JS/redin

knien

26-12-2012 23:21

Hallo,
Ik heb het schoonmaakplan en het stappenplan doorlopen. Nog steeds geeft avg aan dat ik het Js/redin virus op mijn computer heb.
Kan iemand mij helpen?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:11:13, on 27-12-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Frans\Desktop\Hijack this\HijackThis.exe
C:\Users\Frans\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe” -d
O4 - HKLM\..\Run: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\HomeCinema\PowerDirector” UpdateWithCreateOnce “Software\CyberLink\PowerDirector\7.0”
O4 - HKLM\..\Run: “C:\Program Files (x86)\HomeCinema\PowerDVD\PDVDServ.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\HomeCinema\PowerDVD\Language\Language.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\HomeCinema\PowerProducer” update “Software\CyberLink\PowerProducer\5.0”
O4 - HKLM\..\Run: C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKCU\..\Run: “C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount
O4 - HKCU\..\Run: “C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-2671133534-3839013441-1120917848-1006\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-2671133534-3839013441-1120917848-1006\..\Run: “C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-2671133534-3839013441-1120917848-1006\..\Run: “C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-2671133534-3839013441-1120917848-1006\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User ‘UpdatusUser’)
O4 - HKUS\S-1-5-21-2671133534-3839013441-1120917848-1006\..\RunOnce: C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’)
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Frans\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra ‘Tools’ menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SMART Helper Service (SMARTHelperService) - SMART Technologies - C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 13308 bytes
Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org
Databaseversie: v2012.12.26.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frans :: FRANS
Realtime bescherming: Ingeschakeld
27-12-2012 0:11:31
mbam-log-2012-12-27 (00-11-31).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 240026
Verstreken tijd: 3 minuut/minuten, 40 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Groetjes
Ben

27-12-2012 09:44

Hallo,
Geeft AVG nog aan waar hij het virus vind?
Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.
DDS is een diagnosetool en maakt gebruik van scripts.
Schakel je beveiligings software uit voordat je DDS uitvoert!
(hier of hier) kan je lezen hoe je dat doet.
Dubbelklik op DDS om de tool te starten.
Er worden nu automatisch twee log bestanden op het bureablad opgeslagen.
DDS.txt
Attach.txt (Plaats deze alleen indien hierom wordt gevraagd!)
Post het DDS.txt in het volgende bericht.
Gr.Ben
knien

