Gesloten
1
Hallo, Mijn browserpagina (Firefox) wordt sinds een paar dagen gebruikt door Claro Search.
Kan ik daarvan afgeholpen worden? Mijn systeem is XP SP3.
Ik heb inmiddels door Malwarebytes een scan laten uitvoeren en dds zijn gang laten gaan.
Ik heb nog niet precies door hoe ik de daarbij horende logfiles door kan sturen.
m vr gr
Anders
3
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 29-11-2005 8:58:57
System Uptime: 22-10-2012 21:20:05 (1 hours ago)
.
Motherboard: MSI | | AMETHYST-M
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 1989/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 3,315 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1,812 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 54 GiB total, 40,648 GiB free.
L: is FIXED (NTFS) - 41 GiB total, 40,348 GiB free.
M: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP399: 20-10-2012 11:17:18 - Installed Java(TM) 6 Update 37
RP400: 20-10-2012 11:34:17 - Revo Uninstaller's restore point - Google Earth
RP401: 20-10-2012 11:34:41 - Google Earth is verwijderd.
RP402: 20-10-2012 16:30:05 - IObit Uninstaller restore point
RP403: 20-10-2012 16:32:04 - IObit Uninstaller restore point
RP404: 20-10-2012 16:35:11 - Removed Bing Bar
RP405: 20-10-2012 16:38:34 - Verwijderd: Compatibiliteitspakket voor het 2007 Microsoft Office system
RP406: 20-10-2012 16:43:41 - IObit Uninstaller restore point
RP407: 20-10-2012 16:44:37 - Configured LabelPrint
RP408: 21-10-2012 11:02:16 - IObit Uninstaller restore point
RP409: 21-10-2012 11:03:56 - IObit Uninstaller restore point
RP410: 21-10-2012 11:06:46 - IObit Uninstaller restore point
RP411: 22-10-2012 16:55:03 - Controlepunt van systeem
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Aangifte inkomstenbelasting voor ondernemers 2010
Acronis True Image Home
ACS PC Atlas
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.5
Advanced SystemCare 6
Apple Software Update
ATI Control Panel
ATI Display Driver
Atomic Clock Sync
AV301P
Avira Free Antivirus
Beveiligingsupdate voor Windows Internet Explorer 7 (KB928090)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB929969)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB931768)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB933566)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB937143)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB938127)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB939653)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB942615)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB944533)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB950759)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB953838)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB956390)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB958215)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB960714)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB961260)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB963027)
Beveiligingsupdate voor Windows Internet Explorer 7 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2183461)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2360131)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2416400)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2530548)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2618444)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2647516)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2675157)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2699988)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2722913)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2744842)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB969897)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB972260)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB974455)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB976325)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB978207)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)
Beveiligingsupdate voor Windows Media Player (KB911564)
Booster 1.05A02
BufferChm
CCleaner
Copy
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DivX
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DocProc
DocumentViewer
DocumentViewerQFolder
Enhanced Multimedia Keyboard Solution
eSupportQFolder
F4200
F4200_Help
Fritz 5.32
Gadwin PrintScreen
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin WebUpdater
GdiplusUpgrade
Google Earth
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService
HCC Computer Opschoontool
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix voor Windows Internet Explorer 7 (KB947864)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Deskjet Printer Preload
HP Document Viewer 5.3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HPProductAssistant
HpSdpAppCoreApp
ImgBurn
InterVideo WinDVD Player
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
KLaverjas Trainer
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
MAGIX PC Check & Tuning 2010 Download-versie 5.0.24.689 (NL)
MAGIX Screenshare
Malwarebytes Anti-Malware versie 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Dutch Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (Dutch) 14
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft Works 2005 Setup starten
Microsoft Works Suite-invoegtoepassing Microsoft Word
Mozilla Firefox 16.0.1 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v3 wireless USB 2.0 adapter
Nitro Reader 2
OE-QuoteFix
PanoStandAlone
Picasa 3
PS2
PSSWCORE
QFolder
