Ga naar inhoud

malware infectie

Maerschalck
 Delen

Aanbevolen berichten

Maerschalck Verkenner

Maerschalck

Geplaatst:
Geplaatst:

Hallo,

Mijn pc is geïnfecteerd door malware. Malwarebytes vindt niks, maar ik vertrouwde het zaakje dus niet, daarom heb ik een dubbelcheck gedaan met SpyHunter. Deze vind dus wel vanalles... Probleem is dat ik (nog?) met de gratis versie werk (programma kost 30€) en daarmee kan je dus niks verwijderen.

Wat raden jullie aan? (buiten spyhunter aanschaffen xD)

Mvg

Link naar reactie
Delen op andere sites
Jion Grootmeester

Jion

Geplaatst:
Geplaatst:

Dag Maerschalck,

Het is zeker niet nodig om een tool aan te kopen hoor. ;-)

Voer om te beginnen het volgende al eens uit:

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

3. Na het plaatsen van je logje wordt dit door een expert nagekeken en hij begeleidt jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

Link naar reactie
Delen op andere sites
Maerschalck Verkenner

Maerschalck

Geplaatst:
  • Auteur
Geplaatst:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:46:31, on 7-5-2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Belgacom\bin\sprtcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mixi Dj Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: mixidj Helper Object - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files\mixidj\mixidj\1.8.18.8\bh\mixidj.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files\OApps\SelectionLinks.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: MixiDJ Toolbar - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60

O4 - HKCU\..\Run: [Google Update] "C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BS672Q105MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: is-9QKVN.lnk = C:\Users\USER\Desktop\Virus Removal Tool\is-9QKVN\startup.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-be.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1366051909724

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll

O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files\DefaultTab\DefaultTabSearch.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SupportSoft Sprocket Service (belgacom) (sprtsvc_belgacom) - SupportSoft, Inc. - C:\Program Files\Belgacom\bin\sprtsvc.exe

O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 10402 bytes

Link naar reactie
Delen op andere sites
Mako Grootmeester

Mako

Geplaatst:
Geplaatst:

Hallo Maerschalck,

  1. Ga naar Start - Alle Programma's - Bureau-accessoires - Opdrachtprompt
    Windows Vista/7 gebruikers dienen de opdrachtprompt Als Administrator uit te voeren via het rechtsklik menu.
    Tik in: sc stop BrowserProtect gevolgd door Enter.
    Tik in: sc delete BrowserProtect gevolgd door Enter.
    Tik in: sc stop DefaultTabSearch gevolgd door Enter.
    Tik in: sc delete DefaultTabSearch gevolgd door Enter.
    Tik in: Exit om het venster te sluiten.
    Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie en laat ons weten welke foutmelding je kreeg.
  2. Start HijackThis en kies "Scan". Selecteer enkel de hieronder opgenoemde regel(s):
    Indien je "Scan" niet terug vindt druk je eerst op "Do a systemscan and save a logfile"
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mixi Dj Search
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: mixidj Helper Object - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files\mixidj\mixidj\1.8.18.8\bh\mixidj.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: HelloWorldBHO - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files\OApps\SelectionLinks.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: MixiDJ Toolbar - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - Startup: is-9QKVN.lnk = C:\Users\USER\Desktop\Virus Removal Tool\is-9QKVN\startup.exe
    O20 - AppInit_DLLs: c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll

    Klik op "Fix checked"
    Opgelet!
    • Windows Vista & 7 gebruikers dienen HijackThis als "administrator" uit te voeren via rechtermuisknop "als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map: C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.
    • Sluit alle actieve vensters, met uitzondering van HijackThis.
    • Schakel je anti-virus software uit alvorens dit uit te voeren!

[*]Herstart je computer

[*]Open een kladblok document en plak daarin onderstaande inhoud:

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Mappen verwijderen>>log.txt
FOR %%b in ( 
"C:\ProgramData\BrowserProtect"
"C:\Program Files\Ask.com"
"C:\Users\USER\Desktop\Virus Removal Tool"
) DO (
IF EXIST %%b (
RD /S /Q %%b
IF EXIST %%b (
ECHO %%b Bestand niet verwijderd>>log.txt
) ELSE (
ECHO %%b Succesvol verwijderd>>log.txt)
) ELSE (
ECHO %%b Niet gevonden>>log.txt))
START NOTEPAD log.txt
DEL %%0

Ga naar Bestand - Opslaan als

Kies bij 'Opslaan als' voor alle bestanden

Sla het bestand op op je bureaublad als Batch.bat

Sluit het venster en dubbelklik op Batch.bat op je bureaublad

[*]Download AdwCleaner by Xplode naar je bureaublad.