27-12-2012 09:56

Het is gevonden in
c:\user\frans\apdata\roaming\mozilla\firefox\profiles\53htvhd.default\adblockplus\cache.js
mijn logje vvd.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by Frans at 9:47:39 on 2012-12-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4094.2530
.
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: “C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe” -automount
uRun: “C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe” -autorun
uRun: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
mRun: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
mRun: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe” -d
mRun: “C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
mRun: “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
mRun: “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
mRun: “C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\HomeCinema\PowerDirector” UpdateWithCreateOnce “Software\CyberLink\PowerDirector\7.0”
mRun: “C:\Program Files (x86)\HomeCinema\PowerDVD\PDVDServ.exe”
mRun: “C:\Program Files (x86)\HomeCinema\PowerDVD\Language\Language.exe”
mRun: “C:\Program Files (x86)\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\HomeCinema\PowerProducer” update “Software\CyberLink\PowerProducer\5.0”
mRun: C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Converteren naar Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Frans\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Toevoegen aan bestaande PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the ‘Force scan all domains’ option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{16BA2671-1C44-4E09-B448-969E42DE1460} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{29C0BD68-226A-4AC3-B9F4-18CB44579336} : DHCPNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{47296751-1F53-4005-AA43-CABA9041116D} : DHCPNameServer = 192.168.1.254 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
x64-BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: “C:\Program Files\Microsoft Office\Office14\BCSSync.exe” /DelayServices
x64-Run: C:\Windows\AutoRearm\AutoRearm.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\ThreeShips Shared\Dll\npTSHelper.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-21 18:24; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - ExtSQL: 2012-12-15 22:43; {EEE6C361-6118-11DC-9C72-001320C79847}; C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: !HIDDEN! 2011-08-29 21:10; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
R2 SMARTHelperService;SMART Helper Service;C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys
R3 NxpCap64;CTX capture service;C:\Windows\System32\drivers\NxpCap64.sys
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\WScript.exe “%1” %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe “%1” %*
FileExt: .js: JSFile=C:\Windows\SysWow64\WScript.exe “%1” %*
.
=============== Created Last 30 ================
.
2012-12-24 18:37:05 ——– d—–w- C:\Users\Frans\AppData\Roaming\AVG
2012-12-24 18:36:01 ——– d-sh–w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-21 23:05:35 46080 —-a-w- C:\Windows\System32\atmlib.dll
2012-12-21 23:05:35 34304 —-a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 23:05:34 367616 —-a-w- C:\Windows\System32\atmfd.dll
2012-12-21 23:05:34 295424 —-a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-15 21:19:25 ——– d—–w- C:\ProgramData\SweetIM
2012-12-15 21:19:25 ——– d—–w- C:\Program Files (x86)\SweetIM
2012-12-14 15:57:06 ——– d—–w- C:\Windows\Vbox
2012-12-13 10:12:04 2048 —-a-w- C:\Windows\SysWow64\tzres.dll
2012-12-13 10:12:04 2048 —-a-w- C:\Windows\System32\tzres.dll
2012-12-06 18:23:56 96224 —-a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-04 21:15:50 ——– d—–w- C:\NVIDIA
2012-12-01 21:21:55 ——– d—–w- C:\Users\Frans\AppData\Local\TVEnhance
2012-12-01 21:21:12 95232 —-a-w- C:\Windows\SysWow64\oCLWatson.exe
2012-12-01 21:21:12 44544 —-a-w- C:\Windows\SysWow64\msxml4a.dll
2012-12-01 21:18:38 27168 ——w- C:\Windows\SysWow64\msxml3a.dll
2012-12-01 21:13:35 ——– d—–w- C:\Program Files\HomeCinema
2012-12-01 21:13:33 225280 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-12-01 21:13:33 176128 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-12-01 21:13:32 77824 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-12-01 21:13:32 32768 —-a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-12-01 21:13:22 ——– d—–w- C:\Users\Frans\AppData\Local\Cyberlink
2012-12-01 21:10:10 ——– d—–w- C:\Program Files (x86)\HomeCinema
2012-11-30 21:43:52 438632 —-a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-11-28 17:18:54 302592 —-a-w- C:\Windows\mauninst.exe
2012-11-28 17:18:12 ——– d—–w- C:\Program Files (x86)\DENDA Multimedia b.v
2012-11-27 21:36:27 159744 —-a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-27 21:36:27 159744 —-a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-27 21:36:27 159744 —-a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-27 21:36:27 159744 —-a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-27 21:36:27 159744 —-a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-27 21:36:27 159744 —-a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-27 21:36:27 159744 —-a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-27 21:35:01 ——– d—–w- C:\Users\Frans\AppData\Local\Apple
.
==================== Find3M ====================
.
2012-12-12 15:16:58 73656 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 15:16:58 697272 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-01 05:49:26 2557800 —-a-w- C:\Windows\System32\nvsvcr.dll
2012-12-01 05:49:25 63336 —-a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 —-a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 —-a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 —-a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 —-a-w- C:\Windows\System32\nvsvc64.dll
2012-11-22 03:26:40 3149824 —-a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 —-a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 —-a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 —-a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 —-a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 —-a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 —-a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 —-a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 —-a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 —-a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 —-a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 —-a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 —-a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-12 03:47:46 312160 —-a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-11-02 05:59:11 478208 —-a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 —-a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-25 02:12:26 94208 —-a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12:26 69632 —-a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 —-a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 —-a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 —-a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 —-a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 —-a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 —-a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 —-a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 —-a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 —-a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 —-a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 —-a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 —-a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 —-a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 —-a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 —-a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 —-a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 —-a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 —-a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 —-a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 —-a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 —ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 —ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 —ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 —ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 —-a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 —-a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 —-a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 —-a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 —-a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 —-a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 —-a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 —-a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 —-a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 —-a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 —-a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-29 18:54:26 25928 —-a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 9:48:05,29 ===============
Groetjes Frans
Ben

27-12-2012 10:09

Hallo,
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Download daarna zoek.exe naar het bureaublad.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
autoclean;
filesrcm;
;r
“Sweetpacks Communicator”=-;r
C:\Program Files (x86)\SweetIM;fs
C:\ProgramData\SweetIM;fs
chromelook;
firefoxlook;
startupall;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Gr.Ben
knien