QuickTime
RealPlayer
RealUpgrade 1.0
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Segoe UI
Skype Toolbars
Skype™ 5.10
SmartWebPrintingOC
Solar Fire v5
SolutionCenter
Soluto
Status
SUPERAntiSpyware
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Toolbox
TrayApp
Unload
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update voor Windows Internet Explorer 8 (KB971930)
Update voor Windows Internet Explorer 8 (KB976662)
Update voor Windows Internet Explorer 8 (KB976749)
Update voor Windows Internet Explorer 8 (KB980182)
VC 9.0 Runtime
VideoToolkit01
WebFldrs XP
WebReg
WinDirStat 1.1.2
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinZip 16.5
Works-upgrade
.
==== End Of File ===========================
4
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by HP_Eigenaar at 22:18:17 on 2012-10-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1534.696 [GMT 2:00]
.
AV: AntiVir PersonalEdition Classic Virus Protection *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virus Protection *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *Enabled/Updated* {804FD2B8-FFA4-00FC-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virus Protection *Enabled/Updated* {804FD2B8-FFA4-00C8-0D24-347CA8A3377C}
.
============== Running Processes ================
.
K:\Program Files\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\MAGIX\PC_Check_Tuning_2010_Download-versie\MxTray.exe
K:\Program Files\Advanced SystemCare 6\Monitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\puretext20_x86\PureText.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
K:\Program Files\Advanced SystemCare 6\ASCTray.exe
K:\Program Files\PrintScreen\PrintScreen.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\OE-QuoteFix\oequotefix.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCtA0DtAzz0A0ByE0DzzyByEtC0FtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1918698519" onclick="window.open(this.href);return false;
uSearchURL,(Default) = hxxp://www.google.com/search/?q=" onclick="window.open(this.href);return false;%s
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [PureText] "c:\documents and settings\hp_eigenaar\mijn documenten\downloads\puretext20_x86\PureText.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 6] "k:\program files\advanced systemcare 6\ASCTray.exe" /AutoStart
uRun: [Gadwin PrintScreen] k:\program files\printscreen\PrintScreen.exe /nosplash
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "k:\temp\QTTask.exe" -atboottime
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hcenter] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutorun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Verzenden naar OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab" onclick="window.open(this.href);return false;
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab" onclick="window.open(this.href);return false;
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab" onclick="window.open(this.href);return false;
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab" onclick="window.open(this.href);return false;
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab" onclick="window.open(this.href);return false;
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37570.cab" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://download.sp.f-secure.com/hc/hetnet/PCHC_customization_HetNet/fscax.cab" onclick="window.open(this.href);return false;
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" onclick="window.open(this.href);return false;
DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/C ... peLite.cab" onclick="window.open(this.href);return false;
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab" onclick="window.open(this.href);return false;
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2C646685-A3AF-4B52-8C20-F99DB930D9EE} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.114.3.243
TCP: Interfaces\{70BE4B70-3E45-4F2A-8678-9DAB07325EFC} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_eigenaar\application data\mozilla\firefox\profiles\maaqag1v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.claro-search.com/?affID=114508&tt=4 ... 13d38ab4d8" onclick="window.open(this.href);return false;
FF - prefs.js: keyword.URL - hxxp://www.claro-search.com/?affID=114508&tt=4 ... 38ab4d8&q=" onclick="window.open(this.href);return false;
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\hp_eigenaar\application data\mozilla\firefox\profiles\maaqag1v.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: k:\temp\plugins\npqtplugin.dll
FF - plugin: k:\temp\plugins\npqtplugin2.dll
FF - plugin: k:\temp\plugins\npqtplugin3.dll
FF - plugin: k:\temp\plugins\npqtplugin4.dll
FF - plugin: k:\temp\plugins\npqtplugin5.dll
FF - plugin: k:\temp\plugins\npqtplugin6.dll
FF - plugin: k:\temp\plugins\npqtplugin7.dll
FF - plugin: k:\temp\plugins\npqtplugin8.dll
FF - ExtSQL: 2012-09-06 10:44; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-10 14:37; crossriderapp4479@crossrider.com; c:\documents and settings\hp_eigenaar\application data\mozilla\firefox\profiles\maaqag1v.default\extensions\crossriderapp4479@crossrider.com
FF - ExtSQL: 2012-10-10 14:37; ffxtlbr@funmoods.com; c:\documents and settings\hp_eigenaar\application data\mozilla\firefox\profiles\maaqag1v.default\extensions\ffxtlbr@funmoods.com
FF - ExtSQL: !HIDDEN! 2009-12-05 00:19; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCtA0DtAzz0A0ByE0DzzyByEtC0FtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1918698519" onclick="window.open(this.href);return false;
