\Users\Annaïck\AppData\Local\APN" not found
"C:\Users\Annaïck\AppData\Local\Conduit" not found
"C:\Users\Annaïck\AppData\LocalLow\AskToolbar" not found
"C:\Users\Annaïck\AppData\LocalLow\facemoods.com" not found
"C:\Users\Annaïck\AppData\LocalLow\BabylonToolbar" not found
"C:\Users\Annaïck\AppData\LocalLow\DataMngr" not found
"C:\Users\Annaïck\AppData\LocalLow\searchqutoolbar" not found
"C:\Users\Annaïck\AppData\LocalLow\Conduit" not found
"C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences" not found
"C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml" deleted
"C:\ProgramData\0tbpw.pad" deleted
"C:\ProgramData\ism_0_llatsni.pad" deleted
"C:\Program Files\Ask.com\Updater\Updater.exe" deleted
"C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe" deleted
"C:\Program Files\BabylonToolbar" deleted
"C:\Program Files\Ask.com" deleted
"C:\Program Files\Searchqu Toolbar" not deleted
"C:\ProgramData\Ask" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\ProgramData\Babylon" deleted
"C:\Program Files\Ask.com\Updater" deleted
"C:\Program Files\Searchqu Toolbar\Datamngr" not deleted
==== System Specs ======================
Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)
Internet Explorer: 9.0.8112.16421
Memory (RAM): 3003 MB
CPU Info: Intel® Pentium® Dual CPU T3200 @ 2.00GHz
CPU Speed: 1374,4 MHz
Sound Card: Luidsprekers (Conexant High Def |
Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver
Monitors: 1x; Algemeen PnP-beeldscherm |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Atheros AR5007 802.11b/g WiFi Adapter | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
CD / DVD Drives: 1x (E: | ) E: Optiarc DVD RW AD-7561S
Ports: COM3 LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 223,5GB | D: 9,4GB
Hard Disks - Free: C: 100,4GB | D: 1,7GB
Manufacturer *: Hewlett-Packard
BIOS Info: AT/AT COMPATIBLE | 10/01/08 | HPQOEM - 1
Time Zone: Romance (standaardtijd)
Motherboard *: Wistron 360C
Sun Java version: 1.6.0_38
Country: Belgi‰
Language: NLB
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\ANNACK~1\AppData\Local\Temp ====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-01-20 00:42:05 -------- d-----w- C:\Program Files\Mozilla Maintenance Service
======= C: =====
====== C:\Users\Anna‹ck\AppData\Roaming ======
2013-01-14 10:12:09 -------- d-----w- C:\users\Gast\AppData\Locallow\AskToolbar
====== C:\Users\Anna‹ck ======
2013-01-20 00:42:05 -------- d-----w- C:\ProgramData\Mozilla
====== C: exe-files ==
2013-02-01 00:54:27 52F4DB8858B265619B3AB0E95E737CA9 135168 ----a-w- C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\calc[1].exe
=== C: other files ==
2013-02-03 13:33:28 4335D8DA53A3717E1C400AE1835ADAC7 12459888 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
2013-02-01 17:51:55 F253012A5F20FC6EB1923346D9E9EB98 4537856 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll
2013-02-01 17:51:55 A532B0F927C7D00EAF26E9B53E15F6A2 100864 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"
"ares"="C:\Program Files\Ares\Ares.exe -h"
"Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU C:\Windows\TEMP\E_S1ED6.tmp /EF HKCU"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Facebook Update"="C:\Users\Anna‹ck\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"EEventManager"="C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"DATAMNGR"="C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"
"ares"="C:\Program Files\Ares\Ares.exe -h"
"Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU C:\Windows\TEMP\E_S1ED6.tmp /EF HKCU"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Facebook Update"="C:\Users\Anna‹ck\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ares"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehTray.exe"
"hkey"="HKCU"
"command"="C:\\Windows\\ehome\\ehTray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Health Check Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Health Check Scheduler"
"hkey"="HKLM"
"command"="c:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QlbCtrl.exe"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QPService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QPService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UCam_Menu"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\YouCam\" update \"Software\\CyberLink\\YouCam\\2.0\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VeohPlugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VeohPlugin"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Windows Defender"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WindowsWelcomeCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WindowsWelcomeCenter"
"hkey"="HKCU"
"command"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Anna‹ck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
"backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office12\\ONENOTEM.EXE /tsr"
"item"="OneNote 2007 Schermopname en Snel starten"
==== Startup Folders ======================