27-12-2012 10:58

Hallo Ben,
Als ik firefox opstart geeft avg nog steeds de melding.
Zoek.exe Version 3.0.0.4 Updated 27-12-2012
Tool run by Frans on do 27-12-2012 at 10:46:19,30.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
“Sweetpacks Communicator”=-
==== Deleting Files \ Folders ======================
“C:\Program Files (x86)\SweetIM” not found
“C:\ProgramData\SweetIM” not found
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2012-11-28 17:18:54 A976DD45FB82201617F9C6E59A648094 302592 —-a-w- C:\Windows\mauninst.exe
====== C:\Users\Frans\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2012-12-21 23:05:35 E32230F4135D507E79509C998F4D8C92 34304 —-a-w- C:\Windows\SysWOW64\atmlib.dll
2012-12-21 23:05:34 5DAF8A6B7F127C4E70A5C1F707347859 295424 —-a-w- C:\Windows\SysWOW64\atmfd.dll
2012-12-13 11:17:09 9D8D5E1F881DB5CD0E9C59166E7AC422 2382848 —-a-w- C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 11:17:08 F9D038A8C2BDC3AE2548150A7AED0F8A 176640 —-a-w- C:\Windows\SysWOW64\ieui.dll
2012-12-13 11:17:08 543BBE783E2CA0D58E1981BD75483BAD 73216 —-a-w- C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 11:17:08 4071D132E66ACDA3776F1FEAD19E6E01 420864 —-a-w- C:\Windows\SysWOW64\vbscript.dll
2012-12-13 11:17:07 DE6652B4B4E9795B53142959FD02A4EB 1427968 —-a-w- C:\Windows\SysWOW64\inetcpl.cpl
2012-12-13 11:17:07 DCFA393FA7F8FFAAE4A4A1F5E3E7CD64 142848 —-a-w- C:\Windows\SysWOW64\ieUnatt.exe
2012-12-13 11:17:07 4266A3230981DD4434C55957F6DD497D 1103872 —-a-w- C:\Windows\SysWOW64\urlmon.dll
2012-12-13 11:17:07 31B0448CC0694378106582F46D0D07E4 231936 —-a-w- C:\Windows\SysWOW64\url.dll
2012-12-13 11:17:06 E290E3FDF645DF29D00D6368B9127E30 607744 —-a-w- C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 11:17:06 7FA3A810F383588D46220967DE8B64FF 1129472 —-a-w- C:\Windows\SysWOW64\wininet.dll
2012-12-13 11:17:05 A3FA99A16F10D44EDB7A8C340FA2EE1B 1800704 —-a-w- C:\Windows\SysWOW64\jscript9.dll
2012-12-13 11:17:05 780E80E5502015EDAEC91DC0A0C96A79 1793024 —-a-w- C:\Windows\SysWOW64\iertutil.dll
2012-12-13 11:17:05 0A866897039E42DF8080BE5DD83BC8E0 717824 —-a-w- C:\Windows\SysWOW64\jscript.dll
2012-12-13 11:17:04 8E38CE628D4817D949DD31D77A7F21CD 65024 —-a-w- C:\Windows\SysWOW64\jsproxy.dll
2012-12-13 11:17:03 07F649CD36F266BBE33B814FA678AA43 12320256 —-a-w- C:\Windows\SysWOW64\mshtml.dll
2012-12-13 11:17:01 5466DCAEF5A648E04D1B6580F2C901B5 9738240 —-a-w- C:\Windows\SysWOW64\ieframe.dll
2012-12-13 10:12:04 B39B8CC163C41B12FE83E777199F3378 2048 —-a-w- C:\Windows\SysWOW64\tzres.dll
2012-12-13 10:11:52 EC0A0E7B3537BB2912221D4933216727 4096 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 10:11:52 DA15883524770E44CA94D38E9FD54E3D 5120 —-a-w- C:\Windows\SysWOW64\wow32.dll
2012-12-13 10:11:52 D7573A8D927B68F962BD0B5DA6603EEF 3584 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 10:11:52 D4F3176082566CEFA633B4945802D4C4 1114112 —-a-w- C:\Windows\SysWOW64\kernel32.dll
2012-12-13 10:11:52 D433E08B64837534AFB786E454BAB61E 5120 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-13 10:11:52 CAF11064A276247FE9F30AB06C4F2F2C 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 10:11:52 C1FA7D1A6548037873C90D4EEE34DF2B 3584 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 10:11:52 BC24199038F4BE63A1825CF168408120 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-13 10:11:52 B4FCCE5BA0990AE78809379CB0C3873C 3584 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 10:11:52 A2C23B02DC32AA8D3801B84FB54137A6 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 10:11:52 7978B487E3FBBC666A494EBECBFB26A9 3584 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 10:11:52 746D54D4505D7DD64A7204E9356662D3 14336 —-a-w- C:\Windows\SysWOW64\ntvdm64.dll