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCtA0DtAzz0A0ByE0DzzyByEtC0FtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1918698519" onclick="window.open(this.href);return false;
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCtA0DtAzz0A0ByE0DzzyByEtC0FtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1918698519&q=" onclick="window.open(this.href);return false;
FF - user.js: extensions.funmoods.id - 0013D38AB4D8741F
FF - user.js: extensions.funmoods.instlDay - 15623
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:36:46
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - iron2
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - iron2
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.claro.id - 3971741f0000000000000013d38ab4d8
FF - user.js: extensions.claro.instlDay - 15623
FF - user.js: extensions.claro.vrsn - 1.6.4.1
FF - user.js: extensions.claro.vrsni - 1.6.4.1
FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.114:57:42
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-9-6 51144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-16 36552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;k:\program files\advanced systemcare 6\ASCService.exe [2012-10-19 1026432]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-10-16 84256]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-10-16 108320]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-16 83792]
R2 Browser Manager;Browser Manager;c:\documents and settings\all users\application data\browser manager\2.3.759.138\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe [2012-10-10 2200096]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-4-11 175632]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-9-6 604688]
R3 cpuz132;cpuz132;\??\c:\docume~1\hp_eig~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\hp_eig~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [2011-1-11 15896]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S0 DiskSec;Magix Volume Filter Driver;c:\windows\system32\drivers\disksec.sys [2010-10-30 14208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9ce59b554ac6a;Google Updateservice (gupdate1c9ce59b554ac6a);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-4 115168]
S3 ovt530;AV301P;c:\windows\system32\drivers\ov530vid.sys [2005-3-15 161792]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
.
=============== Created Last 30 ================
.
2012-10-22 15:45:04 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-22 15:45:04 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-22 12:28:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-22 12:28:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-21 22:16:39 -------- d--h--r- c:\documents and settings\hp_eigenaar\Onlangs geopend
2012-10-20 09:18:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-19 12:35:38 -------- d-----w- c:\documents and settings\hp_eigenaar\AppData
2012-10-19 12:35:38 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-10-19 12:35:28 -------- d-----w- c:\documents and settings\hp_eigenaar\application data\IObit
2012-10-17 10:22:48 -------- d-----w- c:\program files\Argente - Registry Cleaner
2012-10-16 10:29:06 -------- d-----w- c:\documents and settings\hp_eigenaar\application data\Avira
2012-10-16 10:23:08 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-16 10:23:08 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-16 10:23:02 -------- d-----w- c:\program files\Avira
2012-10-15 14:19:41 -------- d-----w- c:\documents and settings\hp_eigenaar\Outlook-bestanden
2012-10-14 20:58:36 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-14 20:58:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-10-10 12:57:28 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-10-10 12:57:27 -------- d-----w- c:\documents and settings\hp_eigenaar\application data\Babylon
2012-10-10 12:57:22 -------- d-----w- c:\documents and settings\all users\application data\IBUpdaterService
2012-10-10 12:57:16 -------- d-----w- c:\documents and settings\all users\application data\Browser Manager
2012-10-09 11:58:17 -------- d-----w- c:\program files\Easy Computing
2012-10-09 09:47:38 -------- d-----w- c:\documents and settings\hp_eigenaar\local settings\application data\WinZip
2012-10-08 20:15:04 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-10-06 20:16:45 -------- d-----w- c:\documents and settings\all users\application data\Garmin
2012-10-06 20:13:02 -------- d-----w- c:\program files\Garmin
.
==================== Find3M ====================
.
2012-10-09 15:34:51 392320 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-10-09 15:34:51 32768 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2012-10-09 15:34:42 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-10-08 19:50:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 19:50:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 13:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-06 09:43:20 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-08-28 15:17:28 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:17:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:17:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:32 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:52 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27:36 2197248 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27:36 2073984 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 22:19:19,95 ===============
5
Hoi,

