Ga naar inhoud

is conduit search een virus ??


 Delen

Aanbevolen berichten


Dat is inderdaad ongewenst spul op je PC.

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.

Link naar reactie
Delen op andere sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by Peter at 2013-09-14 11:09:08

Microsoft Windows XP Home Edition Service Pack 3

System drive H: has 97 GB (74%) free of 131 GB

Total RAM: 3519 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:09:11, on 14-9-2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\nvsvc32.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Microsoft Security Client\MsMpEng.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\RTHDCPL.EXE

H:\WINDOWS\system32\RUNDLL32.EXE

H:\Program Files\HP\HP Software Update\HPWuSchd2.exe

H:\Program Files\Microsoft Security Client\msseces.exe

H:\Program Files\Common Files\Java\Java Update\jusched.exe

H:\Program Files\Microsoft ActiveSync\Wcescomm.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe

H:\PROGRA~1\MI3AA1~1\rapimgr.exe

H:\Program Files\Windows Desktop Search\WindowsSearch.exe

H:\Program Files\Java\jre7\bin\jqs.exe

H:\WINDOWS\system32\srvany.exe

H:\WINDOWS\system32\HPZipm12.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\KMService.exe

H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

H:\WINDOWS\system32\SearchIndexer.exe

H:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe

H:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe

H:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe

H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

H:\Program Files\Internet Explorer\iexplore.exe

H:\Program Files\Internet Explorer\iexplore.exe

H:\Program Files\Internet Explorer\iexplore.exe

H:\Program Files\Internet Explorer\iexplore.exe

H:\WINDOWS\system32\wuauclt.exe

H:\WINDOWS\system32\SearchProtocolHost.exe

H:\Documents and Settings\Peter\Bureaublad\Ongebruikte bureaubladpictogrammen\RSIT.exe

H:\Program Files\trend micro\Peter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [iLivid] "H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361634819609

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - H:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe

--

End of file - 9054 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\Adobe Flash Player Updater.job

H:\WINDOWS\tasks\Go for FilesUpdate.job

H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

H:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

H:\WINDOWS\tasks\User_Feed_Synchronization-{9D2962DE-6A53-485F-AC1B-45DC2BAF381D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - H:\Program Files\Java\jre7\bin\ssv.dll [2013-06-22 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-24 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [2013-06-24 1000984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - H:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-22 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-08-24 192592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]

"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]

"HP Software Update"=H:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]

"Adobe ARM"=H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"QuickTime Task"=H:\Program Files\QuickTime\qttask.exe [2011-12-11 421888]

"MSC"=H:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 995176]

"SunJavaUpdateSched"=H:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"=H:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]

"uTorrent"=H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe [2013-09-13 1130576]

"iLivid"=H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe [2013-09-09 6827008]

H:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten

Windows Search.lnk - H:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=H:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"H:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"H:\WINDOWS\system32\usmt\migwiz.exe"="H:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Wizard Bestanden en instellingen overzetten"

"H:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="H:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"

"H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"

"H:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"H:\Program Files\Microsoft ActiveSync\rapimgr.exe"="H:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"H:\Program Files\Microsoft ActiveSync\wcescomm.exe"="H:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"H:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="H:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"H:\WINDOWS\system32\msiexec.exe"="H:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"

"H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe"="H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager"

"H:\Program Files\GoforFiles\goforfilesdl.exe"="H:\Program Files\GoforFiles\goforfilesdl.exe:*:Enabled:Go for Files"

"H:\Program Files\GoforFiles\GoforFiles.exe"="H:\Program Files\GoforFiles\GoforFiles.exe:*:Enabled:Go for Files"

"H:\Program Files\FrostWire 5\FrostWire.exe"="H:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire"

"H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe"="H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe:*:Enabled:iLivid"

"H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe"="H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"H:\Program Files\Microsoft ActiveSync\rapimgr.exe"="H:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"H:\Program Files\Microsoft ActiveSync\wcescomm.exe"="H:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"H:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="H:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe"="H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe:*:Enabled:iLivid"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=H:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=H:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"vidc.LEAD"=LCODCCMP.DLL

