antivirus.startpagina.nl

startpagina

  • Anonymous avatar

    Ben

    Hallo,

    Ik wil nog even een diepe Analyse doen met een Franstalig tooltje.

    Als je onderstaande instructies precies leest en opvolgt dan zou dat geen probleem moeten zijn ;)

    Download zhpdiag.exe vanaf deze website: http://en.kioskea.net/download/download-23176-zhpdiag

    XP gebruikers: dubbelklik zhpdiag.exe om het te installeren.

    Voor Windows Vista en hoger: rechtsklik zhpdiag.exe en kies voor "Uitvoeren als administrator".

    Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.

    Klik op "Installer“ wanneer daar om gevraagd wordt en op ”Terminer" wanneer de installatie voltooid is.

    Er zijn nu 2 pictogrammen op je bureaublad verschenen: ZHPDiag en ZHPFix.

    Dubbelklik nu op de snelkoppeling met de naam ZHPDiag

    Het startvenster verschijnt, klik nu op "Configurer".

    Klik daarna links onderaan op het middelste icoontje(een vergrootglas en een + symbool) "Diagnostic options".

    Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.

    Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze.

  • Anonymous avatar

    isabel

    ~ Verslag van ZHPDiag v2014.1.17.19 - Nicolas Coolman (17-1-2014)

    ~ Gelanceerd door Isabel (19-1-2014 20:27:23)

    ~ Het adres van de website : http://nicolascoolman.webs.com

    ~ Gratis supportforum voor desinfectie : http://nicolascoolman.webs.com/apps/links/

    ~ Vertaald door de gebruiker

    ~ Staat van de versie :

    ~ Lijst wit : Ingeschakeld door het programma

    ~ Tot misbruik van bevoegdheden : OK

    ~ Gebruikersaccountbeheer (UAC) : Activate by user

    —\\ Internet-browsers

    MSIE: Internet Explorer v11.0.9600.16476

    GCIE: Google Chrome v32.0.1700.76 (Defaut)

    —\\ Windows productinformatie

    ~ Langage: Néerlandais

    Windows 7 Starter, 32-bit Service Pack 1 (Build 7601)

    Windows Server License Manager Script : OK

    Software Protection Service (Protection logicielle) : OK

    Windows Automatic Updates : OK

    Windows Activation Technologies : OK

    —\\ Software om het systeem te beveiligen

    Malwarebytes Anti-Malware versie 1.75.0.1300

    Microsoft Security Client NL-NL Language Pack v2.1.1116.0

    Windows Defender W7

    —\\ Systeem optimalisatie software

    CCleaner v4.07 =>Piriform Ltd

    —\\ Delen van software PeerToPeer

    —\\ Software die extra aandacht behoeft

    Adobe Flash Player 12 ActiveX

    Adobe Reader X

    Java 7 Update 51

    —\\ Informatie over het systeem

    ~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel

    ~ Operating System: 32 Bits

    Boot mode: Normal (Normal boot)

    Total RAM: 1013 MB (25% free)

    System Restore: Activé (Enable)

    System drive C: has 124 GB (83%) free of 149 GB

    —\\ Verbinding met het systeem-modus

    ~ Computer Name: ISABEL-PC

    ~ User Name: Isabel

    ~ All Users Names: LogMeInRemoteUser, Isabel, Gast, Administrator,

    ~ Unselected Option: None

    Logged in as Administrator

    —\\ Omgevingsvariabelen

    ~ System Unit : C:\

    ~ %AppZHP% : C:\Users\Isabel\AppData\Roaming\ZHP\

    ~ %AppData% : C:\Users\Isabel\AppData\Roaming\

    ~ %Desktop% : C:\Users\Isabel\Desktop\

    ~ %Favorites% : C:\Users\Isabel\Favorites\

    ~ %LocalAppData% : C:\Users\Isabel\AppData\Local\

    ~ %StartMenu% : C:\Users\Isabel\AppData\Roaming\Microsoft\Windows\Start Menu\

    ~ %Windir% : C:\Windows\

    ~ %System% : C:\Windows\System32\

    —\\ Overzicht vaste en verwisselbare stations

    C: Hard drive, Flash drive, Thumb drive (Free 124 Go of 149 Go)

    —\\ Staat van het Windows Beveiligingscentrum

    Start_ShowHelp: Modified =>PUA.StartShow

    Start_ShowMyMusic: Modified

    Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow

    ~ Security Center: 47 Legitimates Filtered in 00mn 00s

    —\\ Zoeken naar bepaalde algemene bestanden

    - (.Microsoft Corporation - Windows Verkenner.) (.25-2-2011 - 6:30:54.) – C:\Windows\Explorer.exe

    - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.14-7-2009 - 2:14:45.) – C:\Windows\System32\Wininit.exe

    - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.26-11-2013 - 7:33:33.) – C:\Windows\System32\wininet.dll

    - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.20-11-2010 - 22:29:06.) – C:\Windows\System32\Winlogon.exe

    - (.Microsoft Corporation - Software Licensing-bibliotheek.) (.20-11-2010 - 22:29:24.) – C:\Windows\System32\sppcomapi.dll

    - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14-9-2013 - 1:48:58.) – C:\Windows\system32\Drivers\AFD.sys

    - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-7-2009 - 2:26:15.) – C:\Windows\system32\Drivers\atapi.sys

    - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-7-2009 - 0:11:15.) – C:\Windows\system32\Drivers\Cdfs.sys

    - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-2010 - 22:29:03.) – C:\Windows\system32\Drivers\Cdrom.sys

    - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-2010 - 22:29:07.) – C:\Windows\system32\Drivers\DfsC.sys

    - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-2010 - 22:29:03.) – C:\Windows\system32\Drivers\HDAudBus.sys

    - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.14-7-2009 - 0:11:24.) – C:\Windows\system32\Drivers\i8042prt.sys

    - (.Microsoft Corporation - IP Network Address Translator.) (.14-7-2009 - 0:54:29.) – C:\Windows\system32\Drivers\IpNat.sys

    - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27-4-2011 - 3:17:22.) – C:\Windows\system32\Drivers\MRxSmb.sys

    - (.Microsoft Corporation - MBT Transport driver.) (.20-11-2010 - 22:29:08.) – C:\Windows\system32\Drivers\netBT.sys

    - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.12-4-2013 - 14:45:29.) – C:\Windows\system32\Drivers\ntfs.sys

    - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.14-7-2009 - 0:45:35.) – C:\Windows\system32\Drivers\Parport.sys

    - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-7-2009 - 0:54:34.) – C:\Windows\system32\Drivers\Rasl2tp.sys

    - (.Microsoft Corporation - SMB Transport driver.) (.14-7-2009 - 0:53:41.) – C:\Windows\system32\Drivers\smb.sys

    - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-2010 - 22:29:07.) – C:\Windows\system32\Drivers\tdx.sys

    - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.20-11-2010 - 22:29:03.) – C:\Windows\system32\Drivers\volsnap.sys

    ~ Generic Processes: Scanned in 00mn 01s

    —\\ Status van de verborgen bestanden (verborgen/totaal)

    ~ Mes images (My Pictures) : 1/976

    ~ Mes musiques (My Musics) : 3/54

    ~ Mes Favoris (My Favorites) : 1/47

    ~ Mes Documents (My Documents) : 1/192

    ~ Mon Bureau (My Desktop) : 1/4

    ~ Menu demarrer (Programs) : 1/22

    ~ Hidden Files: Scanned in 00mn 02s

    —\\ Gestarte processen

    - (.Oceanis - WallPape Application.) – C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe

    - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) – C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    - (.LogMeIn, Inc. - LogMeIn Desktop Application.) – C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

    - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) – C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) – C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    - (.Compal Electronics, Inc - CapsLKNotify Application.) – C:\Program Files\CapsLKNotify\CapsLKNotify.exe

    - (.Intel Corporation - igfxTray Module.) – C:\Windows\System32\igfxtray.exe

    - (.Intel Corporation - hkcmd Module.) – C:\Windows\System32\hkcmd.exe

    - (.Intel Corporation - igfxsrvc Module.) – C:\Windows\system32\igfxsrvc.exe

    - (.Intel Corporation - persistence Module.) – C:\Windows\System32\igfxpers.exe

    - (.Realtek Semiconductor - Realtek HD Audio configuratie.) – C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

    - (.Oracle Corporation - Java(TM) Update Scheduler.) – C:\Program Files\Common Files\Java\Java Update\jusched.exe

    - (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe

    - (.Nicolas Coolman - ZHPDiag.) – C:\Program Files\ZHPDiag\ZHPDiag.exe

    ~ Processes Running: Scanned in 00mn 02s

    —\\ Google Chrome, start, zoeken, extensies (G0, G1, G2)

    C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Default\Preferences

    ~ Google Browser: 1 Legitimates Filtered in 00mn 00s

    —\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4)

    R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startpagina.nl

    R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com =>PUP.SweetPage

    R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com =>PUP.SweetPage

    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com =>PUP.SweetPage

    ~ IE Browser: 15 Legitimates Filtered in 00mn 00s

    —\\ Internet Explorer, proxybeheer (R5)

    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

    ~ Proxy management: Scanned in 00mn 00s

    —\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's

    F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

    F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

    F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

    ~ Keys: Scanned in 00mn 00s

    —\\ Hosts-bestand omleiding (O1)

    ~ Le fichier hosts est sain (The hosts file is clean).