Sluit alle openstaande vensters.


  • Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Voor XP: Gewoon dubbelklikken op AdwCleaner.
  • Klik vervolgens op Verwijderen.
  • Klik bij AdwCleaner – Informatie op OK
  • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal. Nadat de PC opnieuw is opgestart, opent een logfile. Post de inhoud van dit log in je volgende bericht samen met de inhoud van log.txt.

Link naar reactie
Delen op andere sites
Maerschalck Verkenner

Maerschalck

Geplaatst:
  • Auteur
Geplaatst:

# AdwCleaner v2.300 - Verslag gemaakt op 07/05/2013 om 19:29:13

# Geactualiseerd op 28/04/2013 door Xplode

# Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits)

# Gebruiker : USER - PC_VAN_USER

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\USER\Rest\Desktop\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

Map Verwijdert : C:\Program Files\Ask.com

Map Verwijdert : C:\Program Files\DefaultTab

Map Verwijdert : C:\Program Files\mixidj

Map Verwijdert : C:\Program Files\OApps

Map Verwijdert : C:\Program Files\Winamp Toolbar

Map Verwijdert : C:\ProgramData\Ask

Map Verwijdert : C:\ProgramData\Babylon

Map Verwijdert : C:\ProgramData\Winamp Toolbar

Map Verwijdert : C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}

Map Verwijdert : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Verwijdert bij het opstarten : C:\ProgramData\BrowserProtect

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\5e2dfd1e535ea41

Sleutel Verwijdert : HKCU\Software\APN

Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AskToolbar

Sleutel Verwijdert : HKCU\Software\Ask.com

Sleutel Verwijdert : HKCU\Software\BabylonToolbar

Sleutel Verwijdert : HKCU\Software\DataMngr

Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar

Sleutel Verwijdert : HKCU\Software\Default Tab

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Sleutel Verwijdert : HKCU\Software\mixidj

Sleutel Verwijdert : HKCU\Software\Winamp Toolbar

Sleutel Verwijdert : HKLM\SOFTWARE\5e2dfd1e535ea41

Sleutel Verwijdert : HKLM\Software\APN

Sleutel Verwijdert : HKLM\Software\AskToolbar

Sleutel Verwijdert : HKLM\Software\Babylon

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Sleutel Verwijdert : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\mixidj.mixidjdskBnd

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\mixidj.mixidjdskBnd.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\mixidj.mixidjHlpr

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\mixidj.mixidjHlpr.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTb.Downloader

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper

Sleutel Verwijdert : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1

Sleutel Verwijdert : HKLM\Software\Conduit

Sleutel Verwijdert : HKLM\Software\DataMngr

Sleutel Verwijdert : HKLM\Software\Default Tab

Sleutel Verwijdert : HKLM\Software\DefaultTab

Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp

Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\kpepfkjapeclaafmhoelccknpfedainn

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mixidj

Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar

Sleutel Verwijdert : HKLM\Software\mixidj

Sleutel Verwijdert : HKLM\SOFTWARE\Software

Sleutel Verwijdert : HKLM\Software\Winamp Toolbar

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [browsers] *****

-\\ Internet Explorer v7.0.6002.18005

Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://mixidj.delta-search.com/?affID=121136&tt=gc_&babsrc=NT_ss&mntrId=541800064F4DDE34 --> hxxp://www.google.com

-\\ Mozilla Firefox v [Onmogelijk de versie te verkrijgen]

-\\ Google Chrome v26.0.1410.64

*************************

AdwCleaner[s1].txt - [14935 octets] - [07/05/2013 19:29:13]

########## EOF - C:\AdwCleaner[s1].txt - [14996 octets] ##########

Mappen verwijderen

"C:\ProgramData\BrowserProtect" Bestand niet verwijderd

"C:\Program Files\Ask.com" Bestand niet verwijderd

"C:\Users\USER\Desktop\Virus Removal Tool" Niet gevonden

Bij de commando's in het opdrachtprompt kreeg ik volgende melding bij sc Stop DefaultTabSearch:

controlservice mislukt 1062: de service is niet gestart

Link naar reactie
Delen op andere sites
Mako Grootmeester

Mako

Geplaatst:
Geplaatst:

  1. Herstart je computer
  2. Download zoek.exe naar het bureaublad.

    • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
      (hier of hier) kan je lezen hoe je dat doet.
    • Dubbelklik op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Klik op de knop "Options" en vink nu de onderstaande opties aan.