======List of files/folders created in the last 1 month======

2013-09-14 11:09:08 ----D---- H:\rsit

2013-09-13 15:16:01 ----D---- H:\Program Files\SearchProtect

2013-09-11 21:58:47 ----HDC---- H:\WINDOWS\$NtUninstallKB2876315$

2013-09-11 21:57:55 ----HDC---- H:\WINDOWS\$NtUninstallKB2876217$

2013-09-11 21:57:50 ----HDC---- H:\WINDOWS\$NtUninstallKB2864063$

2013-08-28 22:06:10 ----HDC---- H:\WINDOWS\$NtUninstallKB2834904-v2_WM11$

2013-08-16 10:12:54 ----D---- H:\WINDOWS\system32\MRT

2013-08-16 10:12:39 ----HDC---- H:\WINDOWS\$NtUninstallKB2850869$

2013-08-16 10:12:32 ----HDC---- H:\WINDOWS\$NtUninstallKB2859537$

2013-08-16 10:12:28 ----HDC---- H:\WINDOWS\$NtUninstallKB2863058$

2013-08-16 10:12:22 ----HDC---- H:\WINDOWS\$NtUninstallKB2849470$

======List of files/folders modified in the last 1 month======

2013-09-14 11:09:11 ----D---- H:\Program Files\Trend Micro

2013-09-14 11:07:46 ----D---- H:\WINDOWS\Prefetch

2013-09-14 11:07:42 ----D---- H:\Documents and Settings\Peter\Application Data\uTorrent

2013-09-14 09:29:34 ----D---- H:\WINDOWS\temp

2013-09-14 09:28:12 ----D---- H:\WINDOWS\system32\CatRoot2

2013-09-14 09:27:19 ----SD---- H:\WINDOWS\Tasks

2013-09-13 23:59:49 ----A---- H:\WINDOWS\SchedLgU.Txt

2013-09-13 15:30:34 ----D---- H:\WINDOWS\system32

2013-09-13 15:30:34 ----A---- H:\WINDOWS\system32\FlashPlayerApp.exe

2013-09-13 15:16:33 ----D---- H:\Documents and Settings\Peter\Application Data\vlc

2013-09-13 15:16:01 ----RD---- H:\Program Files

2013-09-13 15:15:36 ----D---- H:\Program Files\uTorrent

2013-09-13 15:14:25 ----D---- H:\WINDOWS

2013-09-11 22:04:51 ----HD---- H:\WINDOWS\inf

2013-09-11 22:04:50 ----RSHDC---- H:\WINDOWS\system32\dllcache

2013-09-11 22:04:47 ----D---- H:\Program Files\Internet Explorer

2013-09-11 22:04:39 ----D---- H:\WINDOWS\ie8updates

2013-09-11 22:04:32 ----SHD---- H:\WINDOWS\Installer

2013-09-11 22:04:31 ----D---- H:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help

2013-09-11 22:04:31 ----D---- H:\Config.Msi

2013-09-11 21:58:50 ----A---- H:\WINDOWS\imsins.BAK

2013-09-11 21:51:28 ----A---- H:\WINDOWS\system32\MRT.exe

2013-09-08 10:53:11 ----D---- H:\WINDOWS\Network Diagnostic

2013-09-01 19:10:02 ----D---- H:\WINDOWS\system32\Macromed

2013-08-18 12:11:38 ----D---- H:\Program Files\Microsoft Security Client

2013-08-18 12:11:25 ----D---- H:\WINDOWS\system32\drivers

2013-08-17 09:18:55 ----D---- H:\WINDOWS\Microsoft.NET

2013-08-17 09:18:53 ----RSD---- H:\WINDOWS\assembly

2013-08-16 10:11:39 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI

2013-08-16 10:11:23 ----D---- H:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; H:\WINDOWS\system32\DRIVERS\MpFilter.sys [2013-06-18 211560]

R0 PxHelp20;PxHelp20; H:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-19 46080]

R0 sptd;sptd; H:\WINDOWS\System32\Drivers\sptd.sys [2011-11-13 428088]

R1 intelppm;Intel GV3-processorstuurprogramma; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448]

R1 kbdhid;Stuurprogramma voor toetsenbord-HID; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14720]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-15 12032]

R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]

R3 hidusb;Microsoft HID Class-stuurprogramma; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; H:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; H:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; H:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]

R3 mouhid;Stuurprogramma voor muis-HID; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12288]

