Ga naar inhoud

Coupondropdown

DutchRaver
 Delen

Aanbevolen berichten

juisterr Veteraan

juisterr

Geplaatst:
Geplaatst:

Mag ik een poging gaan wagen.

Hallo, we gaan de volgende tool inzetten. zoek.exe ®by smeenk

gentleman-smiley-emoticon.gif

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    startupall;
filesrcm;
emptyclsid;


  • Vink nu de onderstaande opties aan.


    • Firefox Look
    • Firefox Defaults
    • Standaard Search
    • Auto Clean
    • Running processes
    • Empty All Temp
    • IE Defaults

    [*] Klik nu op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites
  • Reacties 34
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

DutchRaver Enthousiasteling

DutchRaver

Geplaatst:
  • Auteur
Geplaatst:

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

C:\Users\Eric Donckers\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe

C:\Users\Eric Donckers\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\viakaraokesrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\mobsync.exe

C:\Windows\system32\taskeng.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Eric Donckers\Desktop\zoek.exe

C:\Users\ERICDO~1\AppData\Local\Temp\RarSFX0\zoek.com

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\mshta.exe

C:\Windows\system32\taskeng.exe

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-767261209-82459258-975220786-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-767261209-82459258-975220786-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Eric Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\uaa4qloc.default\prefs.js:

user_pref("browser.startup.homepage", "https://www.google.nl/");

user_pref("browser.newtab.url", "http://search.babylon.com/?affID=110809&tt=3412_6&babsrc=NT_ss&mntrId=9ccad048000000000000002354c48a3a");

user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

user_pref("browser.search.order.1", "Search the web (Babylon)");

Added to C:\Users\Eric Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\uaa4qloc.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Eric Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\uaa4qloc.default

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar_i.newTab", true);

user_pref("extensions.BabylonToolbar_i.newTabUrl", "http://search.babylon.com/?affID=110809&tt=3412_6&babsrc=NT_ss&mntrId=9ccad048000000000000002354c48a3a");

---- Lines BabylonToolbar modified from prefs.js ----

---- Lines BabylonToolbar removed from user.js ----

---- Lines ask.com removed from prefs.js ----

user_pref("extensions.asktb.default-channel-url-mask", "http://nl.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

---- Lines ask.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1307269214007},\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_19.1.0.28\\\\IPSFFPlgn\",\"mtime\":1359797912497},\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_19.1.0.28\\\\coFFPlgn\",\"mtime\":1359906066781}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1358547870771}}},{\"name\":\"app-profile\",\"addons\":{\"bbrs_002@blabbers.com\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\bbrs_002@blabbers.com\",\"mtime\":1326988452688},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\",\"mtime\":1359629134069},\"toolbar@ask.com\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1317044928722},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1359888441296}}}]");

---- Lines ask.com removed from user.js ----

---- Lines asktb removed from prefs.js ----

user_pref("extensions.asktb.cbid", "EV");

user_pref("extensions.asktb.crumb", "2011.09.26+06.48.49-toolbar005iad-NL-QW1lcnNmb29ydCxOZXRoZXJsYW5kcw%3D%3D");

user_pref("extensions.asktb.dtid", "YYYYYYYYNL");

user_pref("extensions.asktb.first-launch", true);

user_pref("extensions.asktb.fresh-install", false);

user_pref("extensions.asktb.l", "dis");

user_pref("extensions.asktb.last-config-req", "1317044928262");

user_pref("extensions.asktb.locale", "nl_NL");

user_pref("extensions.asktb.o", "101917");

user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

user_pref("extensions.asktb.qsrc", "2871");

user_pref("extensions.asktb.r", "6");