2012-12-13 10:11:52 73AF314C216F08A1C97BC03ECAD3A423 3584 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 10:11:52 72D37545BC03B38537C3ACC7FA8FCA3A 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 10:11:52 6F08CABF92AF8FAB3509DD9F313B83F9 4096 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 10:11:52 6B28D57A511929227FF1C8F412C1A3F9 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 10:11:52 63416D211D4B15FD841A21E508081F4C 4096 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 10:11:52 50A078C76D94014B61238F1118B6E02C 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 10:11:52 4A8CFB2638B946154FC74CD4BECBDCEC 7680 —-a-w- C:\Windows\SysWOW64\instnm.exe
2012-12-13 10:11:52 4A01572D2030D49CEB0A319DE0BFF53C 4096 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 10:11:52 3B319CC2334AC0D15BE25A5994065F13 3584 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 10:11:52 2B9B097C293696DBC473CEF9F623C980 3584 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 10:11:52 2A1A2C962BB789EF8EE8CF8CB8F100C0 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 10:11:52 2299E1067A7027E25281177830E0F5A7 25600 —-a-w- C:\Windows\SysWOW64\setup16.exe
2012-12-13 10:11:52 1818CCEE5CFC3FCC876F42643109F2C0 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-13 10:11:52 1697959965BC58308D046048A69E6C1E 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 10:11:52 139590E1C420A439F23F261979A59BC4 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 10:11:52 0E3CEB4FCE14AF72FBAAAE754A7C136A 4608 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 10:11:52 0978C2B33BDD0A7E6C563AA337DC8BA0 274944 —-a-w- C:\Windows\SysWOW64\KernelBase.dll
2012-12-13 10:11:51 E00F3E011103F0D788EC727374BFB50A 2048 —-a-w- C:\Windows\SysWOW64\user.exe
2012-12-13 10:11:51 CBE6C675D3B10E48EF7B25A5FF07B46D 4096 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 10:11:51 97188F405255248AC8316001411D9CC5 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-13 10:11:51 3C3685C29EEF909266F124A184F849E6 3072 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-13 10:11:51 1A208F0CEB6DE90A7EE3D4469B3A88BA 4608 —ha-w- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 10:11:44 310F6F492A3B4B1020ED9BF9CCBBE6B6 376832 —-a-w- C:\Windows\SysWOW64\dpnet.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2012-12-21 23:05:35 2ED72B3F76C9368ABC01464DA64DB7AE 46080 —-a-w- C:\Windows\Sysnative\atmlib.dll
2012-12-21 23:05:34 CB2ABB2DA1E9C977302A78D86D4AE3B0 367616 —-a-w- C:\Windows\Sysnative\atmfd.dll
2012-12-13 11:17:09 D869ACB7C3DA1B823765DB3CBE2E3DD4 96768 —-a-w- C:\Windows\Sysnative\mshtmled.dll
2012-12-13 11:17:09 79F3FC1CF5AAC69BC6FB14521D6A3880 2382848 —-a-w- C:\Windows\Sysnative\mshtml.tlb
2012-12-13 11:17:07 FD126186C7434D5214093A4A87A0D63F 1494528 —-a-w- C:\Windows\Sysnative\inetcpl.cpl
2012-12-13 11:17:07 673A1369C77B7A405B97A619848F6757 173056 —-a-w- C:\Windows\Sysnative\ieUnatt.exe
2012-12-13 11:17:07 478FDA5AB59331259538FB7B02026836 237056 —-a-w- C:\Windows\Sysnative\url.dll
2012-12-13 11:17:07 1DBA462CF92D890D8F8E6472E7E8B4B4 1346048 —-a-w- C:\Windows\Sysnative\urlmon.dll
2012-12-13 11:17:07 08D0F87AA3F6DF47658E9ACD4D082027 248320 —-a-w- C:\Windows\Sysnative\ieui.dll
2012-12-13 11:17:06 9568BB33BBAD356EDD6CDE988E570523 2312704 —-a-w- C:\Windows\Sysnative\jscript9.dll
2012-12-13 11:17:06 56336BB69172A2CEE15B2491DB4C70C1 729088 —-a-w- C:\Windows\Sysnative\msfeeds.dll
2012-12-13 11:17:06 5121DB613E10A46A3C5085B479026AA7 1392128 —-a-w- C:\Windows\Sysnative\wininet.dll
2012-12-13 11:17:06 31525BC38F219E3E17D8AF11DA0FAE3E 85504 —-a-w- C:\Windows\Sysnative\jsproxy.dll
2012-12-13 11:17:05 A0F52880DDD164F968BE903C1FECD27E 2144768 —-a-w- C:\Windows\Sysnative\iertutil.dll
2012-12-13 11:17:05 6E6602DE23AB3776007702FC9540E8E9 599040 —-a-w- C:\Windows\Sysnative\vbscript.dll
2012-12-13 11:17:05 046AD878F246D3801B719700B543A6EE 816640 —-a-w- C:\Windows\Sysnative\jscript.dll
2012-12-13 11:17:02 CFF3C4ABDCC5356B0674743BDF0FB674 17811968 —-a-w- C:\Windows\Sysnative\mshtml.dll