Download zoek.exe naar het bureaublad.
"zoek.exe" gebruiken:
  • Sluit nu eerst alle nog openstaande programmavensters!
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
    • Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
    • Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.
  • Vervolgens zal er na een tijdje een venster geopend worden.
  • Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:

    Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    Code: Selecteer alles

    iedefaults;
    claro;ff
    funmoods;ff
    c:\documents and settings\all users\application data\Babylon;fs
    c:\documents and settings\hp_eigenaar\application data\Babylon;fs
    startupall;
    filesrcm;
    
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
6
Mijn vorige bericht was niet goed.
Misschien dat dit beter is?


Zoek.exe Version 3.0.0.3 Updated 22-10-2012
Tool run by HP_Eigenaar on di 23-10-2012 at 14:05:48,12.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dl ... r=iesearch"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"bProtector Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchT ... f8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://searchfunmoods.com/?f=1&a=iron2& ... 1918698519"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search/?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
"DisplayName"="Claro Search"
"URL"="http://www.claro-search.com/?q={searchT ... 13d38ab4d8"
"SuggestionsURLFallback"="http://clients5.google.com/complete/sea ... utEncoding}"
"FaviconURL"=""
"SuggestionsURL"=""
"Key"=""

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"bProtector Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={se ... ={language}"
"FaviconURLFallback"="http://searchfunmoods.com/favicon.ico"
"FaviconPath"="C:\\Program Files\\Funmoods\\1.5.23.22\\FavIcon.ico"
"URL"="http://searchfunmoods.com/results.php?f ... 1918698519"
"DisplayName"="Funmoods"
"TopResultURLFallback"="http://searchfunmoods.com/results.php?f ... 1918698519"
"FaviconURL"="http://searchfunmoods.com/favicon.ico"

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\HP_Eigenaar\Application Data\Mozilla\Firefox\Profiles\maaqag1v.default

---- Lines claro removed from prefs.js ----

user_pref("avg.install.userHPSettings", "http://www.claro-search.com/?affID=1145 ... 13d38ab4d8");
user_pref("avg.install.userSPSettings", "Claro Search");
user_pref("browser.search.defaultenginename", "Claro Search");
user_pref("browser.search.order.1", "Claro Search");
user_pref("browser.startup.homepage", "http://www.claro-search.com/?affID=1145 ... 13d38ab4d8");
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "3971741f0000000000000013d38ab4d8");
user_pref("extensions.claro.instlDay", "15623");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.tlbrId", "claro");
user_pref("extensions.claro.vrsn", "1.6.4.1");
user_pref("extensions.claro.vrsni", "1.6.4.1");
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.6.4.114:57:42");
user_pref("keyword.URL", "http://www.claro-search.com/?affID=1145 ... 38ab4d8&q=");

---- Lines claro modified from prefs.js ----


---- Lines funmoods removed from prefs.js ----

user_pref("extensions.funmoods.aflt", "iron2");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.cntry", "NL");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "0AEC3263D0B04EC6C032B283CCB034E1");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=iron2& ... 1918698519");
user_pref("extensions.funmoods.id", "0013D38AB4D8741F");
user_pref("extensions.funmoods.instlDay", "15623");
user_pref("extensions.funmoods.instlRef", "iron2");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:36:46");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=iron2& ... 1918698519");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=iron2& ... 8698519&q=");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:36:46");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:36:46");