2012-10-23 12:12:12 1115 ----a-w- C:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2009-07-15 23:23:30 965 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Actualizar la licencia de ESET.lnk
2009-12-19 15:05:32 1788 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/01/2013 21:03]
C:\Windows\tasks\Epson Printer Software Downloader.job --a------ C:\Program Files\EPSON\EPAPDL\E_SAPDL2.exe [23/01/2009 14:03]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4214379145-256237986-2173896754-1000Core.job --a------ C:\Users\Annack\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4214379145-256237986-2173896754-1000UA.job --a------ C:\Users\Annack\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\Final Media Player Update Checker.job --a------ C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [02/09/2012 18:40]
C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [10/01/2009 16:02]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2011 15:48]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2011 15:48]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- shARES Toolbar - %AppDir%\extensions\{9c905b42-976e-43c1-bc30-fc5937017909}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
- Undetermined - %AppDir%\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaojmikegpiepcfdkkjaplodkpfmlo - C:\Users\Anna‹ck\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx[10/12/2012 19:28]
hgojaaaiddhmiiakpejiklijbalpckih - C:\Users\Anna‹ck\AppData\Roaming\StatusWinks\statuswinks.crx[11/10/2012 10:27]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30/10/2012 23:48]
naipdapbimiiikbbgjcpbgmfhnlbagpj - C:\Users\ANNACK~1\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 14:13]
Ver Pelis - Gast - Default\Extensions\ckchdgodndeffcmfjficoalklnbjhpfl
What type of content does this site provide? - Gast - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
elgrancine - Gast - Default\Extensions\kbmiomhjamieefbjmklgeopckffcdfbn
Cuevana Stream - Gast - Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Gast - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.babylon.com/?affID=115845&tt=4512_2&babsrc=HP_ss&mntrId=68a5d85400000000000000234dd3ad49"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Presario&pf=cnnb"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Presario&pf=cnnb"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_be&c=83&bd=Presario&pf=cnnb"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{019955B4-74EC-4576-8B80-A6313EBB5D6F} Kelkoo Url="http://nb.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913938"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{A030D37F-874C-40E9-8B38-56929AD5001B} AOL Zoeken Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1547&query={searchTerms}&invocationType=tb50hpcnnbie7-nl-be"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj deleted successfully
==== HijackThis Entries ======================
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
==== Empty IE Cache ======================
C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Annaïck\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gast\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Gast\AppData\Local\Mozilla\Firefox\Profiles\r83tkwgi.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\ANNACK~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Program Files\Searchqu Toolbar" not found
-
Bedankt! Hier is het logje..
Zoek.exe Version 4.0.0.1 Updated 04-February-2013
Tool run by Anna‹ck on ma 04/02/2013 at 12:39:01,43.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Safe Mode NETWORK Internet Access Detected
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\ANNACK~1\AppData\Local\Temp ====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-01-20 00:42:05 -------- d-----w- C:\Program Files\Mozilla Maintenance Service
2013-01-13 20:22:17 -------- d-----w- C:\Program Files\Ask.com
======= C: =====
====== C:\Users\Anna‹ck\AppData\Roaming ======
2013-01-14 10:12:09 -------- d-----w- C:\users\Gast\AppData\Locallow\AskToolbar
====== C:\Users\Anna‹ck ======
2013-02-01 00:54:34 485F5A5029F594C9BF45D1D3D7FDD104 95023320 ----atw- C:\ProgramData\0tbpw.pad
2013-01-20 00:42:05 -------- d-----w- C:\ProgramData\Mozilla
2013-01-13 20:11:56 -------- d-----w- C:\ProgramData\Ask
====== C: exe-files ==
2013-02-01 00:54:27 52F4DB8858B265619B3AB0E95E737CA9 135168 ----a-w- C:\Users\Annaïck\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ET4WFTU\calc[1].exe
=== C: other files ==
2013-02-03 13:33:28 4335D8DA53A3717E1C400AE1835ADAC7 12459888 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
2013-02-01 17:51:55 F253012A5F20FC6EB1923346D9E9EB98 4537856 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll
2013-02-01 17:51:55 A532B0F927C7D00EAF26E9B53E15F6A2 100864 ----a-w- C:\Users\Annaïck\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"
[HKEY_USERS\S-1-5-21-4214379145-256237986-2173896754-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"
"ares"="C:\Program Files\Ares\Ares.exe -h"
"Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU C:\Windows\TEMP\E_S1ED6.tmp /EF HKCU"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Facebook Update"="C:\Users\Anna‹ck\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"EEventManager"="C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
"DATAMNGR"="C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"ApnUpdater"="C:\Program Files\Ask.com\Updater\Updater.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"
"ares"="C:\Program Files\Ares\Ares.exe -h"
"Epson Stylus SX510W(Netwerk)"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU C:\Windows\TEMP\E_S1ED6.tmp /EF HKCU"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"Facebook Update"="C:\Users\Anna‹ck\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ares"
"hkey"="HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ehTray.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehTray.exe"
"hkey"="HKCU"
"command"="C:\\Windows\\ehome\\ehTray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Health Check Scheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Health Check Scheduler"
"hkey"="HKLM"
"command"="c:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QlbCtrl.exe"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QPService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QPService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UCam_Menu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UCam_Menu"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files\\CyberLink\\YouCam\" update \"Software\\CyberLink\\YouCam\\2.0\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VeohPlugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VeohPlugin"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Windows Defender"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Windows Defender\\MSASCui.exe -hide"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WindowsWelcomeCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WindowsWelcomeCenter"
"hkey"="HKCU"
"command"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Anna‹ck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]
"backup"="C:\\Windows\\pss\\OneNote 2007 Schermopname en Snel starten.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office12\\ONENOTEM.EXE /tsr"
"item"="OneNote 2007 Schermopname en Snel starten"
==== Startup Folders ======================
2012-10-23 12:12:12 1115 ----a-w- C:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk
2009-07-15 23:23:30 965 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Actualizar la licencia de ESET.lnk
2009-12-19 15:05:32 1788 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09/01/2013 21:03]
C:\Windows\tasks\Epson Printer Software Downloader.job --a------ C:\Program Files\EPSON\EPAPDL\E_SAPDL2.exe [23/01/2009 14:03]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4214379145-256237986-2173896754-1000Core.job --a------ C:\Users\Annack\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4214379145-256237986-2173896754-1000UA.job --a------ C:\Users\Annack\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\Final Media Player Update Checker.job --a------ C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [02/09/2012 18:40]
C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files\Glary Utilities\initialize.exe [10/01/2009 16:02]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2011 15:48]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06/06/2011 15:48]
After Reboot
-
Hallo, het loopt nu al sinds gisteren.. Zo'n 20-tal uur..
Heb ng altijd hetzelfde scherm: "Zoek.exe is running now. please wait! this window will close when finished"
Geduldig afwachten? Heb alle stappen correct gevolgd..
-
Hoi, heb zoek.exe vrijdag enkele uren laten werken maar er gebeurde niks, heb het dan maar afgesloten omdat ik ging slapen en nu is de vraag: is het normaal dat het zo lang duurt? Moet ik het nog eens laten lopen of is er ergens een probleem?
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:59:35, on 1/02/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Annaïck\Downloads\HijackThis (3).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files\Smiley Bar for Facebook\ScriptHost.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Epson Stylus SX510W(Netwerk)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_S1ED6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Annaïck\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files\MyTomTom 3\MyTomTomSA.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: runctf.lnk = C:\Windows\System32\rundll32.exe
O4 - Global Startup: Actualizar la licencia de ESET.lnk = C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Servicio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11873 bytes
-
Hey, mn zus heeft voor de 2e keer het politievirus.. Kzit nu in de veilige modus maar vind hijackthis niet.. Opnieuw downloaden of wat moet ik doen?
Alvast bedankt!
grts fabian
politie virus
in Archief Bestrijding malware & virussen
Geplaatst:
Ok, dat is gelukt! Verder nog iets? Mag die Emisoft emergency kit en CCleaner gebruikt blijven worden om regelmatig de pc te scannen?