politie virus

[EightFourSix]

Zoek.exe Version 4.0.0.1 Updated 04-February-2013

Tool run by Anna‹ck on ma 04/02/2013 at 19:59:57,85.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

"DATAMNGR"=-

"ApnUpdater"=-

- - - Updated - - -

Mss ook even bij vermelden dat ik de melding krijg dat zoek.exe mogelijk niet goed is geïnstalleerd..

[juisterr]

Staat hij niet op het bureaublad dan, zo nee, verplaats het dan naar het bureaublad en doe de fix opnieuw. Ik ga alvast kijken voor een oplossing van het systeemherstel.

[EightFourSix]

Had idd een snelkoppeling op het bureaublad staan.. heb deze dan gewist en zoek.exe van de map downloads naar het bureaublad gesleept, heb de laatste fix opnieuw gedaan maar ik krijg weer hetzelfde log..

[juisterr]

Je had het wel uitgevoerd als administrator ?

Wil je het nog eens proberen met deze code aub.

[color=#000000][font=Verdana][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r[/font][/color]
[color=#000000][font=Verdana]"DATAMNGR"=-;r[/font][/color]
[color=#000000][font=Verdana]"ApnUpdater"=-;r

[/font][/color]

5 februari 2013 aangepast door juisterr

[EightFourSix]

ja heb het als admin uitgevoerd maar krijg weer hetzelfde :s

[juisterr]

Mag ik een nieuw DDS logje zien aub.

[EightFourSix]

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38

Run by Annaïck at 16:10:55 on 2013-02-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3002.1565 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\SMINST\BLService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Ares\Ares.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\MyTomTom 3\MyTomTomSA.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll

BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - c:\program files\smiley bar for facebook\ScriptHost.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Veoh Web Player Video Finder: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll

TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ares] "c:\program files\ares\Ares.exe" -h

uRun: [Epson Stylus SX510W(Netwerk)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifie.exe /fu "c:\windows\temp\E_S1ED6.tmp" /EF "HKCU"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Facebook Update] "c:\users\annaïck\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\users\annack~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\runctf.lnk - c:\windows\system32\rundll32.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\actual~1.lnk - c:\program files\eset\minodlogin\MiNODLogin.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:149

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/layout/elka/objects/jordan.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab

TCP: NameServer = 195.130.130.131 195.130.131.131

TCP: Interfaces\{2EC13A7D-2F24-434B-BE9D-FD6E7418AE04} : DHCPNameServer = 195.130.130.131 195.130.131.131

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\annaïck\appdata\roaming\mozilla\firefox\profiles\0jooq1dn.default\

.

============= SERVICES / DRIVERS ===============

.

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-11-28 20624]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-3 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-3 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-3 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-3 58680]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-3 44808]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-26 361808]

R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-6-25 185640]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-26 193840]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-4-16 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-10-20 19968]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2013-02-05 14:06:55 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1787c517-4fc1-44d9-aaa0-41b3b790dcfa}\offreg.dll

2013-02-05 13:49:00 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1787c517-4fc1-44d9-aaa0-41b3b790dcfa}\mpengine.dll

2013-02-04 15:28:06 -------- d-sh--w- C:\$RECYCLE.BIN

2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Temp

2013-02-04 15:22:05 -------- d-----w- c:\users\anna´ck\appdata\local\Microsoft

2013-01-20 00:42:05 -------- d-----w- c:\program files\Mozilla Maintenance Service

2013-01-20 00:42:01 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2013-01-20 00:41:59 193168 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2013-01-20 00:41:59 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2013-01-20 00:41:58 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2013-01-20 00:41:58 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2013-01-20 00:41:55 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2013-01-20 00:41:55 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

2013-01-09 19:26:15 2048000 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 19:25:37 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 19:25:31 1400832 ----a-w- c:\windows\system32\msxml6.dll

.

==================== Find3M ====================

.

2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-09 20:03:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 20:03:32 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-14 03:52:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-11-14 03:52:14 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll

.

============= FINISH: 16:12:02,39 ===============

[juisterr]

Zijn wel weg, hoe gaat het nu ?

[EightFourSix]

Kan nog steeds geen herstelpunten verwijderen.. "de configuratie is uitgeschakeld door groepsbeleid"

Voor de rest lijkt alles prima te werken.

[EightFourSix]

Hey, kan de laptop nu terug gewoon gebruikt worden? Ik was ook van plan om avast te verwijderen en er een andere gratis antivirus op te zetten want deze was maar een one year trial en das op zn eind. Enige tips misschien of welke goed is? Ik gebruik AVG op die van mij en ben er content van dus dacht deze ook hierop te installeren..