---- Lines funmoods modified from prefs.js ----


---- FireFox user.js and prefs.js backups ----

user_23-10-2012_1407_.backup
prefs_23-10-2012_1407_.backup

==== Deleting Files \ Folders ======================

"C:\user.js" deleted
"C:\Documents and Settings\HP_Eigenaar\Application Data\Mozilla\Firefox\Profiles\maaqag1v.default\searchplugins\Funmoods.xml" deleted
"c:\documents and settings\all users\application data\Babylon" deleted
"c:\documents and settings\hp_eigenaar\application data\Babylon" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2012-10-20 09:09:48 2DB018050DF7C6768F8342CEDDAA4059 32446 ----a-w- C:\WINDOWS\SchedLgU.Txt
====== C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp ====
2012-10-21 10:25:44 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\7z920.exe
2012-10-21 10:25:42 FF6E0179F60F08B648AEBD597EF0CAF1 260040 ----a-w- C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\UpdateCheckerSetup.exe
2012-10-21 10:25:41 77DFB27D68CE46659A3D5E93410C0B75 899224 ----a-w- C:\DOCUME~1\HP_EIG~1\LOCALS~1\Temp\MyBabylonTB_google_20120807.exe
====== C:\WINDOWS\system32 =====
====== C:\WINDOWS\system32\drivers =====
2012-10-22 12:28:32 500D089CE760D83DA2B6CBA681AA9949 22856 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2012-10-16 10:23:08 C499333D8915597FE415F0058EFFD7D2 134184 ----a-w- C:\WINDOWS\System32\drivers\avipbb.sys
2012-10-16 10:23:08 583B68234A159BA64090F3CAE7360F03 83792 ----a-w- C:\WINDOWS\System32\drivers\avgntflt.sys
2012-10-16 10:23:08 52EC5F852B42136C513B9009A3C27891 36552 ----a-w- C:\WINDOWS\System32\drivers\avkmgr.sys
====== C:\WINDOWS\Tasks ======
2012-10-19 12:36:51 095E939A8906BE17E10625751C2F0B4A 268 ----a-w- C:\WINDOWS\Tasks\ASC6_PerformanceMonitor.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2012-10-19 19:35:28 -------- d-----w- C:\Program Files\Adobe
2012-10-19 19:33:15 0 ----a-w- C:\Program Files\mklink
2012-10-17 10:22:48 -------- d-----w- C:\Program Files\Argente - Registry Cleaner
2012-10-16 10:23:02 -------- d-----w- C:\Program Files\Avira
2012-10-09 15:34:19 -------- d-----w- C:\Program Files\Common Files\Acronis
2012-10-09 11:58:17 -------- d-----w- C:\Program Files\Easy Computing
2012-10-09 09:47:17 -------- d-----w- C:\Program Files\WinZip
2012-10-06 20:13:02 -------- d-----w- C:\Program Files\Garmin
======= C: =====
2012-10-21 10:28:35 E2BED57A620FD2BBD352402284788CA8 16798 -c--a-w- C:\AdwCleaner[R1].txt
====== C:\Documents and Settings\HP_Eigenaar\Application Data ======
2012-10-19 12:35:48 -------- d-----w- C:\Documents and Settings\NetworkService\Application Data\IObit
2012-10-19 12:35:38 -------- d-----w- C:\Documents and Settings\All Users\Application Data\IObit
2012-10-19 12:35:28 -------- d-----w- C:\Documents and Settings\HP_Eigenaar\Application Data\IObit
2012-10-16 10:32:54 84FFCE5B9E118B8237BC7E546B664501 105232 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-10-16 10:29:06 -------- d-----w- C:\Documents and Settings\HP_Eigenaar\Application Data\Avira
2012-10-10 12:57:26 -------- d-----w- C:\Documents and Settings\HP_Eigenaar\Application Data\ImgBurn
2012-10-10 12:57:22 -------- d-----w- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
2012-10-10 12:57:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Browser Manager
2012-10-10 12:37:20 1330F8A5264D02B7D62DC976F74458C3 290500 ----a-w- C:\Documents and Settings\HP_Eigenaar\Local Settings\Application Data\funmoods-speeddial_sf.crx
2012-10-09 09:47:38 -------- d-----w- C:\Documents and Settings\HP_Eigenaar\Local Settings\Application Data\WinZip
2012-10-09 09:47:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\WinZip
2012-10-06 21:52:18 B6CB85918C51A5D32410C7F8A229F94C 1172394 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2967080809-2297956964-1858190731-1008-0.dat
2012-10-06 21:52:17 3A402DE76008333C7C17D9C35DE926DC 393986 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2012-10-06 20:16:45 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Garmin
====== C:\Documents and Settings\HP_Eigenaar ======
2012-10-21 22:16:39 -------- d--h--r- C:\Documents and Settings\HP_Eigenaar\Onlangs geopend
2012-10-19 12:35:38 -------- d-----w- C:\Documents and Settings\HP_Eigenaar\AppData
2012-10-16 10:31:31 -------- d-sh--w- C:\Documents and Settings\LocalService\IECompatCache
2012-10-16 10:29:53 -------- d-sh--w- C:\Documents and Settings\LocalService\PrivacIE
2012-10-15 14:19:41 -------- d-----w- C:\Documents and Settings\HP_Eigenaar\Outlook-bestanden

