Ga naar inhoud

Outlook Express


Roodblond

Aanbevolen berichten

  • Reacties 47
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Download zoek.exe

Plaats hem op je bureaublad en dubbelklik hem om te starten.

Typ A gevolgd door Enter om de "Standard search" te starten.

Wacht geduldig tot het CMD-venster sluit en een kladblokvenster opent.

Selecteer de volledige inhoud van het log en kopieer dit in je volgende bericht.

Link naar reactie
Delen op andere sites

Hier is het

================

Zoek.exe by smeenk

Updated 22-03-2011

==================

Windows: Windows XP Home Edition Service Pack 3 (Build 2600)

Internet Explorer: 8.0.6001.18702

Memory (RAM): 512 MB

CPU Info: Intel® Pentium® 4 CPU 3.00GHz

CPU Speed: 2986,1 MHz

Sound Card: Realtek AC97 Audio

Display Adapters: RADEON 9200 SERIES | RADEON 9200 SERIES - Secondary | NetMeeting driver | RDPDD Chained DD

Monitors: 1x; Plug en Play-monitor |

Screen Resolution: 1024 X 768 - 32 bit

Network: Network Present

Network Adapters: Realtek RTL8139/810x Family Fast Ethernet NIC - Pakketplanner-minipoort

CD / DVD Drives: 1x (E: | ) E: ATAPI DVD DD 2X16X4X16

Ports: COM1 LPT1

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C: 58,1GB | D: 53,7GB

Hard Disks - Free: C: 33,3GB | D: 48,2GB

USB Controllers: 5 host controllers.

Firewire (1394): Not Detected

Product Make *:

AC Power Status: OnLine

BIOS Info: AT/AT COMPATIBLE | 08/18/04 | IntelR - 42302e31

Time Zone: Romance (standaardtijd)

Battery Status: No Battery

Motherboard *: http://www.abit.com.tw/ AS8 / AS8-V (Intel i865-ICH5)

SM BIOS: 6.00 PG

Sun Java version: 1.6.0_29

Country: België

Language: NLB

Files recently created/modified:

======C:\WINDOWS====

======C:\DOCUME~1\Q4S\LOCALS~1\Temp====

======C:\WINDOWS\system32=====

======C:\WINDOWS\system32\drivers=====

2012-01-17 14:50:52 20464 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

======C:\WINDOWS\Tasks======

======C:\WINDOWS\Temp======

=======C:\Program Files=====

2012-01-17 14:50:51 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

=======C:=====

======C:\Documents and Settings\Q4S\Application Data======

2012-01-17 14:51:30 -------- d-----w- C:\Documents and Settings\Q4S\Application Data\Malwarebytes

======C:\Documents and Settings\Q4S======

======C:\WINDOWS\Downloaded Program Files====

=============

======C:==exe-files==

===C:=other files==

==================

"Silent Runners.vbs", revision 63, Silent Runners - Adware? Disinfect, don't reformat!

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"MsnMsgr" = ""C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background" [MS]

"swg" = ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."]

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"Pando Media Booster" = "C:\Program Files\Pando Networks\Media Booster\PMB.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"ABIT uGuru" = "C:\Program Files\ABIT\ABIT uGuru\uGuru.exe" ["ABIT Computer Corporation"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard"]

"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]

"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]

"APSDaemon" = ""C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"" ["Apple Inc."]

"vProt" = ""C:\Program Files\AVG Secure Search\vprot.exe"" [null data]

"ROC_roc_dec12" = ""C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = "WormRadar.com IESiteBlocker.NavFilter"

-> {HKLM...CLSID} = "AVG Safe Search"

{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\(Default) = "Windows Live OneCare Family Safety Browser Helper"

-> {HKLM...CLSID} = "Windows Live Family Safety Browser Helper Class"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Family Safety\fssbho.dll" [MS]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"

-> {HKLM...CLSID} = "Search Helper"

\InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll" [MS]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Aanmelden - Help"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{95B7759C-8C7F-4BF1-B163-73684A933233}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AVG Security Toolbar"