    ~ Hosts File: Scanned in 00mn 00s

    ~ Nombre de lignes (Lines number): 2

    —\\ Internet Explorer werkbalken (O3)

    O3 - Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan sleutel

    O3 - Toolbar\WebBrowser: (no name) - {296AA17D-C89E-4242-A5A4-44BFE76914A2} Orphan sleutel

    ~ Toolbar: Scanned in 00mn 00s

    —\\ Andere Verwijzigingen gebruikers (O4)

    O4 - GS\Desktop : Google Chrome.lnk . (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe

    O4 - GS\Desktop : Oceanis Change Background W7.lnk . (.Oceanis - Change Background.) – C:\Program Files\Oceanis\SystemSetting\ChangeBackground.exe

    O4 - GS\Program : Oceanis Change Background W7.lnk . (.Oceanis - Change Background.) – C:\Program Files\Oceanis\SystemSetting\ChangeBackground.exe

    O4 - GS\QuickLaunch : Google Chrome.lnk . (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe

    O4 - GS\QuickLaunch : Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage

    O4 - GS\QuickLaunch : Paltalk Messenger.lnk . (…) – C:\Program Files\Paltalk Messenger\paltalk.exe (.not file.)

    O4 - GS\QuickLaunch : Upgrade to Paltalk Extreme.lnk - Orphan sleutel

    O4 - GS\TaskBar : Google Chrome.lnk . (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe

    O4 - GS\TaskBar : Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage

    O4 - GS\Program : Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage

    O4 - GS\SystemTools : Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com =>PUP.SweetPage

    O4 - GS\Desktop : OTL - Snelkoppeling.lnk . (.OldTimer Tools - No Comment.) – C:\Users\Isabel\Downloads\OTL.exe

    O4 - GS\QuickLaunch : Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe

    O4 - GS\TaskBar : Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe

    O4 - GS\Program : Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe

    O4 - GS\SystemTools : Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe

    ~ Global Startup: 62 Legitimates Filtered in 00mn 03s

    —\\ Toepassingen gestart door register & bestand (O4)

    O4 - HKLM\..\Run: . (.LogMeIn, Inc. - LogMeIn Desktop Application.) – C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

    O4 - HKLM\..\Run: . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) – C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated

    O4 - HKLM\..\Run: . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) – C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: . (.Compal Electronics, Inc - CapsLKNotify Application.) – C:\Program Files\CapsLKNotify\CapsLKNotify.exe

    O4 - HKLM\..\Run: . (.Intel Corporation - igfxTray Module.) – C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: . (.Intel Corporation - hkcmd Module.) – C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: . (.Intel Corporation - persistence Module.) – C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: . (.Realtek Semiconductor - Realtek HD Audio configuratie.) – C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

    O4 - HKLM\..\Run: . (.Microsoft Corporation - Microsoft Security Client User Interface.) – c:\Program Files\Microsoft Security Client\msseces.exe

    O4 - HKLM\..\Run: . (.Apple Inc. - Apple Push.) – C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

    O4 - HKLM\..\Run: . (.Oracle Corporation - Java(TM) Update Scheduler.) – C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

    O4 - HKCU\..\Run: . (.Facebook Inc. - Facebook Installer.) – C:\Users\Isabel\AppData\Local\Facebook\Update\FacebookUpdate.exe

    O4 - HKCU\..\Run: . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd

    O4 - HKUS\S-1-5-19\..\Run: . (.Microsoft Corporation - Windows-bureaubladgadgets.) – C:\Program Files\Windows Sidebar\Sidebar.exe

    O4 - HKUS\S-1-5-20\..\Run: . (.Microsoft Corporation - Windows-bureaubladgadgets.) – C:\Program Files\Windows Sidebar\Sidebar.exe

    O4 - HKUS\S-1-5-19\..\RunOnce: . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

    O4 - HKUS\S-1-5-20\..\RunOnce: . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

    O4 - HKUS\S-1-5-21-670820757-871311736-3026841884-1000\..\Run: . (.Facebook Inc. - Facebook Installer.) – C:\Users\Isabel\AppData\Local\Facebook\Update\FacebookUpdate.exe

    O4 - HKUS\S-1-5-21-670820757-871311736-3026841884-1000\..\Run: . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd

    ~ Application: Scanned in 00mn 00s

    —\\ Knoppen op de werkbalk “belangrijkste instrumenten” Internet Explorer (O9)

    O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} – C:\Program Files\PokerStars.EU\main.ico (.not file.)