R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-23 141568]

R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]

R3 usbprint;Microsoft USB PRINTER Class; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

R3 usbscan;Stuurprogramma voor USB-scanner; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

R3 usbstor;Stuurprogramma voor USB-massaopslag; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S1 obqpnfei;obqpnfei; \??\H:\WINDOWS\system32\drivers\obqpnfei.sys []

S3 catchme;catchme; \??\H:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys []

S3 libusb0;LibUsb-Win32 - Kernel Driver 09/17/2010, 1.2.1.0; H:\WINDOWS\system32\DRIVERS\libusb0.sys [2010-11-06 35008]

S3 RimUsb;BlackBerry Device; H:\WINDOWS\System32\Drivers\RimUsb.sys [2006-07-04 22528]

S3 usb_rndisx;USB RNDIS-adapter; H:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]

S3 wceusbsh;Windows CE USB Serial Host Driver; H:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CltMngSvc;Search Protect by Conduit Service; H:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [2013-09-01 1736024]

R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre7\bin\jqs.exe [2013-06-22 182184]

R2 KMService;KMService; H:\WINDOWS\system32\srvany.exe [2013-03-10 8192]

R2 MsMpSvc;Microsoft Antimalware Service; H:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 22208]

R2 nvsvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]

R2 Pml Driver HPZ12;Pml Driver HPZ12; H:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

R2 wlidsvc;Windows Live ID Sign-in Assistant; H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]

R2 WSearch;Windows Search; H:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R3 osppsvc;Office Software Protection Platform; H:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S2 gupdate;Google Update-service (gupdate); H:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-24 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13 257416]

S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update-service (gupdatem); H:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-24 136176]

S3 gusvc;Google Software Updater; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-12-24 194032]

S3 HP Port Resolver;HP Port Resolver; H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]

S3 HP Status Server;HP Status Server; H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]

S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; H:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]

S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 WMPNetworkSvc;Windows Media Player Network Sharing-service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 917504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-15 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Link naar reactie
Delen op andere sites


Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

chromelook; 
firefoxlook; 
startupall; 
CltMngSvc;s
H:\Program Files\SweetIM;fs
H:\Program Files\SearchProtect;fs
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • HijackThis Log
  • Firefox Defaults
  • Reset Chrome
  • IE Defaults
  • Auto Clean
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Zoek.exe Version 4.0.0.4 Updated 14-September-2013

Tool run by Peter on za 14-09-2013 at 12:18:22,57.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: H:\Documents and Settings\Peter\Bureaublad\zoek\zoek.com [Checkboxes used]

==== System Restore Info ======================

14-9-2013 12:22:35 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1004336348-299502267-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully

==== FireFox Fix ======================

Deleted from H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\prefs.js:

user_pref("browser.startup.homepage", "http://websearch.good-results.info/");

user_pref("browser.search.defaulturl", "http://websearch.good-results.info/?l=1&q=");

user_pref("browser.search.defaultenginename", "WebSearch");

user_pref("browser.search.defaultenginename,S", "WebSearch");

user_pref("browser.search.selectedEngine", "WebSearch");

user_pref("browser.search.selectedEngine,S", "WebSearch");

user_pref("browser.search.order.1", "WebSearch");

user_pref("browser.search.order.1,S", "WebSearch");

user_pref("keyword.URL", "http://websearch.good-results.info/?l=1&q=");

Added to H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2

---- Lines 510440d6e06fd@510440d6e0736.com removed from prefs.js ----

---- Lines 510440d6e06fd@510440d6e0736.com modified from prefs.js ----

---- Lines 510440d6e06fd@510440d6e0736.com removed from user.js ----

---- Lines WebSearch removed from prefs.js ----

---- Lines WebSearch modified from prefs.js ----

---- Lines WebSearch removed from user.js ----

---- Lines Torntv removed from prefs.js ----

---- Lines Torntv modified from prefs.js ----

---- Lines Torntv removed from user.js ----

---- Lines results.info removed from prefs.js ----

---- Lines results.info modified from prefs.js ----

---- Lines results.info removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_14-09-2013_1225_.backup

prefs_14-09-2013_1225_.backup

==== Deleting Files \ Folders ======================

"H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\searchplugins\WebSearch.xml" deleted

