C:\Users\Tim\AppData\Roaming\newnext.me\nengine.dll

Graag jullie hulp bij bovenstaande foutmelding. Het logje heb ik ingesloten. Alvast hartelijk dank![ATTACH]30186[/ATTACH]

log.txt

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

• Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  NextLive;s
 C:\Users\Tim\AppData\Roaming\newnext.me;fs
 C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job;f
 C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job;f
 C:\WINDOWS\tasks\RegClean Pro_UPDATES.job;f
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r64
 "NextLive"=-;r64
  emptyfolderscheck;delete 
startupall; 
filesrcm;

• Klik op de knop "Options" en vink nu de onderstaande opties aan.
  
• Do a Quick Scan
  
  
• Auto Clean
  
• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by Tim on do 06-02-2014 at 20:16:01,37.

Microsoft Windows 8.1 Pro met Media Center 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Tim\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

6-2-2014 20:17:39 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\predm deleted successfully

C:\PROGRA~2\WinZipper deleted successfully

C:\Program Files\Elantech deleted successfully

C:\ProgramData\Babylon deleted successfully

C:\ProgramData\Oracle deleted successfully

C:\Users\Tim\AppData\Roaming\Windows Live Writer deleted successfully

C:\Users\Tim\AppData\Roaming\WinRAR deleted successfully

C:\Users\Mcx1-TIM-PC\AppData\Local\VirtualStore deleted successfully

C:\Users\Tim\AppData\Local\Bundled software uninstaller deleted successfully

C:\Users\Tim\AppData\Local\FilesFrog Update Checker deleted successfully

C:\Users\Tim\AppData\Local\genienext deleted successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting Services ======================

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"NextLive"=-

==== Deleting Files \ Folders ======================

C:\Users\Tim\AppData\Roaming\newnext.me not found

"C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job" deleted

"C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job" deleted

"C:\WINDOWS\tasks\RegClean Pro_UPDATES.job" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\Users\Tim\AppData\Local\Temp ====

2014-02-05 11:58:25 E3A25C80E2375B2D42C3D4729769BDF3 10240 ----a-w- C:\Users\Tim\AppData\Local\Temp\SDIAG_2c4a59fb-a8d6-4fb1-b958-0f740fd49695\NetworkDiagnosticSnapIn.dll

====== Java Cache =====

2014-02-03 09:26:12 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-5e7a7798

2014-02-03 09:26:07 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-649019c5

2014-02-03 09:26:06 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-68f8108c

====== C:\WINDOWS\SysWOW64 =====

2014-02-03 08:57:31 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\WINDOWS\SysWOW64\javaws.exe

2014-02-03 08:57:26 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\WINDOWS\SysWOW64\javaw.exe

2014-02-03 08:57:26 A7871E39687EC6EE9712209DAE248B3A 96168 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-02-03 08:57:26 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\WINDOWS\SysWOW64\java.exe

====== C:\WINDOWS\SysWOW64\drivers =====

====== C:\WINDOWS\Sysnative =====

====== C:\WINDOWS\Sysnative\drivers =====

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2014-02-06 09:59:19 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Tim\AppData\Roaming ======

2014-02-06 09:12:45 -------- d-----w- C:\Users\Tim\AppData\Roaming\DriverCure

2014-02-04 11:46:16 -------- d-----w- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hema Fotoalbum

2014-02-04 11:46:14 -------- d-----w- C:\Users\Tim\AppData\Local\Hema Fotoalbum

====== C:\Users\Tim ======

2014-02-06 09:58:58 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Tim\Downloads\RSITx64(1).exe

2014-02-06 09:54:48 71458695DA965B07312DCE2822CE5956 22079 ----a-w- C:\Users\Tim\Desktop\RSITx64.exe

2014-02-05 20:15:33 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\DefaultAppPool\ntuser.ini

2014-02-04 11:45:58 81DF17EAE33CB2A422A9183672564FC2 6774448 ----a-w- C:\Users\Tim\Downloads\Hema_NL.exe