      • Running processes
      • Recently Created
      • Startup Information
      • Installed Programs
      • Auto Clean

[*] Klik daarna op de knop "Run script".

[*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

[*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

[*] Post nu de inhoud van het geopende logje in het volgende bericht.

P.S. Het bestand Batch.bat en log.txt mag je opnieuw verwijderen.

Link naar reactie
Delen op andere sites
Maerschalck Verkenner

Maerschalck

Geplaatst:
  • Auteur
Geplaatst:

Zoek.exe Version 4.0.0.2 Updated 06-May-2013

Tool run by USER on wo 08-05-2013 at 18:18:42,95.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Emsisoft Anti-Malware\a2service.exe

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Belgacom\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\USER\Rest\Desktop\zoek.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

æTorrent

32 Bit HP CIO Components Installer

AAC Decoder

Acer eDataSecurity Management

Acer Empowering Technology

Acer ePerformance Management

Acer Picture Slide DVD

Acer Plug and Record

Acer ScreenSaver

Acer Tour

Acer Zone MagicDirector

Acer Zone Main Page

Acer Zone MakeDisk

Acer Zone SoftDMA

Ad-Aware 2007

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS

Adobe Photoshop CS2

Adobe Reader 7.0

Adobe Shockwave Player 11

Adobe Stock Photos 1.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applian FLV Player

ATI Catalyst Control Center Ex

ATI Catalyst Install Manager

AutoUpdate

aXbo research 2.0.18

aXbo USB Driver (Driver Removal)

Basissoftware voor HP Deskjet 3070 B611 series

Belgacom Genius

BenVista PhotoZoom Pro 2.3.4

BenVista PhotoZoom Pro 3.1

BenVista PhotoZoom Pro 4.1.2

Bonjour

BufferChm

CCleaner

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Plus Web Player

DivX Version Checker

Emsisoft Anti-Malware

eSupportQFolder

Firebird SQL Server - MAGIX Edition

Freez FLV to AVI/MPEG/WMV Converter

Google Chrome

Google Earth Plug-in

Google SketchUp 7

Google Update Helper

H.264 Decoder

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 8.0

HP Deskjet 3070 B611 series Haelp

HP Imaging Device Functions 8.0

HP Photosmart Appliance Printer Driver Software 8.0.D

HP Photosmart Essential

HP Product Assistant

HP Product Detection

HP Solution Center 8.0

HP Update

HPProductAssistant

HPSSupply

iCloud

iTunes

Java 7 Update 21

Java Auto Updater

Junk Mail filter update

LightScribe 1.4.124.1

MAGIX Music Maker 17 Download-versie

MAGIX Screenshare

MAGIX Speed burnR (MSI)

Malwarebytes Anti-Malware versie 1.75.0.1300

Manage Registry ActiveX Control DEMO 2.1 (Build 2.1.2.221)

MarketResearch

Maxthon Browser (remove only)

Maxthon2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2000 Premium

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MixiDJ chrome Toolbar

MKV Splitter

MobileMe Control Panel

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Native Instruments Traktor DJ Studio 3 Demo

Nokia Connectivity Cable Driver

Nokia Ovi Suite

Nokia Ovi Suite Software Updater

NTI Backup NOW 4.7

NTI CD & DVD-Maker

Octoshape add-in for Adobe Flash Player

OpenOffice.org Installer 1.0

Ovi Desktop Sync Engine

OviMPlatform

Patience 1.01

PC Connectivity Solution

Picasa 3

PPTX Viewer 2.0

QuickTime

Realtek High Definition Audio Driver

RegTool

Roll

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

SelectionLinks

SF_CDD_Software

Shockwave Director 11.0

Skype Click to Call

SkypeT 6.0

SolutionCenter

SoulSeek Client 156b

Spybot - Search & Destroy

SpyHunter

Status

Sweet Home 3D

Text-To-Speech-Runtime

TomTom HOME 2.7.6.2056

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

TubeHunter Ultra

Uninstall 1.0.0.1

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VC80CRTRedist - 8.0.50727.4053