    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\\ ActiveX-objecten (Downloaded Program Files) (O16)

    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} ((no name)) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB

    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} ((no name)) - http://support.dell.com/systemprofiler/DellSystemLite.CAB

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    ~ Objets ActiveX: Scanned in 00mn 00s

    —\\ Domeinadres van de DNS (O17) wijzigen

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8865458-52DE-4A38-9751-8CB9550E500F}: DhcpNameServer = 192.168.2.254

    O17 - HKLM\System\CCS\Services\Tcpip\..\{B8865458-52DE-4A38-9751-8CB9550E500F}: DhcpDomain = lan

    O17 - HKLM\System\CS1\Services\Tcpip\..\{B8865458-52DE-4A38-9751-8CB9550E500F}: DhcpNameServer = 192.168.2.254

    O17 - HKLM\System\CS1\Services\Tcpip\..\{B8865458-52DE-4A38-9751-8CB9550E500F}: DhcpDomain = lan

    O17 - HKLM\System\CS2\Services\Tcpip\..\{B8865458-52DE-4A38-9751-8CB9550E500F}: DhcpNameServer = 192.168.2.254

    O17 - HKLM\System\CS2\Services\Tcpip\..\{B8865458-52DE-4A38-9751-8CB9550E500F}: DhcpDomain = lan

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254

    ~ Domain: Scanned in 00mn 00s

    —\\ Aanvullend Protocol (O18)

    O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) – C:\Windows\System32\mshtml.dll

    O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation

    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20)

    O20 - Winlogon Notify: GoToAssist . (.Citrix Online, a division of Citrix Systems - Citrix Online GoToAssist Corporate.) – C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll

    O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) – C:\Windows\System32\igfxdev.dll

    ~ Winlogon: Scanned in 00mn 00s

    —\\ Geïnstalleerde software (O42)

    O42 - Logiciel: Windows 7 Codec Pack 4.0.0 - (.Windows 7 Codec Pack.) – Windows 7 - Codec Pack

    ~ Logic: 14 Legitimates Filtered in 00mn 01s

    —\\ HKCU & HKLM Software Keys

    =>PUP.Vittalia

    =>Toolbar.Conduit

    =>PUP.WpManager

    ~ Key Software: 171 Legitimates Filtered in 00mn 01s

    —\\ ‘Inhoud van mappen programma’s, ProgramFiles, ProgramData, AppData (O43)

    O43 - CFD: 24-2-2012 - 18:01:18 - —-D C:\Program Files\CapsLKNotify

    O43 - CFD: 31-8-2012 - 16:32:16 - —-D C:\Program Files\Conduit

    O43 - CFD: 24-2-2012 - 17:53:29 - —-D C:\Program Files\Function Keys

    O43 - CFD: 13-5-2013 - 14:51:47 - —-D C:\Program Files\PokerStars.EU

    O43 - CFD: 27-10-2013 - 8:49:22 - —-D C:\Program Files\Uninstaller

    O43 - CFD: 19-1-2014 - 13:18:14 - —-D C:\ProgramData\APN

    O43 - CFD: 17-6-2012 - 13:04:43 - —-D C:\ProgramData\Ask

    O43 - CFD: 24-2-2012 - 17:54:12 - —-D C:\ProgramData\Win732

    O43 - CFD: 24-2-2012 - 17:54:12 - —-D C:\ProgramData\Win764

    O43 - CFD: 19-1-2014 - 15:19:02 - —-D C:\ProgramData\WPM =>PUP.WpManager

    O43 - CFD: 24-2-2012 - 17:54:11 - —-D C:\ProgramData\XP32

    O43 - CFD: 19-1-2014 - 13:32:40 - —-D C:\Users\Isabel\AppData\Roaming\0V1L2Z2Z1T1I1L1T

    O43 - CFD: 1-3-2013 - 21:09:54 - —-D C:\Users\Isabel\AppData\Roaming\Belastingdienst

    O43 - CFD: 13-5-2013 - 14:51:35 - —-D C:\Users\Isabel\AppData\Local\PokerStars.EU

    O43 - CFD: 24-2-2012 - 17:54:29 - —-D C:\Users\Isabel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Function Keys

    ~ Program Folder: 130 Legitimates Filtered in 00mn 11s

    —\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)

    O44 - LFC: - 19-1-2014 - 13:15:31 —A- . (…) – C:\Windows\System32\jupdate-1.7.0_51-b13.log

    O44 - LFC: - 19-1-2014 - 18:17:39 —A- . (…) – C:\Windows\wininit.ini

    ~ Files: 22 Legitimates Filtered in 00mn 13s

    —\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)

    O45 - LFCP: - 15-1-2014 - 19:31:59 —A- - C:\Windows\Prefetch\USBFORCEREBOOT.EXE-0F8EB8BB.pf

    O45 - LFCP: - 16-1-2014 - 14:35:27 —A- - C:\Windows\Prefetch\UTILSALTARSMART.EXE-7C1A81E9.pf =>PUP.SaltarSmart

    O45 - LFCP: - 16-1-2014 - 15:06:08 —A- - C:\Windows\Prefetch\UPDATESALTARSMART.EXE-CCA46EF1.pf =>PUP.SaltarSmart

    O45 - LFCP: - 17-1-2014 - 19:22:03 —A- - C:\Windows\Prefetch\32.0.1700.76_31.0.1650.63_CHR-1323633A.pf