2014-02-03 08:57:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-01-27 22:43:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-01-27 22:34:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-01-26 12:32:34 91D5971A920CA13BCBB80652B52B872C 449376 ----a-w- C:\Users\Tim\Downloads\How_to_Train_Your_Dragon_(2010)_DvdRip_XviD_Animatie_.exe

2014-01-15 19:51:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar

====== C: exe-files ==

2014-02-06 09:59:19 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Tim.exe

2014-02-06 09:58:58 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Tim\Downloads\RSITx64(1).exe

2014-02-06 09:54:48 71458695DA965B07312DCE2822CE5956 22079 ----a-w- C:\Users\Tim\Desktop\RSITx64.exe

2014-02-06 09:09:21 75571C40ECC29BCBFF16B1FC3C3ED170 364880 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\000057b6\updatus.17778707_RUNASUSER.exe

2014-02-04 11:46:14 EBF7173F377907539A4D70B021C60A36 5184552 ----a-w- C:\Users\Tim\AppData\Local\Hema Fotoalbum\apc.exe

2014-02-04 11:46:14 30B39F21F1B121DB4B77FC29DA71F661 1184469 ----a-w- C:\Users\Tim\AppData\Local\Hema Fotoalbum\unins000.exe

2014-02-04 11:45:58 81DF17EAE33CB2A422A9183672564FC2 6774448 ----a-w- C:\Users\Tim\Downloads\Hema_NL.exe

2014-02-04 02:33:47 BA7524A2D91F895CE7502C78B6A4CBAF 732888 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_32.0.1700.102_chrome_updater.exe

2014-02-03 08:57:31 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe

2014-02-03 08:57:26 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe

2014-02-03 08:57:26 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe

2014-02-03 08:56:36 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Tim\AppData\LocalLow\Sun\Java\jre1.7.0_51\lzma.exe

2014-02-01 19:21:35 574B62CAD5B2F34A29C2E2AA1D1A16B1 681984 ----a-w- C:\Users\Tim\Downloads\Dallas Buyers Club (2013) HQ AC3 DD51 (Ingebakken Subs)\InF0-HANNES3\Busca Plugins\Busca Plugins\setup.exe

=== C: other files ==

2014-02-06 08:47:40 8034A8F0F1C2A6D4B0553021127196B0 30250 ----a-w- C:\ProgramData\Systweak\Advanced System Protector\updates\1668update.zip

2014-02-05 20:08:28 2428D64A753C593BCDBE759030F2E608 44550 ----a-w- C:\ProgramData\Systweak\Advanced System Protector\updates\1667update.zip

2014-02-05 11:33:50 3F83470E5B4C337A46F8A288732AF454 58459 ----a-w- C:\ProgramData\Systweak\Advanced System Protector\updates\1666update.zip

2014-02-04 12:51:55 CF33F46A41237540C5B5F352AC9C4508 1484 ----a-w- C:\ProgramData\Systweak\Advanced System Protector\updates\1665update.zip

2014-02-04 12:51:55 31FE615E7B1453AE06C470E3D7088851 377892 ----a-w- C:\ProgramData\Systweak\Advanced System Protector\updates\1664update.zip

2014-02-03 16:51:54 C9C9D1F645B04E393A35A3B1A647FB94 55936 ----a-w- C:\ProgramData\Systweak\Advanced System Protector\updates\1663update.zip

2014-02-03 12:51:55 B67DED044C48911962362E38D03647EE 192702 ----a-w- C:\ProgramData\Systweak\Advanced System Protector\updates\1662update.zip

2014-02-01 19:21:37 559B4BBBAD699005F7559395BDEE9D09 22290 ----a-w- C:\Users\Tim\Downloads\Dallas Buyers Club (2013) HQ AC3 DD51 (Ingebakken Subs)\InF0-HANNES3\Busca Plugins\Busca Plugins\BuscaNzbChrome.crx