\InProcServer32\(Default) = "C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [null data]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"

\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll" ["Google Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-pictogramuitbreiding"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"

-> {HKLM...CLSID} = "RecordNow! SendToExt"

\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow! Deluxe\shlext.dll" [null data]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook-extensie voor bestandspictogrammen"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{0563DB41-F538-4B37-A92D-4659049B7766}" = "WLMD Message Handler"

-> {HKLM...CLSID} = "CLSID_WLMCMimeFilter"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG Shell Extension"

-> {HKLM...CLSID} = "AVG Shell Extension Class"

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"

-> {HKLM...CLSID} = "CMenuExtender"

\InProcServer32\(Default) = "C:\Program Files\iColorFolder\CMExt.dll" ["Revenger inc."]

"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"

-> {HKLM...CLSID} = "///FAST project settings"

\InProcServer32\(Default) = "C:\Program Files\Pinnacle\VideoSpin\Programs\BlueShellExt.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> cetihpz\CLSID = "{CF184AD3-CDCB-4168-A3F7-8E447D129300}"

-> {HKLM...CLSID} = "CZipHandler Object"

\InProcServer32\(Default) = "C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll" ["Hewlett-Packard Company"]

<<!>> linkscanner\CLSID = "{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}"

-> {HKLM...CLSID} = "XPLPPFilter Class"

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> ms-itss\CLSID = "{0A9007C0-4076-11D3-8789-0000F8105754}"

-> {HKLM...CLSID} = "Microsoft Infotech Storage Protocol for IE 4.0"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL" [MS]

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}"

-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"

-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]

<<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}"

-> {HKLM...CLSID} = "IEProtocolHandler Class"

<<!>> viprotocol\CLSID = "{B658800C-F66E-4EF3-AB85-6C0C227862A9}"

-> {HKLM...CLSID} = "ViProtocolOLE Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll" [null data]

<<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}"

-> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]

AVG Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG Shell Extension Class"

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]

CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"

-> {HKLM...CLSID} = "CMenuExtender"

\InProcServer32\(Default) = "C:\Program Files\iColorFolder\CMExt.dll" ["Revenger inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" ["Igor Pavlov"]

AVG Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"

-> {HKLM...CLSID} = "AVG Shell Extension Class"

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"disableregistrytools" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"disablecmd" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Disable the command prompt}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Q4S\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

HPUnloadAutoplay\

"Provider" = "HP-software voor het ontladen van afbeeldingen"

"InvokeProgID" = "HpqUnApl.Autoplay"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = "{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe" ["Hewlett-Packard"]

IviDVDEventHandler\

"Provider" = "InterVideo WinDVD"

"InvokeProgID" = "Ivi.MediaFile"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = ""C:\Program Files\InterVideo\WinDVD4\WinDVD.exe" %1" ["InterVideo Inc."]

IviVideoCDHandler\

"Provider" = "InterVideo WinDVD"

"InvokeProgID" = "Ivi.MediaFile"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = ""C:\Program Files\InterVideo\WinDVD4\WinDVD.exe" %1" ["InterVideo Inc."]

MSLivePhotoAcqHWEventHandler\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"

"InitCmdLine" = "WLXVideoAcquireWizard"

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"

-> {HKLM...CLSID} = "WLXWEventHandler Class"

\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

MSWPDShellNamespaceHandler\

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

SonicRnAudioCD\

"Provider" = "Sonic RecordNow! Deluxe"

"InvokeProgID" = "Sonic.RecordNow"

"InvokeVerb" = "AudioCDJob"

HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDJob\Command\(Default) = ""C:\Program Files\Sonic\RecordNow! Deluxe\RecordNow.exe" /AudioCDJob %L" [null data]

SonicRnBurnAudioCD\

"Provider" = "Sonic RecordNow! Deluxe"

"InvokeProgID" = "Sonic.RecordNow"

"InvokeVerb" = "AudioCDTarget"

HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDTarget\Command\(Default) = ""C:\Program Files\Sonic\RecordNow! Deluxe\RecordNow.exe" /AudioCDTarget %L" [null data]

SonicRnBurnDataDisc\

"Provider" = "Sonic RecordNow! Deluxe"

"InvokeProgID" = "Sonic.RecordNow"

"InvokeVerb" = "DataDiscTarget"

HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\DataDiscTarget\Command\(Default) = ""C:\Program Files\Sonic\RecordNow! Deluxe\RecordNow.exe" /DataDiscTarget %L" [null data]

SonicRnCopyCD\

"Provider" = "Sonic RecordNow! Deluxe"

"InvokeProgID" = "Sonic.RecordNow"

"InvokeVerb" = "CopyDiscJob"

HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = ""C:\Program Files\Sonic\RecordNow! Deluxe\RecordNow.exe" /CopyDiscJob %L" [null data]

SonicRnCopyDisc\

"Provider" = "Sonic RecordNow! Deluxe"

"InvokeProgID" = "Sonic.RecordNow"

"InvokeVerb" = "CopyDiscJob"

HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = ""C:\Program Files\Sonic\RecordNow! Deluxe\RecordNow.exe" /CopyDiscJob %L" [null data]

Startup items in "Q4S" & "All Users" startup folders:

-----------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

"Adobe Reader Snelle start" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]

"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

"InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]

"Snelstart HP Image Zone" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]

Enabled Scheduled Tasks:

------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]

"AVG PC Tuneup 2011 Integrator Start On Q4S Logon" -> launches: "C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe -UseTray" ["AVG"]

"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]

"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]

"OGADaily" -> launches: "C:\WINDOWS\system32\OGAVerify.exe" [MS]

"OGALogon" -> launches: "C:\WINDOWS\system32\OGAVerify.exe" [MS]

"User_Feed_Synchronization-{0D0FCE2B-9331-4C62-9033-EF42690768A6}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "Google Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "Google Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."]

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"

-> {HKLM...CLSID} = "&Windows Live Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" = (no title provided)

-> {HKLM...CLSID} = "&Windows Live Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Toolbar\wltcore.dll" [MS]

"{95B7759C-8C7F-4BF1-B163-73684A933233}" = (no title provided)

-> {HKLM...CLSID} = "AVG Security Toolbar"

\InProcServer32\(Default) = "C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [null data]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll" ["Google Inc."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{5345A7AE-805A-4923-B505-86B2FEBA3FE0}\(Default) = "iMeshBar Quick View"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}\(Default) = "Ask Toolbar Quick View"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points

------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\

<<H>> "Tabs" = "Search 22:59:33&v=10.0.0.7&sap=nt" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]

Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]

Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]

Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]

SeaPort, SeaPort, ""C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"" [MS]

vToolbarUpdater, vToolbarUpdater, "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe" [null data]

WMI-prestatieadapter, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> PEVSystemStart, "Service"

<<!>> procexp90.Sys, "Driver"

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> PEVSystemStart, "Service"

<<!>> procexp90.Sys, "Driver"

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

hpzsnt10\Driver = "hpzsnt10.dll" ["HP"]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

<<H>>: Suspicious data at a browser hijack point.

Link naar reactie
Delen op andere sites

Dubbelklik zoek.exe opnieuw om hem te starten.

Typ B gevolgd door Enter om de "Custom search" te starten.

Een bestand met de naam "input.txt" zal openen.

Kopieer hier de volgende code in:

*?*.dbx

Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.

Hierna begint de scan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.

Link naar reactie
Delen op andere sites

Even met een aangepaste code proberen (puntkomma na .dbx toegevoegd) :

Dubbelklik zoek.exe opnieuw om hem te starten.

Typ B gevolgd door Enter om de "Custom search" te starten.

Een bestand met de naam "input.txt" zal openen.

Kopieer hier de volgende code in:

*?*.dbx;

Als je de code in het bestand geplaatst hebt mag je input.txt sluiten, laat wijzigingen opslaan.

Hierna begint de scan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.