    O45 - LFCP: - 19-1-2014 - 13:12:57 —A- - C:\Windows\Prefetch\LZMA.EXE-5FCD137B.pf

    O45 - LFCP: - 19-1-2014 - 13:20:42 —A- - C:\Windows\Prefetch\UPDATEMANAGER.EXE-7B0A8410.pf

    O45 - LFCP: - 19-1-2014 - 13:21:37 —A- - C:\Windows\Prefetch\APNMCP.EXE-3B6C9BED.pf

    O45 - LFCP: - 19-1-2014 - 13:21:40 —A- - C:\Windows\Prefetch\TBNOTIFIER.EXE-C54E61E5.pf

    O45 - LFCP: - 19-1-2014 - 13:27:23 —A- - C:\Windows\Prefetch\UNINST.EXE-0867DC84.pf

    O45 - LFCP: - 19-1-2014 - 13:27:30 —A- - C:\Windows\Prefetch\NS24B2.TMP-4BA1F91C.pf

    O45 - LFCP: - 19-1-2014 - 13:31:07 —A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-84BA9C16.pf =>PUP.Wajam

    O45 - LFCP: - 19-1-2014 - 13:32:07 —A- - C:\Windows\Prefetch\COR_SWEET-PAGE.EXE-6C4A26FD.pf =>PUP.SweetPage

    O45 - LFCP: - 19-1-2014 - 13:32:34 —A- - C:\Windows\Prefetch\WPM.EXE-A94370CA.pf =>PUP.WpManager

    O45 - LFCP: - 19-1-2014 - 13:32:46 —A- - C:\Windows\Prefetch\WPROTECTMANAGER.EXE-C859C7C4.pf

    O45 - LFCP: - 19-1-2014 - 17:28:44 —A- - C:\Windows\Prefetch\CAPSLKNOTIFY.EXE-BCDC56F4.pf

    ~ Prefetcher: 141 Legitimates Filtered in 00mn 02s

    —\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)

    O55 - MWPS: - “EnableUIADesktopToggle”=0

    O55 - MWPS: - “FilterAdministratorToken”=0

    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\\ Overzicht van de drivers (SDL) (O58)

    O58 - SDL: - 14-7-2009 - 2:20:28 —A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) – C:\Windows\System32\Drivers\elxstor.sys

    O58 - SDL: - 26-6-2009 - 15:43:42 —A- . (.Windows (R) Win 7 DDK provider - Embedded System Control.) – C:\Windows\System32\Drivers\EMSC.sys

    O58 - SDL: - 13-7-2009 - 23:54:14 —A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) – C:\Windows\System32\Drivers\hcw85cir.sys

    O58 - SDL: - 4-6-2013 - 8:15:02 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) – C:\Windows\System32\Drivers\ssudbus.sys

    O58 - SDL: - 6-2-2013 - 6:42:08 —A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) – C:\Windows\System32\Drivers\ssudmdm.sys

    O58 - SDL: - 14-7-2009 - 2:19:04 —A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) – C:\Windows\System32\Drivers\stexstor.sys

    O58 - SDL: - 13-7-2009 - 22:40:41 —A- . (…) – C:\Windows\System32\ANSI.SYS

    O58 - SDL: - 13-7-2009 - 22:40:44 —A- . (…) – C:\Windows\System32\country.sys

    O58 - SDL: - 13-7-2009 - 22:40:40 —A- . (…) – C:\Windows\System32\HIMEM.SYS

    O58 - SDL: - 13-7-2009 - 22:40:43 —A- . (…) – C:\Windows\System32\KEY01.SYS

    O58 - SDL: - 13-7-2009 - 22:40:43 —A- . (…) – C:\Windows\System32\KEYBOARD.SYS

    O58 - SDL: - 13-7-2009 - 22:40:23 —A- . (…) – C:\Windows\System32\NTDOS.SYS

    O58 - SDL: - 13-7-2009 - 22:40:31 —A- . (…) – C:\Windows\System32\NTDOS404.SYS

    O58 - SDL: - 13-7-2009 - 22:40:35 —A- . (…) – C:\Windows\System32\NTDOS411.SYS

    O58 - SDL: - 13-7-2009 - 22:40:39 —A- . (…) – C:\Windows\System32\NTDOS412.SYS

    O58 - SDL: - 13-7-2009 - 22:40:27 —A- . (…) – C:\Windows\System32\NTDOS804.SYS

    O58 - SDL: - 13-7-2009 - 22:40:11 —A- . (…) – C:\Windows\System32\NTIO.SYS

    O58 - SDL: - 13-7-2009 - 22:40:15 —A- . (…) – C:\Windows\System32\NTIO404.SYS

    O58 - SDL: - 13-7-2009 - 22:40:17 —A- . (…) – C:\Windows\System32\NTIO411.SYS

    O58 - SDL: - 13-7-2009 - 22:40:19 —A- . (…) – C:\Windows\System32\NTIO412.SYS

    O58 - SDL: - 13-7-2009 - 22:40:13 —A- . (…) – C:\Windows\System32\NTIO804.SYS

    ~ Drivers: 16 Legitimates Filtered in 00mn 05s

    —\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)