2014-02-01 19:21:36 59484751E6DC9C9897D0B44D7A862CCC 14631 ----a-w- C:\Users\Tim\Downloads\Dallas Buyers Club (2013) HQ AC3 DD51 (Ingebakken Subs)\InF0-HANNES3\Busca Plugins\Busca Plugins\BuscaNzbv10.xpi

2014-01-31 11:42:51 3B9B90877FD05F5BE15B36877B90C3A1 1313680 ----a-w- C:\ProgramData\Systweak\Advanced System Protector\updates\1661update.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3378421679-160947958-2246735523-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"HP Photosmart 7510 series (NET)"="C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe -deviceID CN25L340HF05PX:NW -scfn HP Photosmart 7510 series (NET) -AutoStart 1"

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

[HKEY_USERS\S-1-5-21-3378421679-160947958-2246735523-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S"

"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"

"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"

"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"Aimersoft Helper Compact.exe"="C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"HP Photosmart 7510 series (NET)"="C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe -deviceID CN25L340HF05PX:NW -scfn HP Photosmart 7510 series (NET) -AutoStart 1"

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\WINDOWS\\SysWOW64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll,C:\\WINDOWS\\system32\\nvinitx.dll"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ACMON]

"command"="C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe"

"hkey"="HKLM"

"item"="ACMON"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

"hkey"="HKLM"

"item"="Adobe Reader Speed Launcher"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]

"command"="C:\\Windows\\AsScrPro.exe"

"hkey"="HKLM"

"item"="ASUS Screen Saver Protector"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]

"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""

"hkey"="HKLM"

"item"="CLMLServer"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

"hkey"="HKLM"

"item"="RTHDVCPL"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

==== Startup Folders ======================

2012-11-05 16:59:09 1948 ----a-w- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Photosmart 7510 series (netwerk).lnk

2013-01-10 16:33:04 1037 ----a-w- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk

2012-02-24 02:50:52 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

2013-02-17 19:24:00 1949 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04-02-2014 20:44]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-02-2012 03:28]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-02-2012 03:28]

C:\WINDOWS\tasks\HP Photo Creations Messager.job --a-------- C:\ProgramData\HP Photo Creations\MessageCheck.exe [15-02-2011 11:11]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\WINDOWS\SysNative\tasks\Advanced System Protector_startup" [C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe]

"C:\WINDOWS\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]

"C:\WINDOWS\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]

"C:\WINDOWS\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]

"C:\WINDOWS\SysNative\tasks\ASUS Quick Gesture" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe]

"C:\WINDOWS\SysNative\tasks\ASUS Quick Gesture (x64)" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe]

"C:\WINDOWS\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe]

"C:\WINDOWS\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]

"C:\WINDOWS\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]

"C:\WINDOWS\SysNative\tasks\Desk 365 RunAsStdUser" [C:\Program Files (x86)\Desk 365\desk365.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\HP Photo Creations Messager" [C:\ProgramData\HP Photo Creations\MessageCheck.exe]

"C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Photosmart 7510 series" ["C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe"]

"C:\WINDOWS\SysNative\tasks\hpUrlLauncher.exe_{415EAF62-E41A-4B10-B99E-63D9DD4F400A}" [C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe]

"C:\WINDOWS\SysNative\tasks\Searchya" [C:\Users\Tim\AppData\Roaming\Searchya\UPDATE~1\UPDATE~1.EXE]

"C:\WINDOWS\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{C6E5D42E-655F-43D7-956A-5C94887FC7DF}" [C:\WINDOWS\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"quickprint@hp.com"="C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension" [26-01-2011 14:27]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\18ebcc5d.default-1373919720800

FD6ACD9D85177259D442A0C4AC15F7B8 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash

7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +

8F0B95B3AC17DAE9E138E7BBE2429B6C - C:\Users\Tim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4 folders=0 2391 bytes)

==== EOF on do 06-02-2014 at 20:21:04,66 ======================

Dubbelklik op Zoek.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  C:\ProgramData\Systweak\Advanced System Protector;fs
 C:\WINDOWS\SysNative\tasks\Advanced System Protector_startup;fs
 C:\WINDOWS\SysNative\tasks\Desk 365 RunAsStdUser;fs
 C:\Program Files (x86)\Desk 365;fs
 C:\WINDOWS\SysNative\tasks\Searchya;fs
 C:\Users\Tim\AppData\Roaming\Searchya;fs

• De optie "Scan All Users" staat standaard aangevinkt.
  
• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

Zoek.exe v5.0.0.0 Updated 31-January-2014

Tool run by Tim on vr 07-02-2014 at 9:20:42,22.

Microsoft Windows 8.1 Pro met Media Center 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Tim\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2014-02-06-192104.log 17667 bytes

==== Empty Folders Check ======================

C:\PROGRA~2\Diego - Dinosaur Rescue

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3378421679-160947958-2246735523-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

HKEY_USERS\S-1-5-21-3378421679-160947958-2246735523-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\18ebcc5d.default-1373919720800

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar.bbDpng", "25");

user_pref("extensions.BabylonToolbar.cntry", "NL");

user_pref("extensions.BabylonToolbar.dfltLng", "nl");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);

user_pref("extensions.BabylonToolbar.hdrMd5", "F4B9B2448D9F112001DE0D40474456A4");

user_pref("extensions.BabylonToolbar.hpFFXOld", "http://search.babylon.com/?babsrc=HP_ss_wls&mntrId=D6DB06E543DBA51C&affID=123896&tsp=4982");

user_pref("extensions.BabylonToolbar.id", "d6db585100000000000006e543dba51c");

user_pref("extensions.BabylonToolbar.instlDay", "15939");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.kwURLOld", "");

user_pref("extensions.BabylonToolbar.lastB", "http://search.babylon.com/?babsrc=HP_ss_wls&mntrId=D6DB06E543DBA51C&affID=123896&tsp=4982");

user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.24.622:23:04");

user_pref("extensions.BabylonToolbar.newTab", false);

user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"72\",\"lastVrsn\":\"72\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"fals

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.rvrt", "false");

user_pref("extensions.BabylonToolbar.sg", "tzb");

user_pref("extensions.BabylonToolbar.smplGrp", "none");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=d6db585100000000000006e543dba51c&q=");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");

user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.622:23:04");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=123896&tsp=4982");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=d6db585100000000000006e543dba51c&q=");

user_pref("extensions.BabylonToolbar.id", "d6db585100000000000006e543dba51c");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.instlDay", "15939");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.6");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.6");

user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.622:23:04");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.smplGrp", "none");

user_pref("extensions.BabylonToolbar.tlbrId", "base");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.dfltLng", "nl");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar_i.babTrack", "affID=123896&tsp=4982");

user_pref("extensions.BabylonToolbar_i.babExt", "");

user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

user_pref("extensions.BabylonToolbar.autoRvrt", "false");

user_pref("extensions.BabylonToolbar.rvrt", "false");

user_pref("extensions.BabylonToolbar.newTab", false);

---- FireFox user.js and prefs.js backups ----

user_07-02-2014_0937_.backup

prefs_07-02-2014_0937_.backup

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"NextLive"=-

==== Deleting Files \ Folders ======================

C:\Users\Tim\AppData\Roaming\newnext.me not found

"C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job" not found

"C:\WINDOWS\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job" not found

"C:\WINDOWS\tasks\RegClean Pro_UPDATES.job" not found

C:\Users\Tim\daemonprocess.txt deleted

C:\Users\Tim\.android deleted

C:\PROGRA~2\RegClean Pro deleted

C:\PROGRA~2\MyPC Backup deleted

C:\PROGRA~2\Systweak deleted

C:\Users\Mcx1-TIM-PC\AppData\Roaming\Systweak deleted

C:\Users\Tim\AppData\Roaming\nationzoom deleted

C:\Users\Tim\AppData\Roaming\iSafe deleted

C:\Users\Tim\AppData\Roaming\ParetoLogic deleted

C:\Users\Tim\AppData\Roaming\DriverCure deleted

C:\Users\Tim\AppData\Roaming\Babylon deleted

C:\Users\Tim\AppData\Roaming\Systweak deleted

C:\ProgramData\Systweak deleted

C:\ProgramData\APN deleted

C:\ProgramData\ParetoLogic deleted

C:\ProgramData\WPM deleted

C:\Users\Tim\AppData\Local\CRE deleted

C:\Users\Tim\AppData\Local\fst_nl_11 deleted

C:\Users\Tim\AppData\Local\Mobogenie deleted

C:\Users\Tim\AppData\Local\cache deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector deleted