Virtual DJ Home - Atomix Productions

Virtual Earth 3D (Beta)

VirtualDJ Home FREE

VLC media player 1.0.1

WebReg

WinAce Archiver

Winamp

Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Live - Hulpprogramma voor uploaden

Windows Live aanmeldhulp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Media Player Firefox Plugin

xrecode II 1.0.0.58

==== FireFox Fix ======================

ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b98vn5oq.default

---- Lines mixidj removed from prefs.js ----

---- Lines mixidj modified from prefs.js ----

---- Lines mixidj removed from user.js ----

user_pref("extensions.mixidj.tlbrSrchUrl", "");

user_pref("extensions.mixidj.id", "5418a96000000000000000064f4dde34");

user_pref("extensions.mixidj.appId", "{A2773ED4-83BD-488A-A186-73590706C916}");

user_pref("extensions.mixidj.instlDay", "15831");

user_pref("extensions.mixidj.vrsn", "1.8.18.8");

user_pref("extensions.mixidj.vrsni", "1.8.18.8");

user_pref("extensions.mixidj.vrsnTs", "1.8.18.80:03:26");

user_pref("extensions.mixidj.prtnrId", "mixidj");

user_pref("extensions.mixidj.prdct", "mixidj");

user_pref("extensions.mixidj.aflt", "babsst");

user_pref("extensions.mixidj.smplGrp", "none");

user_pref("extensions.mixidj.tlbrId", "mdelta");

user_pref("extensions.mixidj.instlRef", "sst");

user_pref("extensions.mixidj.dfltLng", "en");

user_pref("extensions.mixidj.excTlbr", false);

user_pref("extensions.mixidj.ffxUnstlRst", false);

user_pref("extensions.mixidj.admin", false);

user_pref("extensions.mixidj.autoRvrt", "false");

user_pref("extensions.mixidj.rvrt", "false");

user_pref("extensions.mixidj.newTab", false);

---- Lines ask.com removed from prefs.js ----

user_pref("browser.search.defaultengine", "Ask.com");

user_pref("browser.search.defaultenginename", "Ask.com");

user_pref("browser.search.order.1", "Ask.com");

user_pref("browser.search.selectedEngine", "Ask.com");

---- Lines ask.com modified from prefs.js ----

---- Lines asktb removed from prefs.js ----

user_pref("extensions.asktb.ff-original-keyword-url", "");

---- Lines asktb modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

user_08-05-2013_1828_.backup

prefs_08-05-2013_1828_.backup

==== Deleting Files \ Folders ======================

"C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b98vn5oq.default\searchplugins\mixidj.xml" deleted

"C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted

"C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted

"C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b98vn5oq.default\searchplugins\askcom.xml" deleted

"C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b98vn5oq.default\searchplugins\search.xml" deleted

"C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b98vn5oq.default\bProtector_extensions.rdf" deleted

"C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b98vn5oq.default\bProtector_prefs.js" deleted

"C:\Users\USER\AppData\Roaming\lowsec\local.ds" deleted

"C:\Users\USER\AppData\Roaming\lowsec\user.ds" deleted

"C:\Users\USER\AppData\Roaming\lowsec" deleted

"C:\Users\USER\AppData\Roaming\BabSolution" deleted

"C:\Users\USER\AppData\Roaming\Babylon" deleted

"C:\Users\USER\AppData\Roaming\DefaultTab" deleted

"C:\ProgramData\BrowserProtect" deleted

"C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect" deleted

"C:\Users\USER\AppData\Local\APN" deleted

"C:\Users\USER\AppData\LocalLow\AskToolbar" deleted

"C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b98vn5oq.default\extensions\ffxtlbr@mixidj.com" deleted

"C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b98vn5oq.default\extensions\toolbar@ask.com" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-05-07 17:29:34 8CF2B639F0324328B9902120198FF4AA 97 ----a-w- C:\Windows\DeleteOnReboot.bat