====== C: exe-files ==
2012-10-22 15:45:04 BDB0B6EF9B68267BF366BAED9721848F 96224 ----a-w- C:\Program Files\Mozilla Firefox\webapprt-stub.exe
2012-10-22 15:45:04 B8CF6310958D4FF1AA9727003EC8F3F7 157272 ----a-w- C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-22 15:44:48 1CC228D0B7BC6CC5652A9C5D282E4072 270304 ----a-w- C:\Documents and Settings\HP_Eigenaar\Local Settings\temp\MozUpdater\updater.exe
2012-10-22 15:38:37 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_df7e6409-8d99-4328-b40a-5280522af42d\PCGAppControlPluginLoader.exe
2012-10-22 15:38:35 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_ddeb3be7-b5aa-4800-b923-3897c7994766\PCGAppControlPluginLoader.exe
2012-10-22 12:25:59 1EE6BF9C38EDA7A7F688D28C2BA2DBD8 10669952 ----a-w- C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\mbam-setup-1.65.1.1000.exe
2012-10-21 22:03:07 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_f8651a05-3d5c-4d31-ab65-6985d5581925\PCGAppControlPluginLoader.exe
2012-10-21 22:03:05 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_0d153731-bbf1-4c25-81b3-49bf5cd3452a\PCGAppControlPluginLoader.exe
2012-10-21 10:28:07 536CD780316928CA40C9940D03DC9443 538941 ----a-w- C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\adwcleaner.exe
2012-10-21 10:25:44 B3FDF6E7B0AECD48CA7E4921773FB606 1110476 ----a-w- C:\Documents and Settings\HP_Eigenaar\Local Settings\temp\7z920.exe
2012-10-21 10:25:42 FF6E0179F60F08B648AEBD597EF0CAF1 260040 ----a-w- C:\Documents and Settings\HP_Eigenaar\Local Settings\temp\UpdateCheckerSetup.exe
2012-10-21 10:25:41 77DFB27D68CE46659A3D5E93410C0B75 899224 ----a-w- C:\Documents and Settings\HP_Eigenaar\Local Settings\temp\MyBabylonTB_google_20120807.exe
2012-10-20 14:34:25 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_6348e84c-e967-4fa7-b5d8-c4bcb5bd3e47\PCGAppControlPluginLoader.exe
2012-10-20 14:34:14 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_e551aca2-d585-41bc-a201-d7182a5f0b4b\PCGAppControlPluginLoader.exe
2012-10-20 12:19:27 D18ACC98B1D24A390A4045F44FECC4A6 763592 ----a-w- C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\googleupdatesetup.exe
2012-10-19 19:28:26 A2BF796F111073FA4114E1CB299AA2CB 225280 ----a-w- C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBIG\setup.exe
2012-10-19 19:28:26 61A5FB191AE2AE876DB31DCCE75E4183 1822520 ----a-r- C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBIG\instmsiw.exe
2012-10-19 18:30:26 85E0A384F41E9A860F926DFC754512B5 2893669 ----a-w- C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\PrintScreen43_Setup.exe
2012-10-19 12:31:41 44FDD174C142C601257907525B9D45B1 19369080 ----a-w- C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\asc6-setup-final.exe
2012-10-19 09:14:13 3ABF1C149873E25D4E266225FBF37CBF 645729 ----a-w- C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\windirstat1_1_2_setup.exe
2012-10-18 08:47:55 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_7ce0f1a6-c9a9-45d5-8216-86e3dcfc9fc2\PCGAppControlPluginLoader.exe
2012-10-18 08:47:53 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_c74e6ccd-a3ad-4561-b582-d402d1319959\PCGAppControlPluginLoader.exe
2012-10-17 08:47:32 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_4d4c1f75-cb1f-4dd8-8528-53f05bbc8d66\PCGAppControlPluginLoader.exe
2012-10-17 08:47:30 946447D22CFA42970C590F675FE6071A 49696 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_c3dabe82-f0b8-43fc-9e5a-52c5bbe47cda\PCGAppControlPluginLoader.exe
=== C: other files ==
2012-10-22 20:17:04 3DB03EF5A2CB506C27EE8D530204CB95 687724 ------r- C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\dds.com
2012-10-22 15:38:37 E85FE4272CC532566B375B6C9E509F8A 80440 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_df7e6409-8d99-4328-b40a-5280522af42d\SkypeAppControlPlugin_1.0.0.46.dll
2012-10-22 15:38:35 3F8178F266DCAAE5FE7CFC53A20173CF 46136 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_ddeb3be7-b5aa-4800-b923-3897c7994766\DropboxAppControlPlugin_1.0.0.46.dll
2012-10-22 12:28:32 500D089CE760D83DA2B6CBA681AA9949 22856 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2012-10-22 08:33:28 F3F3915EB5F81B9D0252953D56C0399F 115060 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeexp.dll
2012-10-22 08:33:28 E75A782A8C218D03A0AF54325132BC70 102772 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
2012-10-22 08:33:28 CF28139A8AECBF3BEC26CA1A16FD69CF 639348 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
2012-10-22 08:33:28 CD7B65E600B8EBC91B292C1AC9EC1215 393587 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
2012-10-22 08:33:28 C5B89E31D9DC26EFCA474AD7062AFC4F 434548 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
2012-10-22 08:33:28 C4A8EE0AE033F01515240B1F5476410A 131444 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
2012-10-22 08:33:28 BD6FB71BC7EA198275968D3C0B05F6CF 53621 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aebb.dll
2012-10-22 08:33:28 9C4A76ED4C34A741AB7EA0B1B0E5194F 811382 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
2012-10-22 08:33:28 900ACDAD5D357BB26A571DCA1FD6AD36 258423 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
2012-10-22 08:33:28 786019C7CFEC0F16A0FB3C5367D7EA31 201079 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
2012-10-22 08:33:28 6661319F5AF0E978E339546C8F1F9599 463227 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
2012-10-22 08:33:28 64605B72B605DEDE66D38E3D7094E73B 606578 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
2012-10-22 08:33:28 56A0F81C7513B9CA4ED975E42F4EDB0D 201082 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
2012-10-22 08:33:28 3AFBE1D7BE3F69EB80CDE26977D5658B 5423480 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
2012-10-21 22:03:07 E85FE4272CC532566B375B6C9E509F8A 80440 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControlPlugin_1.0.0.46.dll