C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker deleted

C:\WINDOWS\SysNative\roboot64.exe deleted

C:\windows\SysNative\Tasks\Searchya deleted

C:\WINDOWS\SysNative\sasnative64.exe deleted

C:\Users\Tim\Downloads\rcpsetupmarm1_marm11079nl_conduit.exe deleted

C:\Users\Tim\Downloads\rcpsetupmarm1_marm1226019352nl.exe deleted

C:\Users\Tim\Downloads\SoftonicDownloader_voor_regclean-pro.exe deleted

C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted

C:\windows\SysNative\Tasks\Advanced System Protector_startup deleted

C:\WINDOWS\Syswow64\RegistryHelperLM.ocx deleted

C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\18ebcc5d.default-1373919720800\searchplugins\ask-search.xml deleted

C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\18ebcc5d.default-1373919720800\searchplugins\conduit-search.xml deleted

C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\18ebcc5d.default-1373919720800\Invalidprefs.js deleted

C:\Users\Public\Desktop\Advanced System Protector.lnk deleted

C:\Users\Public\Desktop\RegClean Pro.lnk deleted

"C:\PROGRA~2\Advanced System Protector\AdvancedSystemProtector.exe" deleted

"C:\PROGRA~2\Advanced System Protector\aspsys.dll" deleted

"C:\PROGRA~2\Advanced System Protector\Interop.IWshRuntimeLibrary.dll" deleted

"C:\PROGRA~2\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL" deleted

"C:\PROGRA~2\Advanced System Protector\scandll.dll" deleted

"C:\PROGRA~2\Advanced System Protector\System.Data.SQLite.dll" deleted

"C:\PROGRA~2\Advanced System Protector\Xceed.Compression.dll" deleted

"C:\PROGRA~2\Advanced System Protector\Xceed.FileSystem.dll" deleted

"C:\PROGRA~2\Advanced System Protector\Xceed.Zip.dll" deleted

"C:\PROGRA~2\Advanced System Protector" not deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\Users\Tim\AppData\Local\Temp ====

====== Java Cache =====

2014-02-03 09:26:12 C1BBA7F1278F193AB584FFF460DB5E2A 17878 ----a-w- C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-5e7a7798

2014-02-03 09:26:07 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-649019c5

2014-02-03 09:26:06 415FC9732A3F4D89A0E01251CD66E136 646 ----a-w- C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3cb32f52-68f8108c

====== C:\WINDOWS\SysWOW64 =====

2014-02-03 08:57:31 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\WINDOWS\SysWOW64\javaws.exe

2014-02-03 08:57:26 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\WINDOWS\SysWOW64\javaw.exe

2014-02-03 08:57:26 A7871E39687EC6EE9712209DAE248B3A 96168 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-02-03 08:57:26 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\WINDOWS\SysWOW64\java.exe

====== C:\WINDOWS\SysWOW64\drivers =====

====== C:\WINDOWS\Sysnative =====

====== C:\WINDOWS\Sysnative\drivers =====

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2014-02-06 09:59:19 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Tim\AppData\Roaming ======

2014-02-04 11:46:16 -------- d-----w- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hema Fotoalbum

2014-02-04 11:46:14 -------- d-----w- C:\Users\Tim\AppData\Local\Hema Fotoalbum

====== C:\Users\Tim ======

2014-02-06 09:58:58 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Tim\Downloads\RSITx64(1).exe

2014-02-06 09:54:48 71458695DA965B07312DCE2822CE5956 22079 ----a-w- C:\Users\Tim\Desktop\RSITx64.exe