"H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\extensions\torntv@torntv.com.xpi" deleted

"H:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk" deleted

"H:\Documents and Settings\Peter\Menu Start\Programma's\iLivid.lnk" deleted

"H:\WINDOWS\SET3.tmp" deleted

"H:\WINDOWS\SET4.tmp" deleted

"H:\WINDOWS\SET8.tmp" deleted

"H:\WINDOWS\system32\roboot.exe" deleted

"H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\searchplugins\WebSearch.xml" deleted

"H:\Documents and Settings\Peter\Bureaublad\Ongebruikte bureaubladpictogrammen\iLivid.lnk" deleted

"H:\Documents and Settings\Peter\Bureaublad\Ongebruikte bureaubladpictogrammen\iLividSetup-r418-n-bi.exe" deleted

"H:\Program Files\TornTV.com" deleted

"H:\Documents and Settings\All Users.WINDOWS\Application Data\Search-NewTab" deleted

"H:\Program Files\GoforFiles" deleted

"H:\Program Files\WebSearch" deleted

"H:\Program Files\SearchProtect" deleted

"H:\Documents and Settings\Peter\Application Data\GoforFiles" deleted

"H:\Documents and Settings\Peter\Application Data\Systweak" deleted

"H:\Documents and Settings\All Users.WINDOWS\Application Data\ClickIT" deleted

"H:\Documents and Settings\All Users.WINDOWS\Application Data\Search-NewTab" deleted

"H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid" deleted

"H:\Documents and Settings\Peter\Local Settings\Application Data\CRE" deleted

"H:\Documents and Settings\Peter\Local Settings\Application Data\Systweak" deleted

==== Firefox Extensions ======================

ProfilePath: H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2

- Wajam - %ProfilePath%\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

==== Firefox Plugins ======================

==== Deleting Files \ Folders ======================

"H:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\2\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

jbpkiefagocgkmemidfngdkamloieekf - H:\Program Files\TornTV.com\torn11.crx[]

==== Chrome Fix ======================

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage deleted successfully

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal deleted successfully

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage deleted successfully

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_services.apps.conduit.com_0.localstorage-journal deleted successfully

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_bittorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage deleted successfully

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarnl.ourtoolbar.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl"

"Search Page"="Google"

"Search Bar"="Upgrade to Google Chrome"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="%s - Google Search"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="Upgrade to Google Chrome"

"Default_Search_URL"="Upgrade to Google Chrome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="Bing"

"Search Bar"="Bing"

"Start Page"="Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="%s - Bing"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="Bing"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Conduit Search Url="{searchTerms - Bing}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{D7C06B0E-AAD8-451E-8582-8AE6F7E9076D} Google Url="{searchTerms} - Google Search"

==== Reset Google Chrome ======================

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Nieuws | Altijd op de hoogte van het laatste nieuws met Telegraaf.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSC] "H:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "H:\Documents and Settings\Peter\Application Data\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [iLivid] "H:\Documents and Settings\Peter\Local Settings\Application Data\iLivid\iLivid.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://foto.blokker.nl/ips-opdata/layout/aspadmin/objects/canvasx.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361634819609

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353515556453

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - H:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - H:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: KMService - Unknown owner - H:\WINDOWS\system32\srvany.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe

==== Empty IE Cache ======================

H:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

H:\Documents and Settings\Default User.WINDOWS\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

H:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully

H:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

H:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

H:\Documents and Settings\Peter\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully

H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

H:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

H:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

H:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

H:\Documents and Settings\Peter\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

H:\WINDOWS\Temp successfully emptied

H:\DOCUME~1\Peter\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

H:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"H:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"H:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on za 14-09-2013 at 12:28:57,56 ======================

Link naar reactie
Delen op andere sites


Vergeet niet de gebruikte tools en de restjes nog op te ruimen:

Download 51a5ce45263de-delfix.pngDelfix by Xplode naar het bureaublad.

Dubbelklik op Delfix.exe om de tool te starten.

Zet nu vinkjes voor de volgende items:

  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Klik nu op "Run" en wacht geduldig tot de tool gereed is.

Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (als je niet wilt dat Google Chrome op je PC als standaard-webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en na de analyse op 'Schoonmaken'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen

×
×
  • Nieuwe aanmaken...