2012-10-21 22:03:07 E85FE4272CC532566B375B6C9E509F8A 80440 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_f8651a05-3d5c-4d31-ab65-6985d5581925\SkypeAppControlPlugin_1.0.0.46.dll
2012-10-21 22:03:05 3F8178F266DCAAE5FE7CFC53A20173CF 46136 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_0d153731-bbf1-4c25-81b3-49bf5cd3452a\DropboxAppControlPlugin_1.0.0.46.dll
2012-10-21 22:03:04 3F8178F266DCAAE5FE7CFC53A20173CF 46136 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControlPlugin_1.0.0.46.dll
2012-10-21 10:19:05 F84E9C140EEE7900F84A2D13EA14444D 160 ----a-w- C:\Documents and Settings\HP_Eigenaar\Application Data\Mozilla\Firefox\Profiles\maaqag1v.default\CT3241951\toolbarImages\storage.conduit.com
2012-10-21 10:18:33 99F97C9FE748C37528C338A423577FCB 163256 ----a-w- C:\Documents and Settings\HP_Eigenaar\Application Data\Mozilla\Firefox\Profiles\maaqag1v.default\extensions\{296aa17d-c89e-4242-a5a4-44bfe76914a2}\Plugins\np-mswmp.dll
2012-10-20 14:34:25 F96708B57D67012897A56061A97EDAD1 80440 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_6348e84c-e967-4fa7-b5d8-c4bcb5bd3e47\SkypeAppControlPlugin_1.0.0.45.dll
2012-10-20 14:34:23 F96708B57D67012897A56061A97EDAD1 80440 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControlPlugin_1.0.0.45.dll
2012-10-20 14:34:14 13966FE8C02D4108D0876E0CCA19741D 46136 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_e551aca2-d585-41bc-a201-d7182a5f0b4b\DropboxAppControlPlugin_1.0.0.45.dll
2012-10-20 14:34:09 13966FE8C02D4108D0876E0CCA19741D 46136 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControlPlugin_1.0.0.45.dll
2012-10-19 19:28:24 CC3F7DD9CE04A4E134231F438B3BCC5C 323584 ----a-w- C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBIG\AEITAddInRdr.dll
2012-10-18 08:47:55 0C12E6F8E490A766DFD2BB7BB2A57E9A 80448 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_7ce0f1a6-c9a9-45d5-8216-86e3dcfc9fc2\SkypeAppControlPlugin_1.0.0.41.dll
2012-10-18 08:47:53 818DC72987982412CC9D8F83CAF177D1 45656 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_c74e6ccd-a3ad-4561-b582-d402d1319959\DropboxAppControlPlugin_1.0.0.41.dll
2012-10-17 08:47:32 0C12E6F8E490A766DFD2BB7BB2A57E9A 80448 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControlPlugin_1.0.0.41.dll
2012-10-17 08:47:32 0C12E6F8E490A766DFD2BB7BB2A57E9A 80448 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\SkypeAppControl_4d4c1f75-cb1f-4dd8-8528-53f05bbc8d66\SkypeAppControlPlugin_1.0.0.41.dll
2012-10-17 08:47:30 818DC72987982412CC9D8F83CAF177D1 45656 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControl_c3dabe82-f0b8-43fc-9e5a-52c5bbe47cda\DropboxAppControlPlugin_1.0.0.41.dll
2012-10-17 08:47:29 818DC72987982412CC9D8F83CAF177D1 45656 ----a-w- C:\Documents and Settings\All Users\Application Data\Soluto\Temp\DropboxAppControlPlugin_1.0.0.41.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2967080809-2297956964-1858190731-1008\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"
"PureText"="C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\puretext20_x86\PureText.exe"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"Advanced SystemCare 6"="K:\Program Files\Advanced SystemCare 6\ASCTray.exe /AutoStart"
"Gadwin PrintScreen"="K:\Program Files\PrintScreen\PrintScreen.exe /nosplash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe /autorun"
"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"QuickTime Task"="K:\temp\QTTask.exe -atboottime"
"Garmin Lifetime Updater"="C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized"
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"
"PureText"="C:\Documents and Settings\HP_Eigenaar\Mijn documenten\Downloads\puretext20_x86\PureText.exe"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"Advanced SystemCare 6"="K:\Program Files\Advanced SystemCare 6\ASCTray.exe /AutoStart"
"Gadwin PrintScreen"="K:\Program Files\PrintScreen\PrintScreen.exe /nosplash"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2 Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="schedhlp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Device Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DevDetect"
"hkey"="HKLM"
"command"="DevDetect.exe -autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Quick Search Box]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleQuickSearchBox"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe\" /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpqSRMon"
"hkey"="HKLM"
"command"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KBD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KBD"
"hkey"="HKLM"
"command"="C:\\HP\\KBD\\KBD.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [08-10-2012 21:50]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\ASC6_PerformanceMonitor.job --a------ C:\Program Files\Advanced SystemCare 6\Monitor.exe []
C:\WINDOWS\tasks\Google Software Updater.job --a------ C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [26-08-2012 11:44]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [06-05-2009 16:48]
C:\WINDOWS\tasks\PCCT - MAGIX AG.job --a------ C:\Program Files\MAGIX\PC_Check_Tuning_2010_Download-versie\MxTray.exe [06-04-2010 18:57]
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2967080809-2297956964-1858190731-1008.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [24-02-2010 23:09]
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2967080809-2297956964-1858190731-1008.job --a------ C:\Program Files\Real\RealUpgrade\realupgrade.exe [24-02-2010 23:09]
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job --a------ C:\Program Files\Ask.com\UpdateTask.exe []
C:\WINDOWS\tasks\User_Feed_Synchronization-{0865844B-E72C-4BD5-8308-B15D239B9DE1}.job --ah----- C:\WINDOWS\system32\msfeedssync.exe [08-03-2009 04:31]
C:\WINDOWS\tasks\WinMaximizer-HP_Eigenaar-Startup.job --a------ C:\WinMaximizer\WinMaximizer.exe []
7
Hoi,