    O61 - LFC: 19-1-2014 - 20:29:15 —A- . (…) – C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

    O61 - LFC: 19-1-2014 - 20:29:21 —A- . (…) – C:\Users\Isabel\AppData\Local\Google\Chrome\User Data\Local State

    O61 - LFC: 19-1-2014 - 20:29:34 —A- . (…) – C:\Users\Isabel\AppData\Roaming\ZHP\HOSTS.txt =>.Nicolas Coolman

    O61 - LFC: 19-1-2014 - 20:29:34 —A- . (…) – C:\Users\Isabel\AppData\Roaming\ZHP\Log.txt =>.Nicolas Coolman

    O61 - LFC: 19-1-2014 - 20:29:34 —A- . (…) – C:\Users\Isabel\AppData\Roaming\ZHP\TestsZHPDiag.txt =>.Nicolas Coolman

    O61 - LFC: 19-1-2014 - 20:29:34 —A- . (…) – C:\Users\Isabel\Documents\BMI.txt

    O61 - LFC: 19-1-2014 - 20:29:46 —A- . (…) – C:\Users\Isabel\Downloads\Extras.Txt

    O61 - LFC: 19-1-2014 - 20:29:51 —A- . (…) – C:\Users\Isabel\Downloads\OTL.Txt

    ~ Files: 151 Legitimates Filtered in 02mn 42s

    —\\ Lijst van cleaning tools (CLAB) (O63)

    O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) – ZHPDiag_is1 =>.Nicolas Coolman

    O63 - Logiciel: RSIT - (.random/random.)

    ~ ADS: Scanned in 00mn 00s

    —\\ Bestandsassociaties mogelijk aangepast (O67)

    O67 - Shell Spawning: <.html> (.Not Key.)

    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\\ Startmenu Internet (SMI) (O68)

    O68 - StartMenuInternet: (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe

    O68 - StartMenuInternet: (…) – C:\Program Files\Internet Explorer\iexplore.exe

    ~ Keys: Scanned in 00mn 00s

    —\\ Zoek "infecties in internetbrowsers (SBI) (O69)

    O69 - SBI: SearchScopes CA07930441CB4D78A78B3008C8644E59 - (FileConverter 1.4 Customized Web Search) - http://search.conduit.com

    O69 - SBI: SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

    O69 - SBI: SearchScopes {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

    O69 - SBI: SearchScopes {AABDBB27-0820-4574-97FB-83D16814541E} - (Web Search) - http://search.certified-toolbar.com =>PUP.CertifiedToolbar

    O69 - SBI: SearchScopes {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://search.certified-toolbar.com =>PUP.CertifiedToolbar

    O69 - SBI: SearchScopes {B2F983E5-B531-4718-8535-F23EB524EBEF} - (Search the web (Softonic)) - http://search.softonic.com =>Adware.IMBooster

    O69 - SBI: SearchScopes {E133E310-C55A-43DA-8377-D86B1F00E544} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask

    O69 - SBI: SearchScopes {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://search.certified-toolbar.com =>PUP.CertifiedToolbar

    ~ Keys: Scanned in 00mn 00s

    —\\ Overzicht van de productcodes van software (PUC) (O90)

    O90 - PUC: “3D15E350D588C5245968AE15384C6C88” . (.Function Keys.) – C:\Windows\Installer\{053E51D3-885D-425C-9586-EA5183C4C688}\ARPPRODUCTICON.exe

    O90 - PUC: “60187509FA0789149BED9142AF380BA3” . (.CapsLKNotify.) – C:\Windows\Installer\{90578106-70AF-4198-B9DE-1924FA83B03A}\ARPPRODUCTICON.exe

    O90 - PUC: “CCF0B6E746FED0F42A24B939A85A6B4A” . (.Unreal Morning Winodows 7 Logon Screen.) – C:\Windows\Installer\{7E6B0FCC-EF64-4F0D-A242-9B938AA5B6A4}\imageres_1.exe

    ~ Update Products: 32 Legitimates Filtered in 00mn 00s

    —\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)

    SS - | Demand 19-1-2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    SS - | Demand 29-2-2012 13160 | (GoToAssist) . (.Citrix Online, a division of Citrix Systems.) - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe

    SS - | Auto 19-1-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

    SS - | Demand 19-1-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

    SS - | Demand 22-10-2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    SS - | Demand 14-7-2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

    SR - | Auto 18-12-2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    SR - | Auto 21-12-2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    SR - | Auto 30-8-2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