====== C:\Users\USER\AppData\Local\Temp ====

2013-05-06 22:24:21 E16162E348C6636AB65DFD72AC9E718C 44813392 ----a-w- C:\Users\USER\AppData\Local\Temp\SHSetup.exe

====== C:\Windows\system32 =====

2013-05-06 22:04:08 6653C22907B7D8732218CFD918030616 2942 ----a-w- C:\Windows\System32\FoxPowerPointVUninstall.ini

====== C:\Windows\system32\drivers =====

2013-04-10 15:56:51 2C1121F2B87E9A6B12485DF53CD848C7 1082232 ----a-w- C:\Windows\System32\drivers\ntfs.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-05-06 22:27:04 -------- d-----w- C:\Program Files\Enigma Software Group

2013-05-06 22:04:06 -------- d-----w- C:\Program Files\FoxPDF Software Inc

======= C: =====

2013-05-07 17:29:13 7C431F398D1EB41E4FC55671491B703C 15066 ----a-w- C:\AdwCleaner[s1].txt

====== C:\Users\USER\AppData\Roaming ======

2013-05-06 22:27:28 -------- d-----w- C:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2013-05-06 22:04:31 -------- d-----w- C:\users\USER\AppData\Roaming\.oit

2013-05-06 22:03:23 -------- d-----w- C:\users\USER\AppData\Roaming\mixidj

====== C:\Users\USER ======

====== C: exe-files ==

2013-05-07 17:27:22 A95866BA166A09E360BB88DA72D4531D 628743 ----a-w- C:\Users\USER\Rest\Desktop\adwcleaner.exe

2013-05-06 22:27:31 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\USER\AppData\Roaming\Microsoft\Installer\{D8167CA8-236B-4334-B77D-F388F494EE18}\IconF7A21AF7.exe

2013-05-06 22:27:31 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\USER\AppData\Roaming\Microsoft\Installer\{D8167CA8-236B-4334-B77D-F388F494EE18}\IconD7F16134.exe

2013-05-06 22:27:31 36B98B8197E1BE8E7382D29C1A3628AA 110080 ----a-r- C:\Users\USER\AppData\Roaming\Microsoft\Installer\{D8167CA8-236B-4334-B77D-F388F494EE18}\IconCF33A0CE.exe

2013-05-06 22:24:21 E16162E348C6636AB65DFD72AC9E718C 44813392 ----a-w- C:\Users\USER\AppData\Local\temp\SHSetup.exe

2013-05-06 22:24:13 0D3336F628629B813C3905EA514A7C78 726464 ----a-w- C:\Users\USER\Documents\Downloads\SpyHunter-Installer.exe

2013-05-06 22:03:00 6B1F117251768D9E0B3B24870178600F 11786751 ----a-w- C:\Users\USER\Downloads\PPTXViewer.exe

2013-05-06 22:01:56 D39160AB60A14E420EBDA3C478FDF381 584600 ----a-w- C:\Users\USER\Documents\Downloads\cbsidlm-tr1_13-PPTX_Viewer-ORG-75788920.exe

=== C: other files ==

2013-05-08 15:48:02 896BD6B5ACA35418C9E0516A0AD5DE96 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1166787086-2058581557-67695525-1000\$I6M5JYD.bat

2013-05-07 17:29:34 8CF2B639F0324328B9902120198FF4AA 97 ----a-w- C:\Windows\DeleteOnReboot.bat

2013-05-07 17:26:15 DC38E53F1E0E9EB867EF23932B295418 418 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1166787086-2058581557-67695525-1000\$R6M5JYD.bat

2013-05-06 22:27:47 E0E7672DBE3AF879971DAA6F1ECA6333 6320000 ----a-w- C:\Program Files\Enigma Software Group\SpyHunter\SH4.com

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1166787086-2058581557-67695525-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"HP Deskjet 3070 B611 series (NET)"="C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe -deviceID CN1BS672Q105MQ:NW -scfn HP Deskjet 3070 B611 series (NET) -AutoStart 1"

"MobileDocuments"="C:\Program Files\Common Files\Apple\Internet Services\ubd.exe"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe /P Belgacom"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe /d=60"