2012-12-13 11:17:01 C71E7ABB1A34E56CE73AE117C8DD566F 10925568 —-a-w- C:\Windows\Sysnative\ieframe.dll
2012-12-13 10:12:04 3D2D108E14AD21889A2621B94C80A3DD 2048 —-a-w- C:\Windows\Sysnative\tzres.dll
2012-12-13 10:11:59 C58923115CDE6071C3BF2FF063546E9F 3149824 —-a-w- C:\Windows\Sysnative\win32k.sys
2012-12-13 10:11:52 ED6346350B051FA98F755518E1DBC9C4 3584 —ha-w- C:\Windows\Sysnative\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 10:11:52 EAAA1E6695B3D5F834E91F41EB1BD9B2 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 10:11:52 E06E5AA16B3F7C72CDE3593CE87411BB 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 10:11:52 DF38FFD9127965E857E6E8BF41E3AD66 4096 —ha-w- C:\Windows\Sysnative\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 10:11:52 DE4B59CD672B016B0827D7FBBBB13B74 3584 —ha-w- C:\Windows\Sysnative\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 10:11:52 D98882549D5D1246039BCF421202EB2E 4096 —ha-w- C:\Windows\Sysnative\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 10:11:52 CD2FCB8F13EABE7702A8AE7DE49E90E5 3584 —ha-w- C:\Windows\Sysnative\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 10:11:52 C1D840725CBC18F1232B832083EAE51D 3584 —ha-w- C:\Windows\Sysnative\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 10:11:52 B45124A0A5E60906AB72B48C25348835 3584 —ha-w- C:\Windows\Sysnative\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 10:11:52 B1A6900FE182F839DA1B58CDC9E0B3AE 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-io-l1-1-0.dll
2012-12-13 10:11:52 A05FA0E17EA9ADE6DC9B5C2BEC224030 3584 —ha-w- C:\Windows\Sysnative\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 10:11:52 98168B9B0656A01A321FF1BECB2C03E1 13312 —-a-w- C:\Windows\Sysnative\wow64cpu.dll
2012-12-13 10:11:52 9335B95493FA6CBDF553E36820983A29 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 10:11:52 91EF240DDB541D9FD62EBDC719EAE93A 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 10:11:52 818C4DEC5316EA1147D059E4CAE75453 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 10:11:52 7B02A73700CC99A0B9E4D4C0AA2028BA 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-string-l1-1-0.dll
2012-12-13 10:11:52 72CC564BBC70DE268784BCE91EB8A28F 215040 —-a-w- C:\Windows\Sysnative\winsrv.dll
2012-12-13 10:11:52 6F2E324703E6D22B9934C33DA48F1F01 424960 —-a-w- C:\Windows\Sysnative\KernelBase.dll
2012-12-13 10:11:52 695612AA7E235938E1683CD00D61D157 4608 —ha-w- C:\Windows\Sysnative\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 10:11:52 580BE75B6D90FF6D0C08E5AAD2213C55 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 10:11:52 545466F436F875D0FFC171C12CAC3244 4608 —ha-w- C:\Windows\Sysnative\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 10:11:52 42B7B6D5D9AE16C5793CE28029174D5E 4096 —ha-w- C:\Windows\Sysnative\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 10:11:52 3326166011C9BC13D6A8EFD856E9921C 338432 —-a-w- C:\Windows\Sysnative\conhost.exe
2012-12-13 10:11:52 2970785A72054740E1A5DCEB32485486 362496 —-a-w- C:\Windows\Sysnative\wow64win.dll
2012-12-13 10:11:52 28DC7159AC48CF4622D3D222590897C8 5120 —ha-w- C:\Windows\Sysnative\api-ms-win-core-file-l1-1-0.dll
2012-12-13 10:11:52 23A6A58BE46A1D6538B33D0F5535EEBE 16384 —-a-w- C:\Windows\Sysnative\ntvdm64.dll
2012-12-13 10:11:52 20DC238620F694575DDEE8EC95265774 3584 —ha-w- C:\Windows\Sysnative\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 10:11:52 1DC3504CA4C57900F1557E9A3F01D272 1161216 —-a-w- C:\Windows\Sysnative\kernel32.dll
2012-12-13 10:11:52 18B5290C01924D87DDD0480BC8FAB8D6 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 10:11:52 15B30F15BD13640B337A0FC37BD48CDE 243200 —-a-w- C:\Windows\Sysnative\wow64.dll
2012-12-13 10:11:52 07D74D633327AFF7E2360F32F83D8200 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-util-l1-1-0.dll