    SR - | Auto 16-12-2013 375120 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

    SR - | Auto 16-12-2013 202576 | (LMIMaint) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn\x86\RaMaint.exe

    SR - | Auto 16-9-2011 390528 | (LogMeIn) . (.LogMeIn, Inc..) - C:\Program Files\LogMeIn\x86\LogMeIn.exe

    SR - | Auto 4-4-2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    SR - | Auto 4-4-2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    SR - | Auto 23-10-2013 22208 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe

    SR - | Auto 14-7-2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

    ~ Services: Scanned in 00mn 10s

    —\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

    ~ MBR: 1 Legitimates Filtered in 00mn 02s

    —\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)

    Written by ad13, http://ad13.geekstog

    Run by Isabel at 19-1-2014 20:32:20

    ********* Dump file Name *********

    C:\PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 04s

    —\\ Extra scan (O88)

    Database Version : 13024 - (17-1-2014)

    Clés trouvées (Keys found) : 26

    Valeurs trouvées (Values found) : 4

    Dossiers trouvés (Folders found) : 4

    Fichiers trouvés (Files found) : 4

    =>Adware.iWinArcade

    =>Toolbar.Conduit

    =>Toolbar.Conduit

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Conduit

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Adware.PriceGong

    =>PUP.Funmoods

    =>Adware.BrowseFox

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Rogue.SpeedUpMyPC

    =>Toolbar.Conduit

    C:\ProgramData\WPM =>PUP.WpManager^

    C:\Program Files\Conduit =>Toolbar.Conduit

    C:\Users\Isabel\AppData\LocalLow\Conduit =>Toolbar.Conduit

    C:\Users\Isabel\AppData\LocalLow\PriceGong =>Adware.PriceGong

    Start_ShowHelp: Modified =>PUA.StartShow ^

    =>PUP.Vittalia^

    =>Toolbar.Conduit^

    =>PUP.WpManager^

    ~ Additionnel Scan: 155656 Items scanned in 01mn 00s

    —\\ Samenvatting van detecties gevonden op uw werkstation

    ~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow

    ~ http://nicolascoolman.webs.com/apps/blog/show/40584589-pup-sweetpage =>PUP.SweetPage

    ~ http://nicolascoolman.webs.com/apps/blog/show/35115580-pup-vittalia =>PUP.Vittalia

    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit

    ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager

    ~ http://nicolascoolman.webs.com/apps/blog/show/33293281-pup-saltarsmart =>PUP.SaltarSmart

    ~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam

    ~ http://nicolascoolman.webs.com/apps/blog/show/28040039-pup-certifiedtoolbar =>PUP.CertifiedToolbar

    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster

    ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask

    ~ http://nicolascoolman.webs.com/apps/blog/show/28766471-adware-iwinarcade =>Adware.iWinArcade

    ~ http://nicolascoolman.webs.com/apps/blog/show/26666995-adware-pricegong =>Adware.PriceGong

    ~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods

    ~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox =>Adware.BrowseFox

    ~ http://nicolascoolman.webs.com/apps/blog/show/33047509-rogue-speedupmypc =>Rogue.SpeedUpMyPC

    ~ MSI: 15 link(s) detected in 01mn 00s

    ~ 1145 Legitimates filtered by white list

    End of the scan (528 lines in 06mn 00s)(0)

  • Anonymous avatar

    Ben

    Hallo,

    Kopieer de vet gedrukte tekst volledig:

    Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

    Script ZHPFix

    R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = =>PUP.SweetPage

    R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = =>PUP.SweetPage

    R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = =>PUP.SweetPage

    O4 - GS\QuickLaunch : Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>PUP.SweetPage

    O4 - GS\TaskBar : Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>PUP.SweetPage

    O4 - GS\Program : Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>PUP.SweetPage

    O4 - GS\SystemTools : Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>PUP.SweetPage

    O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} – C:\Program Files\PokerStars.EU\main.ico (.not file.)

    O43 - CFD: 31-8-2012 - 16:32:16 - —-D C:\Program Files\Conduit

    O43 - CFD: 17-6-2012 - 13:04:43 - —-D C:\ProgramData\Ask

    =>Adware.iWinArcade

    =>Toolbar.Conduit

    =>Toolbar.Conduit

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Toolbar.Conduit

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Adware.PriceGong

    =>PUP.Funmoods

    =>Adware.BrowseFox

    =>Toolbar.Ask

    =>Toolbar.Ask

    =>Rogue.SpeedUpMyPC

    =>Toolbar.Conduit

    C:\ProgramData\WPM =>PUP.WpManager^

    C:\Program Files\Conduit =>Toolbar.Conduit

    C:\Users\Isabel\AppData\LocalLow\Conduit =>Toolbar.Conduit

    C:\Users\Isabel\AppData\LocalLow\PriceGong =>Adware.PriceGong

    Start_ShowHelp: Modified =>PUA.StartShow ^

    =>PUP.Vittalia^

    =>Toolbar.Conduit^

    =>PUP.WpManager^

    shortcutfix

    emptytemp

    emptyflash

    Dubbelklik de snelkoppeling: ZHPFix

    Druk op de button "Import"

    Druk daarna onderaan op de knop "Go".