"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"HP Deskjet 3070 B611 series (NET)"="C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe -deviceID CN1BS672Q105MQ:NW -scfn HP Deskjet 3070 B611 series (NET) -AutoStart 1"

"MobileDocuments"="C:\Program Files\Common Files\Apple\Internet Services\ubd.exe"

"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer Empowering Technology Monitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acer Empowering Technology Monitor"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\SysMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AppleSyncNotifier"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATICCC]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ATICCC"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ccApp"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eDataSecurity Loader]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="eDataSecurity Loader"

"hkey"="HKLM"

"command"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware (reboot)]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Malwarebytes Anti-Malware (reboot)"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaMServer"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaOviSuite2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaOviSuite2"

"hkey"="HKCU"

"command"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe -tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\osCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="osCheck"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RtHDVCpl"

"hkey"="HKLM"

"command"="RtHDVCpl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Shockwave Updater]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"

"item"="Shockwave Updater"

"hkey"="HKCU"

"command"="C:\\Windows\\System32\\Adobe\\SHOCKW~1\\SWHELP~2.EXE -Update -1100465 -\"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Maxthon; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)\" -\"http://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1250973034216\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Sidebar"

"hkey"="HKCU"

"command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TkBellExe"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TomTomHOME.exe"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WarReg_PopUp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WarReg_PopUp"

"hkey"="HKLM"

"command"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WinampAgent"

"hkey"="HKLM"

"command"="C:\\Program Files\\Winamp\\wianmpa.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WMPNSCFG"

"hkey"="HKCU"

"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\?????????]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="?????????"

"hkey"="HKCU"

"command"="??????????????e"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

"item"="Adobe Gamma Loader"

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"

"backup"="C:\\Windows\\pss\\Adobe Gamma Loader.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

"item"="Adobe Reader Speed Launch"

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\Windows\\pss\\Adobe Reader Speed Launch.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Empowering Technology Launcher.lnk"

"backup"="C:\\Windows\\pss\\Empowering Technology Launcher.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\Acer\\EMPOWE~1\\EAPLAU~1.EXE 9999"

"item"="Empowering Technology Launcher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

"item"="HP Digital Imaging Monitor"

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"

"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe"

==== Startup Folders ======================

2008-04-12 17:37:46 1174 ----a-w- C:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

2007-06-04 18:25:43 1879 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22-04-2013 18:06]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19-06-2010 17:28]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19-06-2010 17:28]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1166787086-2058581557-67695525-1000Core.job --a------ C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [02-09-2008 23:11]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1166787086-2058581557-67695525-1000UA.job --a------ C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [02-09-2008 23:11]

C:\Windows\tasks\Registry Reviver-USER-Startup.job --a------ C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe []

==== Firefox Extensions ======================

ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\b98vn5oq.default

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\divx@partners.mozilla.com

- Undetermined - C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org

- Undetermined - %ProfilePath%\extensions\staged-xpis

- Undetermined - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

- DVDVideoSoft Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

AppDir: C:\Program Files\Mozilla Firefox

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

kgbadnenegkkgdlldhllpgekejcjnjhl - C:\Program Files\OApps\chrome-sl.crx[]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02-10-2012 13:14]

AdBlock - USER - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Skype Click to Call - USER - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://nl.intl.acer.yahoo.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{C57A9992-5271-4150-96A4-00974EC19544} Yahoo//search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kgbadnenegkkgdlldhllpgekejcjnjhl deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\USER\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\USER\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\USER\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

Link naar reactie
Delen op andere sites
Mako Grootmeester

Mako

Geplaatst:
Geplaatst:

Hallo,

  1. Ga naar Start - Configuratiescherm - Software
    Deïnstalleer (indien nog aanwezig) volgend programma:
    • MixiDJ chrome Toolbar

[*]


  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem. 