2014-02-05 20:15:33 6FC234AD3752E1267B34FB12BCD6718B 20 --sha-w- C:\Users\DefaultAppPool\ntuser.ini

2014-02-04 11:45:58 81DF17EAE33CB2A422A9183672564FC2 6774448 ----a-w- C:\Users\Tim\Downloads\Hema_NL.exe

2014-02-03 08:57:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-01-27 22:43:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-01-27 22:34:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-01-26 12:32:34 91D5971A920CA13BCBB80652B52B872C 449376 ----a-w- C:\Users\Tim\Downloads\How_to_Train_Your_Dragon_(2010)_DvdRip_XviD_Animatie_.exe

2014-01-15 19:51:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar

====== C: exe-files ==

2014-02-07 08:15:08 A7A117CB1104D0829466F48E17BE0A71 118896 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe

2014-02-06 09:59:19 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Tim.exe

2014-02-06 09:58:58 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- C:\Users\Tim\Downloads\RSITx64(1).exe

2014-02-06 09:54:48 71458695DA965B07312DCE2822CE5956 22079 ----a-w- C:\Users\Tim\Desktop\RSITx64.exe

2014-02-06 09:09:21 75571C40ECC29BCBFF16B1FC3C3ED170 364880 ----a-w- C:\ProgramData\NVIDIA\Updatus\Packages\000057b6\updatus.17778707_RUNASUSER.exe

2014-02-04 11:46:14 EBF7173F377907539A4D70B021C60A36 5184552 ----a-w- C:\Users\Tim\AppData\Local\Hema Fotoalbum\apc.exe

2014-02-04 11:46:14 30B39F21F1B121DB4B77FC29DA71F661 1184469 ----a-w- C:\Users\Tim\AppData\Local\Hema Fotoalbum\unins000.exe

2014-02-04 11:45:58 81DF17EAE33CB2A422A9183672564FC2 6774448 ----a-w- C:\Users\Tim\Downloads\Hema_NL.exe

2014-02-04 02:33:47 BA7524A2D91F895CE7502C78B6A4CBAF 732888 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\32.0.1700.107\32.0.1700.107_32.0.1700.102_chrome_updater.exe

2014-02-03 08:56:36 3842C46F2FBC7522EF625F1833530804 145408 ----a-w- C:\Users\Tim\AppData\LocalLow\Sun\Java\jre1.7.0_51\lzma.exe

2014-02-01 19:21:35 574B62CAD5B2F34A29C2E2AA1D1A16B1 681984 ----a-w- C:\Users\Tim\Downloads\Dallas Buyers Club (2013) HQ AC3 DD51 (Ingebakken Subs)\InF0-HANNES3\Busca Plugins\Busca Plugins\setup.exe

=== C: other files ==

2014-02-01 19:21:37 559B4BBBAD699005F7559395BDEE9D09 22290 ----a-w- C:\Users\Tim\Downloads\Dallas Buyers Club (2013) HQ AC3 DD51 (Ingebakken Subs)\InF0-HANNES3\Busca Plugins\Busca Plugins\BuscaNzbChrome.crx

2014-02-01 19:21:36 59484751E6DC9C9897D0B44D7A862CCC 14631 ----a-w- C:\Users\Tim\Downloads\Dallas Buyers Club (2013) HQ AC3 DD51 (Ingebakken Subs)\InF0-HANNES3\Busca Plugins\Busca Plugins\BuscaNzbv10.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3378421679-160947958-2246735523-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"HP Photosmart 7510 series (NET)"="C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe -deviceID CN25L340HF05PX:NW -scfn HP Photosmart 7510 series (NET) -AutoStart 1"

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

[HKEY_USERS\S-1-5-21-3378421679-160947958-2246735523-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WAB Migrate"="%ProgramFiles%\Windows Mail\wab.exe /Upgrade"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S"

"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"

"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"

"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"