2012-12-13 10:11:52 03164C3DD1DCE155A2528DE6CC878975 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 10:11:52 028685592EF723982C5D6B98D6C4893D 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 10:11:51 BA959333F88D1FAF934CC1318AC3B69E 3072 —ha-w- C:\Windows\Sysnative\api-ms-win-core-console-l1-1-0.dll
2012-12-13 10:11:51 244483EF6648ABE51A12C7EB01EB0A60 4096 —ha-w- C:\Windows\Sysnative\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 10:11:44 374CE9DAB2F0CB173B8FCF3AB8DB5D1B 478208 —-a-w- C:\Windows\Sysnative\dpnet.dll
====== C:\Windows\Sysnative\drivers =====
2012-12-07 16:07:26 D41D8CD98F00B204E9800998ECF8427E 0 —ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-12-04 21:17:02 FE2909F7DFB12B9A20AD207FE23B7E96 11532648 —-a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
2012-12-01 21:54:36 EF4469AB69EB15E5D3754E6AEAFBCD3D 29696 —-a-w- C:\Windows\Sysnative\drivers\terminpt.sys
2012-12-01 21:54:36 AD64450A4ABE076F5CB34CC08EEACB07 30208 —-a-w- C:\Windows\Sysnative\drivers\TsUsbGD.sys
2012-12-01 21:54:36 313F68E1A3E6345A4F47A36B07062F34 19456 —-a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2012-12-01 21:54:36 17C6B51CBCCDED95B3CC14E22791F85E 57856 —-a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2012-12-01 21:54:04 AAFCB52FE0037207FB6FBEA070D25EFE 458712 —-a-w- C:\Windows\Sysnative\drivers\cng.sys
2012-12-01 21:54:04 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 —-a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2012-12-01 21:13:35 ——– d—–w- C:\Program Files\HomeCinema
======= C:\Program Files (x86) =====
2012-12-01 21:13:29 ——– d—–w- C:\Program Files (x86)\Common Files\InstallShield
2012-12-01 21:13:23 ——– d–h–w- C:\Program Files (x86)\InstallShield Installation Information
2012-12-01 21:13:12 ——– d—–w- C:\Program Files (x86)\Cyberlink
2012-12-01 21:10:10 ——– d—–w- C:\Program Files (x86)\HomeCinema
2012-11-28 17:18:12 ——– d—–w- C:\Program Files (x86)\DENDA Multimedia b.v
2012-11-27 21:36:10 ——– d—–w- C:\Program Files (x86)\QuickTime
2012-11-27 21:35:11 ——– d—–w- C:\Program Files (x86)\Common Files\Apple
2012-11-27 21:34:58 ——– d—–w- C:\Program Files (x86)\Apple Software Update
======= C: =====
====== C:\Users\Frans\AppData\Roaming ======
2012-12-27 09:38:41 ——– d—–w- C:\users\Frans\AppData\Local\Temp
2012-12-24 18:37:05 ——– d—–w- C:\users\Frans\AppData\Roaming\AVG
2012-12-12 13:10:05 ——– d—–w- C:\users\Default\AppData\Roaming\TuneUp Software
2012-12-12 13:10:05 ——– d—–w- C:\users\Default User\AppData\Roaming\TuneUp Software
2012-12-01 21:21:55 ——– d—–w- C:\users\Frans\AppData\Local\TVEnhance
2012-12-01 21:13:22 ——– d—–w- C:\users\Frans\AppData\Roaming\CyberLink
2012-12-01 21:13:22 ——– d—–w- C:\users\Frans\AppData\Local\Cyberlink
2012-11-28 11:41:34 ——– d—–w- C:\users\Frans\AppData\Roaming\Apple Computer
2012-11-27 21:35:01 ——– d—–w- C:\users\Frans\AppData\Local\Apple
2012-11-27 21:34:23 ——– d—–w- C:\users\Frans\AppData\Locallow\Apple Computer
====== C:\Users\Frans ======
2012-12-24 18:36:01 ——– d-sh–w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-01 21:09:53 ——– d—–w- C:\ProgramData\CyberLink
2012-11-27 21:36:10 ——– d—–w- C:\ProgramData\Apple Computer
2012-11-27 21:34:58 ——– d—–w- C:\ProgramData\Apple
====== C: exe-files ==
2012-12-26 22:06:56 9A2347903D6EDB84C10F288BC0578C1C 388608 —-a-w- C:\Users\Frans\Desktop\HijackThis.exe
2012-12-26 18:55:10 4A028A9EDD797B87720CAF1F38C873AB 81304144 —-a-w- C:\Users\Frans\Downloads\msert(1).exe
2012-12-26 18:36:44 4A028A9EDD797B87720CAF1F38C873AB 81304144 —-a-w- C:\Users\Frans\Downloads\msert.exe
2012-12-26 16:39:01 AA1FFCCE383A227144FD62A019CD27CE 2322184 —-a-w- C:\Users\Frans\Downloads\esetsmartinstaller_enu(1).exe
2012-12-24 18:35:38 7028759D95EC1D575BB7163E70C4FB85 58674136 —-a-w- C:\Users\Frans\Downloads\avg_tuh_stf_all_2013_2_24c34(1).exe
2012-12-24 18:32:22 7028759D95EC1D575BB7163E70C4FB85 58674136 —-a-w- C:\Users\Frans\Downloads\avg_tuh_stf_all_2013_2_24c34.exe
2012-12-22 12:22:07 5F3D2EB5C6CB581C892734BA197BD8D3 4178040 —-a-w- C:\Users\Frans\Downloads\ccsetup326.exe