---- Lines asktb modified from prefs.js ----

---- Lines asktb removed from user.js ----

---- Lines blabbers.com removed from prefs.js ----

---- Lines blabbers.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1307269214007},\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_19.1.0.28\\\\IPSFFPlgn\",\"mtime\":1359797912497},\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_19.1.0.28\\\\coFFPlgn\",\"mtime\":1359906066781}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1358547870771}}},{\"name\":\"app-profile\",\"addons\":{\"bbrs_002@blabbers.com\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\bbrs_002@blabbers.com\",\"mtime\":1326988452688},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\",\"mtime\":1359629134069},\"toolbar@disabled\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\toolbar@disabled\",\"mtime\":1317044928722},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1359888441296}}}]");

---- Lines blabbers.com removed from user.js ----

---- Lines OneClickDownload removed from prefs.js ----

user_pref("extensions.bootstrappedAddons", "{\"OneClickDownload@OneClickDownload.com\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\"},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.2.2\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\"}}");

user_pref("extensions.OneClickDownload.filter", "1,2");

user_pref("extensions.OneClickDownload.lastUpdate", "{\"hours\":11,\"min\":14}");

---- Lines OneClickDownload modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1307269214007},\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_19.1.0.28\\\\IPSFFPlgn\",\"mtime\":1359797912497},\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Norton\\\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\\\\NIS_19.1.0.28\\\\coFFPlgn\",\"mtime\":1359906066781}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1358547870771}}},{\"name\":\"app-profile\",\"addons\":{\"bbrs_002@disabled\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\bbrs_002@disabled\",\"mtime\":1326988452688},\"OneClickDownload@OneClickDownload.com\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\OneClickDownload@OneClickDownload.com.xpi\",\"mtime\":1359629134069},\"toolbar@disabled\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\toolbar@disabled\",\"mtime\":1317044928722},\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"descriptor\":\"C:\\\\Users\\\\Eric Donckers\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\uaa4qloc.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"mtime\":1359888441296}}}]");

---- Lines OneClickDownload removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user_03-02-2013_1655_.backup

prefs_03-02-2013_1655_.backup

==== Deleting Files \ Folders ======================

"C:\user.js" deleted

"C:\Users\Eric Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\uaa4qloc.default\extensions\OneClickDownload@OneClickDownload.com.xpi" deleted

"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted

"C:\user.js" deleted

"C:\END" deleted

"C:\Program Files (x86)\Giant Savings" deleted

"C:\Program Files (x86)\1ClickDownload" deleted

"C:\Program Files (x86)\Ask.com" deleted

"C:\Users\Eric Donckers\AppData\Roaming\Babylon" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Premium" deleted

"C:\ProgramData\Babylon" deleted

"C:\Users\Eric Donckers\AppData\Local\AskToolbar" deleted

"C:\Users\Eric Donckers\AppData\LocalLow\AskToolbar" deleted

"C:\Users\Eric Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\uaa4qloc.default\extensions\toolbar@ask.com" deleted

"C:\Users\Eric Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\uaa4qloc.default\extensions\bbrs_002@blabbers.com" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\ERICDO~1\AppData\Local\Temp ====

2013-02-03 15:55:49 6F1168F463578A0FAC882863E26CDFCF 2317312 ----a-w- C:\Users\ERICDO~1\AppData\Local\Temp\SysSpec.exe

2013-01-29 12:47:42 E04AF911CAC8510868E7C21B6257B097 204800 ----a-w- C:\Users\ERICDO~1\AppData\Local\Temp\drm_dyndata_7380007.dll

====== C:\Windows\SysWOW64 =====

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

====== C:\Windows\Sysnative\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C:\Program Files (x86) =====

======= C: =====

====== C:\Users\Eric Donckers\AppData\Roaming ======

2013-01-29 12:47:57 -------- d-----w- C:\users\Eric Donckers\AppData\Local\Electronic Arts

2013-01-19 21:13:07 8C628962387A7B42AAC0ED4B2F717BE3 357922 ----a-w- C:\users\Eric Donckers\AppData\Local\dd_vcredistMSI619E.txt

2013-01-19 21:13:04 97AB3959BE512F4593E515C28103E92F 13394 ----a-w- C:\users\Eric Donckers\AppData\Local\dd_vcredistUI619E.txt