"Aimersoft Helper Compact.exe"="C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"HP Photosmart 7510 series (NET)"="C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe -deviceID CN25L340HF05PX:NW -scfn HP Photosmart 7510 series (NET) -AutoStart 1"

"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"

"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\WINDOWS\\SysWOW64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\system32\\nvinitx.dll,C:\\WINDOWS\\system32\\nvinitx.dll"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ACMON]

"command"="C:\\Program Files (x86)\\ASUS\\Splendid\\ACMON.exe"

"hkey"="HKLM"

"item"="ACMON"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

"hkey"="HKLM"

"item"="Adobe Reader Speed Launcher"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]

"command"="C:\\Windows\\AsScrPro.exe"

"hkey"="HKLM"

"item"="ASUS Screen Saver Protector"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer]

"command"="\"C:\\Program Files (x86)\\CyberLink\\Power2Go\\CLMLSvc.exe\""

"hkey"="HKLM"

"item"="CLMLServer"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]

"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

"hkey"="HKLM"

"item"="RTHDVCPL"

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

==== Startup Folders ======================

2012-11-05 16:59:09 1948 ----a-w- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Inktwaarschuwingen controleren - HP Photosmart 7510 series (netwerk).lnk

2013-01-10 16:33:04 1037 ----a-w- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk

2012-02-24 02:50:52 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

2013-02-17 19:24:00 1949 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [04-02-2014 20:44]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-02-2012 03:28]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24-02-2012 03:28]

C:\WINDOWS\tasks\HP Photo Creations Messager.job --a-------- C:\ProgramData\HP Photo Creations\MessageCheck.exe [15-02-2011 11:11]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\WINDOWS\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]

"C:\WINDOWS\SysNative\tasks\ASUS Live Update" [C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe]

"C:\WINDOWS\SysNative\tasks\ASUS P4G" [C:\Program Files\ASUS\P4G\BatteryLife.exe]

"C:\WINDOWS\SysNative\tasks\ASUS Quick Gesture" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe]

"C:\WINDOWS\SysNative\tasks\ASUS Quick Gesture (x64)" [C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe]

"C:\WINDOWS\SysNative\tasks\ASUS SmartLogon Console Sensor" [C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe]

"C:\WINDOWS\SysNative\tasks\ASUS USB Charger Plus" ["C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"]

"C:\WINDOWS\SysNative\tasks\ATKOSD2" [C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe]

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\HP Photo Creations Messager" [C:\ProgramData\HP Photo Creations\MessageCheck.exe]

"C:\WINDOWS\SysNative\tasks\HPCustParticipation HP Photosmart 7510 series" ["C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe"]

"C:\WINDOWS\SysNative\tasks\hpUrlLauncher.exe_{415EAF62-E41A-4B10-B99E-63D9DD4F400A}" [C:\Program Files\HP\HP Photosmart 7510 series\Bin\utils\hpUrlLauncher.exe]

"C:\WINDOWS\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{C6E5D42E-655F-43D7-956A-5C94887FC7DF}" [C:\WINDOWS\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"quickprint@hp.com"="C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension" [26-01-2011 14:27]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\18ebcc5d.default-1373919720800

FD6ACD9D85177259D442A0C4AC15F7B8 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash

7EF7E4C1325D533F5186E7118ABB0E7C - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll - McAfee Security Scanner +

8F0B95B3AC17DAE9E138E7BBE2429B6C - C:\Users\Tim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[]

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Tim\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

ojcdnngpmbenohhjlickdajclhbcaada - C:\Program Files (x86)\TubeSaver\128.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

ndgonipadfipmlmdfofnjnhhlgojnjdn - C:\Users\Tim\AppData\Local\CRE\ndgonipadfipmlmdfofnjnhhlgojnjdn.crx[]

BittorrentBar_NL - Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn

==== Chrome Fix ======================

C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndgonipadfipmlmdfofnjnhhlgojnjdn_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.nationzoom.com/web/?type=ds&ts=1388859928&from=slbnew&uid=WDCXWD7500BPVT-80HXZT3_WD-WXK1E32YMPA6YMPA6&q={searchTerms}"