=== C: other files ==
2012-12-27 08:45:48 8B968045D75783A09592C3105F2865DA 688992 ——r- C:\Users\Frans\Downloads\dds.com
2012-12-21 23:05:35 E32230F4135D507E79509C998F4D8C92 34304 —-a-w- C:\Windows\SysWOW64\atmlib.dll
2012-12-21 23:05:35 2ED72B3F76C9368ABC01464DA64DB7AE 46080 —-a-w- C:\Windows\System32\atmlib.dll
2012-12-21 23:05:34 CB2ABB2DA1E9C977302A78D86D4AE3B0 367616 —-a-w- C:\Windows\System32\atmfd.dll
2012-12-21 23:05:34 5DAF8A6B7F127C4E70A5C1F707347859 295424 —-a-w- C:\Windows\SysWOW64\atmfd.dll
==== Startup Registry Enabled ======================
“AlcoholAutomount”=“C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount”
“DAEMON Tools Lite”=“C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
“DAEMON Tools Pro Agent”=“C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun”
“AlcoholAutomount”=“C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount”
“DAEMON Tools Lite”=“C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
“DAEMON Tools Pro Agent”=“C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun”
“Sidebar”=“%ProgramFiles%\Windows\Sidebar.exe /autoRun”
“mctadmin”=“C:\Windows\System32\mctadmin.exe”
“AVG_TRAY”=“C:\Program Files (x86)\AVG\AVG10\avgtray.exe”
“Adobe ARM”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“Adobe ARM (1)”=“C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SMART Board Service”=“C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe -d”
“SMART Board Tools”=“C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe”
“SunJavaUpdateSched”=“C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe”
“APSDaemon”=“C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“UpdatePDRShortCut”=“C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\HomeCinema\PowerDirector UpdateWithCreateOnce Software\CyberLink\PowerDirector\7.0”
“RemoteControl”=“C:\Program Files (x86)\HomeCinema\PowerDVD\PDVDServ.exe”
“LanguageShortcut”=“C:\Program Files (x86)\HomeCinema\PowerDVD\Language\Language.exe”
“UpdatePPShortCut”=“C:\Program Files (x86)\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\HomeCinema\PowerProducer update Software\CyberLink\PowerProducer\5.0”
“Adobe Acrobat Speed Launcher”=“C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe”
“VX1000”=“C:\Windows\vVX1000.exe”
“AlcoholAutomount”=“C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -automount”
“DAEMON Tools Lite”=“C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
“DAEMON Tools Pro Agent”=“C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun”
==== Startup Registry Disabled ======================
“QuickTime Task”=“\”C:\\Program Files (x86)\\QuickTime\\QTTask.exe\“ -atboottime”
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job –a—— C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job –a—— C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==== Firefox Extensions ======================
ProfilePath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default
- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Undetermined - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- nzbdStatus - %ProfilePath%\extensions\sabnzbdstatus@dq5studios.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default
54FC590185D7D00D65E53B9A5990DC14 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll - Shockwave Flash
3E21E80D10E1033D9C137440554FF724 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.370.6
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com/”
New Values:
“Start Page”=“http://www.google.com/”
==== All HKCU SearchScopes ======================
HKCU\*\SearchScopes “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Frans\AppData\Local\Mozilla\Firefox\Profiles\53htvvhd.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Frans\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Frans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not deleted
Groetjes Frans
Ben