    De fix zal beginnen post het resultaat ZPHFix.txt in je volgende bericht.

  • Anonymous avatar

    isabel

    Rapport de ZHPFix 2014.1.17.2 par Nicolas Coolman, Update du 17/01/201

    Fichier d'export Registre :

    Run by Isabel at 19-1-2014 20:52:22

    High Elevated Privileges : OK

    Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)

    Prullenbak geleegd (00mn 05s)

    Reparatie van browser snelkoppelingen

    ========== Registersleutels ==========

    VERWIJDERD: CLSID Extra Buttons: {07BA1DA9-F501-4796-8728-74D1B91A6CD5}

    VERWIJDERD: HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

    VERWIJDERD: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

    VERWIJDERD: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

    VERWIJDERD: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

    VERWIJDERD: HKCU\Software\APN PIP

    VERWIJDERD: HKCU\Software\AppDataLow\Software\ConduitSearchScopes

    VERWIJDERD: HKCU\Software\PIP

    VERWIJDERD: HKLM\Software\PIP

    VERWIJDERD: HKCU\Software\AppDataLow\Software\PriceGong

    VERWIJDERD: HKLM\Software\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

    VERWIJDERD: HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

    VERWIJDERD: HKLM\Software\Microsoft\Tracing\apnstub_RASAPI32

    VERWIJDERD: HKLM\Software\Microsoft\Tracing\apnstub_RASMANCS

    VERWIJDERD: HKLM\Software\Classes\SpeedUpMyPC

    VERWIJDERD: HKLM\Software\Classes\Toolbar.CT3241951

    VERWIJDERD: HKCU\Software\Vittalia

    VERWIJDERD: HKLM\Software\Conduit

    VERWIJDERD: HKLM\Software\supWPM

    ========== Elementen van de registergegevens ==========

    VERWIJDERD: R1 Search Page =

    VERVANGT Value Start_ShowHelp : Good (1) - Bad (0)

    ========== Mappen ==========

    VERWIJDERD: C:\Program Files\Conduit

    VERWIJDERD: C:\ProgramData\Ask

    VERWIJDERD: c:\programdata\wpm

    VERWIJDERD: c:\users\isabel\appdata\locallow\conduit

    VERWIJDERD: c:\users\isabel\appdata\locallow\pricegong

    Verwijderen tijdelijke Windows (0)

    Verwijderd Flash Cookies (0)

    ========== Bestanden ==========

    VERWIJDERD: c:\users\isabel\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk

    VERWIJDERD: c:\users\isabel\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk

    VERWIJDERD: c:\users\isabel\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk

    VERWIJDERD: c:\users\isabel\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk

    Verwijderen tijdelijke Windows (0) (0 octets)

    Verwijderd Flash Cookies (0) (0 octets)

    ========== Samenvatting ==========

    30 : Registersleutels

    2 : Elementen van de registergegevens

    7 : Mappen

    6 : Bestanden

    End of clean in 00mn 21s

    ========== Pad naar bestand verslag ==========

    C:\Users\Isabel\AppData\Roaming\ZHP\ZHPFix.txt - 19-1-2014 20:52:28

    hij heeft welmijn internet explorer verwijderd

  • Anonymous avatar

    Ben

    Hallo,

    Waarschijnlijk je icoon kik eens bij Start > of je daar IE ziet staan?

  • Anonymous avatar

    isabel

    nee maar dat is het ergste niet

    als de pc maar malware vrij is

  • Anonymous avatar

    isabel

    is ie malware vrij?

  • Anonymous avatar

    Ben

    Hallo,

    IE moet wel werken dus wil graag weten of het icoon daar wel staat.

    Download

    AdwCleaner by Xplode naar het bureaublad.

    Sluit alle openstaande vensters.

    Dubbelklik op AdwCleaner om hem te starten.

    Windows Vista, 7 en 8 gebruikers dienen de tool als “administrator” uit te voeren,

    Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.

    Klik vervolgens op Scan.

    Klik vervolgens op Clean als er items zijn gevonden.

    Klik bij Herstarten Noodzakelijk op OK

    Nadat de PC opnieuw is opgestart, opent meestal een logfile.

    Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner.txt

    Post aansluitend de inhoud van dit log in je volgende bericht.

  • Anonymous avatar

    isabel

    nee hij helemaal van de pc verwijderd

    bij programmas en onderdelen in configuratiescherm staat ie ook niet

  • Anonymous avatar

    Ben

    Hallo,

    Je heb het over IE toch??

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.