"Search Page"="http://www.nationzoom.com/web/?type=ds&ts=1388859928&from=slbnew&uid=WDCXWD7500BPVT-80HXZT3_WD-WXK1E32YMPA6YMPA6&q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.nationzoom.com/web/?type=ds&ts=1388859928&from=slbnew&uid=WDCXWD7500BPVT-80HXZT3_WD-WXK1E32YMPA6YMPA6&q={searchTerms}"

"Search Page"="http://www.nationzoom.com/web/?type=ds&ts=1388859928&from=slbnew&uid=WDCXWD7500BPVT-80HXZT3_WD-WXK1E32YMPA6YMPA6&q={searchTerms}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{5391D561-1DDF-9C86-6BCB-57B9C08F04D6} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3378421679-160947958-2246735523-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

HKEY_USERS\S-1-5-21-3378421679-160947958-2246735523-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5391D561-1DDF-9C86-6BCB-57B9C08F04D6} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ojcdnngpmbenohhjlickdajclhbcaada deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ndgonipadfipmlmdfofnjnhhlgojnjdn deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Tim\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Tim\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Tim\AppData\Local\Mozilla\Firefox\Profiles\18ebcc5d.default-1373919720800\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1034 folders=180 877303013 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully

C:\Users\Mcx1-TIM-PC\AppData\Local\Temp emptied successfully

C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\Tim\AppData\Local\Temp will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\Users\Tim\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Advanced System Protector" not found

==== EOF on vr 07-02-2014 at 9:53:34,50 ======================

Blijkbaar heb je ondertussen weer nieuwe malware gedownload

Download AdwCleaner by Xplode naar het bureaublad.

AdwCleaner uitvoeren

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op de knop Scan.
  
• Wanneer de scan gereed is Klikt u vervolgens op de knop Clean.
  
• Als dit gereed is wordt er gevraagd om de computer opnieuw op te starten, klik hier op OK.
  
• Nadat de computer opnieuw is opgestart wordt het logbestand automatisch geopend.
  
• Plaats dit logbestand in het volgende bericht.
  

Pfff lekker dan, bedankt voor je hulp. Je begrijpt vast wel dat ik er niet meer uitkom...

# AdwCleaner v3.018 - Report created 07/02/2014 at 15:49:11

# Updated 28/01/2014 by Xplode

# Operating System : Windows 8.1 Pro with Media Center (64 bits)

# Username : Tim - TIM-PC

# Running from : C:\Users\Tim\Downloads\adwcleaner(1).exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Tim\AppData\Local\Systweak

File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\18ebcc5d.default-1373919720800\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Key Deleted : HKLM\SOFTWARE\f08a8bb134e940

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\BabylonToolbar

Key Deleted : HKCU\Software\BI

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\Somoto

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\V9

Key Deleted : HKCU\Software\AppDataLow\Software\TubeSaver

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\FreeSoftToday

Key Deleted : HKLM\Software\ParetoLogic

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\Tutorials

Key Deleted : HKLM\Software\Uniblue\DriverScanner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

-\\ Mozilla Firefox v27.0 (nl)

[ File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\18ebcc5d.default-1373919720800\prefs.js ]

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2916 octets] - [07/02/2014 15:46:14]

AdwCleaner[s0].txt - [2433 octets] - [07/02/2014 15:49:11]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2493 octets] ##########

Nu lijkt me de zaak er beter uit te zien. Laat je antivirusprogramma nu opnieuw scannen. Benieuwd of je de oorspronkelijke foutmelding nog krijgt ? Laat maar weten of dit nog het geval is of niet ?

De melding is inderdaad verdwenen, geen verdere infecties volgens de virusscanner. Helaas loopt Windows verkenner nog steeds vaak vast, wellicht is dat een ander probleem. In ieder geval ontzettend bedankt!

Download ComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

• Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  
• Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  
• Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  
• Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  
• Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  
• Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  
• Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  
• Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  
• Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
  

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  
• Illegal operation attempted on a registry key that has been marked for deletion.