27-12-2012 11:10

Hallo,
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
autoclean;
Adblock Plus;firefoxlook;
C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpil;f
chromelook;
firefoxlook;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Gr.Ben
knien

27-12-2012 11:35

Nog steeds dezelfde melding door avg.
Zoek.exe Version 3.0.0.4 Updated 27-12-2012
Tool run by Frans on do 27-12-2012 at 11:16:19,63.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Deleting Files \ Folders ======================
“C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpil” not found
“C:\Users\Frans\AppData\LocalLow\DataMngr” deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default
- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Undetermined - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- nzbdStatus - %ProfilePath%\extensions\sabnzbdstatus@dq5studios.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default
54FC590185D7D00D65E53B9A5990DC14 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll - Shockwave Flash
3E21E80D10E1033D9C137440554FF724 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.370.6
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleting Files \ Folders ======================
“C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi” deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com/”
New Values:
“Start Page”=“http://www.google.com/”
==== All HKCU SearchScopes ======================
HKCU\*\SearchScopes “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Frans\AppData\Local\Mozilla\Firefox\Profiles\53htvvhd.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Frans\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Frans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not deleted
groetjes Frans
Ben

27-12-2012 11:42

Hallo,
Gaan we nog een keer:
“zoek.exe” gebruiken
Schakel je antivirus- en antispywareprogramma's uit, zoek.exe wordt tijdens het downloaden of tijdens gebruik soms als trojan aangezien.
(hier of hier) kan je lezen hoe je dat doet.
Windows 2000 en Windows XP: start de tool middels dubbelklik op “zoek.exe”.
Windows Vista en Windows 7: start de tool middels rechtsklik op “zoek.exe” en dan kiezen voor Als Administrator uitvoeren.
Vervolgens zal er na een tijdje een venster geopend worden.
Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
Kopieer nu onderstaande Vet gedrukte en plak die in het grote invulvenster:
autoclean;
chromelook;
c:\user\frans\apdata\roaming\mozilla\firefox\profiles\53htvhd.default\adblockplus;f
FFdefaults;
firefoxlook;
Sluit nu eerst alle nog openstaande programmavensters!
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post nu de inhoud van het geopende logje in het volgende bericht en vertel hoe het nu gaat.
Gr.Ben
knien

27-12-2012 11:53

Hallo Ben,
Ik krijg de melding van avg nu niet meer.
Zoek.exe Version 3.0.0.4 Updated 27-12-2012
Tool run by Frans on do 27-12-2012 at 11:42:16,01.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== FireFox Fix ======================
Deleted from C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\prefs.js:
user_pref(“browser.startup.homepage”, “http://www.startpagina.nl”);
Added to C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default\prefs.js:
user_pref(“browser.startup.homepage”, “http://www.google.com”);
user_pref(“browser.search.defaulturl”, “http://www.google.com/search?btnG=Google+Search&q=”);
user_pref(“browser.newtab.url”, “http://www.google.com/”);
user_pref(“browser.search.defaultengine”, “Google”);
user_pref(“browser.search.defaultenginename”, “Google”);
user_pref(“browser.search.selectedEngine”, “Google”);
user_pref(“browser.search.order.1”, “Google”);
user_pref(“keyword.URL”, “http://www.google.com/search?btnG=Google+Search&q=”);
user_pref(“browser.search.suggest.enabled”, true);
user_pref(“browser.search.useDBForOrder”, true);
==== Deleting Files \ Folders ======================
“c:\user\frans\apdata\roaming\mozilla\firefox\profiles\53htvhd.default\adblockplus” not found
==== Firefox Extensions ======================
ProfilePath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default
- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Undetermined - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- nzbdStatus - %ProfilePath%\extensions\sabnzbdstatus@dq5studios.com.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Frans\AppData\Roaming\Mozilla\Firefox\Profiles\53htvvhd.default
54FC590185D7D00D65E53B9A5990DC14 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll - Shockwave Flash
3E21E80D10E1033D9C137440554FF724 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.370.6
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx
==== Set IE to Default ======================
Old Values:
“Start Page”=“http://www.google.com/”
New Values:
“Start Page”=“http://www.google.com/”
==== All HKCU SearchScopes ======================
HKCU\*\SearchScopes “DefaultScope”=“{6A1806CD-94D4-4689-BA73-E35EA1EA9990}”
HKCU\*\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=“http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC”
HKCU\*\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url=“http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}”
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Frans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Frans\AppData\Local\Mozilla\Firefox\Profiles\53htvvhd.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Frans\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
“C:\Users\Frans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not deleted
Groetjes Frans
Ben

27-12-2012 18:40

Hallo,
Dat is mooi (tu)
Malwarebytes kan je laten staan en één maal in de week (na te hebben geupdate) je pc mee scannen.
1. De volgende programma's en bijbehorende log bestanden mag je verwijderen.
• DDS
• Zoek.exe
2. Leeg je prullenbak en verwijder je oude herstelpunten Klik
Gr.Ben

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

JS/redin

knien

Ben

knien

Ben

knien

Ben

knien

Ben

knien

Ben