 
C:\users\USER\AppData\Roaming\mixidj;fs
C:\users\USER\AppData\Roaming\.oit;fs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg];e


  • Klik daarna op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Laat eveneens maar eens weten hoe het met de computer gaat :-)

Link naar reactie
Delen op andere sites
Maerschalck Verkenner

Maerschalck

Geplaatst:
  • Auteur
Geplaatst:

Zoek.exe Version 4.0.0.2 Updated 06-May-2013

Tool run by USER on do 09-05-2013 at 19:26:26,34.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results08-05-2013-1845.log 31951 bytes

==== Deleting Files \ Folders ======================

"C:\users\USER\AppData\Roaming\mixidj" deleted

"C:\users\USER\AppData\Roaming\.oit" deleted

==== Registry Exports ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer Empowering Technology Monitor]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acer Empowering Technology Monitor"

"hkey"="HKLM"

"command"="C:\\Windows\\system32\\SysMonitor.exe"

"inimapping"="0"

"YEAR"=dword:000007d8

"MONTH"=dword:00000003

"DAY"=dword:0000000b

"HOUR"=dword:00000012

"MINUTE"=dword:00000037

"SECOND"=dword:0000001b

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AppleSyncNotifier"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleSyncNotifier.exe"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATICCC]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ATICCC"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""

"inimapping"="0"

"YEAR"=dword:000007d8

"MONTH"=dword:00000003

"DAY"=dword:0000000b

"HOUR"=dword:00000012

"MINUTE"=dword:0000002b

"SECOND"=dword:00000029

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ccApp"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"inimapping"="0"

"YEAR"=dword:000007d8

"MONTH"=dword:00000003

"DAY"=dword:0000000b

"HOUR"=dword:00000012

"MINUTE"=dword:0000002b

"SECOND"=dword:00000029

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eDataSecurity Loader]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="eDataSecurity Loader"

"hkey"="HKLM"

"command"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HP Software Update"

"hkey"="HKLM"

"command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000013

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes Anti-Malware (reboot)]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Malwarebytes Anti-Malware (reboot)"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaMServer"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Nokia\\MPlatform\\NokiaMServer /watchfiles startup"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaOviSuite2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NokiaOviSuite2"

"hkey"="HKCU"

"command"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe -tray"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\osCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="osCheck"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""

"inimapping"="0"

"YEAR"=dword:000007d8

"MONTH"=dword:00000003

"DAY"=dword:0000000b

"HOUR"=dword:00000012

"MINUTE"=dword:0000002b

"SECOND"=dword:00000029

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QuickTime Task"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RtHDVCpl"

"hkey"="HKLM"

"command"="RtHDVCpl.exe"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Shockwave Updater]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"

"item"="Shockwave Updater"

"hkey"="HKCU"

"command"="C:\\Windows\\System32\\Adobe\\SHOCKW~1\\SWHELP~2.EXE -Update -1100465 -\"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Maxthon; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)\" -\"http://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1250973034216\""

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Sidebar"

"hkey"="HKCU"

"command"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000013

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TkBellExe"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

"inimapping"="0"

"YEAR"=dword:000007d9

"MONTH"=dword:00000002

"DAY"=dword:00000009

"HOUR"=dword:00000014

"MINUTE"=dword:00000015

"SECOND"=dword:0000003b

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TomTomHOME.exe"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\TomTom HOME 2\\TomTomHOMERunner.exe\""

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WarReg_PopUp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WarReg_PopUp"

"hkey"="HKLM"

"command"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe"

"inimapping"="0"

"YEAR"=dword:000007d8

"MONTH"=dword:00000003

"DAY"=dword:0000000b

"HOUR"=dword:00000012

"MINUTE"=dword:0000002b

"SECOND"=dword:00000029

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WinampAgent"

"hkey"="HKLM"

"command"="C:\\Program Files\\Winamp\\wianmpa.exe"

"inimapping"="0"

"YEAR"=dword:000007d8

"MONTH"=dword:00000003

"DAY"=dword:0000000b

"HOUR"=dword:00000012

"MINUTE"=dword:0000002b

"SECOND"=dword:00000029

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMPNSCFG]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WMPNSCFG"

"hkey"="HKCU"

"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

"inimapping"="0"

"YEAR"=dword:000007db

"MONTH"=dword:00000006

"DAY"=dword:00000018

"HOUR"=dword:0000000d

"MINUTE"=dword:00000022

"SECOND"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\?????????]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="?????????"

"hkey"="HKCU"

"command"="??????????????e"

"inimapping"="0"

"YEAR"=dword:000007d8

"MONTH"=dword:00000003

"DAY"=dword:0000000b

"HOUR"=dword:00000012

"MINUTE"=dword:0000002b

"SECOND"=dword:00000029

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.