Voer nu nog even een scan uit met de Emsisoft Emergency Kit.

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja" Afbeelding
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja" Afbeelding
  • Als het verwijderen gereed is klikt u op de knop "Rapport bekijken" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
8
Helaas gaat het bij het downloaden en uitpakken van Emsisoft Emergency Kit bij mij niet zoals het hier wordt voorgesteld.
na het unzippen krijg ik
Run from USB stick:
Scan with Emsisift Emergency Kit
Staart Commandline Scanner
Start Hijack Free Start blitz Blank
....dus wat nu gedaan?
9
Nog even een aanvulling Ik krijg deze keus pas nadat ik op start.exe heb gedubbelklikt....
Geduld is een schone zaak......
11
Nee, want het programma reageert niet op mijn geklik.
Ik weet ook niet wat bedoeld wordt met:
Run from USB stick
Als ik in dat scherm op Scan with Emergency Kit Scanner klik, gebeurt er verder niets.
Dom van mij?
Anders
13
Als ik dat gedaan heb, krijg ik
Program Error: required file a2framework.dll cannot be found. Please go to www. emsisoft.com and download the latest software package.
Die kans dacht ik al te krijgen bij het opstarten van dat programma, maar ik kreeg hem niet.
Zal proberen het alsnog voor elkaar te krijgen.
Je hoort van me!
Anders
Gesloten

Terug naar “Hulp bij malware problemen, adware, ongewenste software en een trage computer”