====== C:\Users\Eric Donckers ======

2013-02-03 10:36:44 -------- d-----w- C:\Users\Eric Donckers\Doctor Web

====== C: exe-files ==

2013-02-03 15:55:49 6F1168F463578A0FAC882863E26CDFCF 2317312 ----a-w- C:\Users\Eric Donckers\AppData\Local\temp\SysSpec.exe

2013-02-03 10:34:52 7611B6951BC723F1ADC6F3150EE42DCE 110655728 ----a-w- C:\Users\Eric Donckers\Downloads\launch.exe

2013-01-30 14:36:11 885B713E4547904EF2962C7BE9C2CF0C 195493384 ----a-w- C:\Users\Eric Donckers\Downloads\20130130-004-v5i32.exe

=== C: other files ==

2013-01-29 12:47:42 E04AF911CAC8510868E7C21B6257B097 204800 ----a-w- C:\Users\Eric Donckers\AppData\Local\temp\drm_dyndata_7380007.dll

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-767261209-82459258-975220786-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="C:\Program Files (x86)\Logitech\Vid HD\Vid.exe -bootmode"

"Akamai NetSession Interface"="C:\Users\Eric Donckers\AppData\Local\Akamai\netsession_win.exe"

"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"

"Steam"="L:\steam\Steam.exe -silent"

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

"Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe"

[HKEY_USERS\S-1-5-21-767261209-82459258-975220786-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide"

"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"NBAgent"="C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe /WinStart"

"RIMBBLaunchAgent.exe"="C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot"

"PaperPort PTD"="C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

"IndexSearch"="C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

"PPort11reminder"="C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"

"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"

"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="C:\Program Files (x86)\Logitech\Vid HD\Vid.exe -bootmode"

"Akamai NetSession Interface"="C:\Users\Eric Donckers\AppData\Local\Akamai\netsession_win.exe"

"DAEMON Tools Pro Agent"="C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe -autorun"

"Steam"="L:\steam\Steam.exe -silent"

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

"Xvid"="C:\Program Files (x86)\Xvid\CheckUpdate.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09-01-2013 12:34]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Eric Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\uaa4qloc.default

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Eric Donckers\AppData\Roaming\Mozilla\Firefox\Profiles\uaa4qloc.default

9AC863FD5976316C29D4CB5E4C9EFD9C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll - Shockwave Flash

AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

clbfjfbnelcflpgpklppgplejolacbej - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx[]

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\Exts\Chrome.crx[26-09-2012 04:11]

pmlghpafmmnmmkjdhacccolfgnkiboco - C:\Program Files (x86)\1ClickDownload\oneclickdownloader10.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-767261209-82459258-975220786-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Eric Donckers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Eric Donckers\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Eric Donckers\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Eric Donckers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Eric Donckers\AppData\Local\Mozilla\Firefox\Profiles\uaa4qloc.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\ERICDO~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Eric Donckers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

Link naar reactie
Delen op andere sites
juisterr Veteraan

juisterr

Geplaatst:
Geplaatst:

Voer sowieso nog even een volledige systeemscan uit en wijzig alle gebuikte wachtwoorden, maar dat staat hieronder verder beschreven.

De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).

  • Zoek.exe

Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Volledige systeemscan

Ik raad u aan om met behulp van de Emsisoft Emergency Kit nog een volledige systeemscan uit te voeren, op de onderstaande link treft u de handleiding van dit programma.

Mochten er nog speciale detecties zijn waarvan u niet weet wat u het beste kan doen dan kunt u uw vraag stellen in de sectie Antivirus / Antispy(mal)ware / Firewalls en overige security software

2.) Systeemherstelpunten verwijderen

Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.

  • Hoe u de herstelpunten verwijderd leest u hier

3.) Wachtwoorden wijzigen

De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.

Meer informatie hierover leest u hier

4.) Installeren van essentiële updates.

Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.

Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

5.) Pas op voor 'Phishing' berichten.

Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.

Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.

Meer informatie leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.

Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.

Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.