PC virus vrij en sneller maken

[kape]

Wil je dit gedeelte nog eens herhalen met Comofix:

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
Folder::
c:\users\Administrator\AppData\Roaming\Owix 
c:\users\Administrator\AppData\Roaming\Wotu 
c:\users\Administrator\AppData\Roaming\Iguk 
c:\users\Administrator\AppData\Roaming\Leowo 
c:\users\Administrator\AppData\Roaming\Wopot 
c:\users\Administrator\AppData\Roaming\Ivaxl 
c:\users\Administrator\AppData\Roaming\Orhuan
c:\users\Administrator\AppData\Roaming\Marido 
c:\users\Administrator\AppData\Roaming\Ebyg 
c:\users\Administrator\AppData\Roaming\Agall
c:\users\Administrator\AppData\Roaming\Uhimw 
c:\users\Administrator\AppData\Roaming\Lair 
c:\users\Administrator\AppData\Roaming\Omfe 
c:\users\Administrator\AppData\Roaming\Gagobi 
c:\users\Administrator\AppData\Roaming\Esno 
c:\users\Administrator\AppData\Roaming\Ykarr 
c:\users\Administrator\AppData\Roaming\Osym 
c:\users\Administrator\AppData\Roaming\Ilaz

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.

[hidde565]

ComboFix 13-07-20.03 - Hofte 23-07-2013 13:16:25.3.2 - x86

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.31.1043.18.3071.2081 [GMT 2:00]

Gestart vanuit: c:\users\Administrator\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Administrator\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Administrator\AppData\Roaming\Agall

c:\users\Administrator\AppData\Roaming\Ebyg

c:\users\Administrator\AppData\Roaming\Ebyg\qapyo.exe

c:\users\Administrator\AppData\Roaming\Esno

c:\users\Administrator\AppData\Roaming\Gagobi

c:\users\Administrator\AppData\Roaming\Gagobi\xifa.ole

c:\users\Administrator\AppData\Roaming\Iguk

c:\users\Administrator\AppData\Roaming\Iguk\nodo.exe

c:\users\Administrator\AppData\Roaming\Ilaz

c:\users\Administrator\AppData\Roaming\Ilaz\biunp.ywn

c:\users\Administrator\AppData\Roaming\Ivaxl

c:\users\Administrator\AppData\Roaming\Ivaxl\ciuq.uhx

c:\users\Administrator\AppData\Roaming\Lair

c:\users\Administrator\AppData\Roaming\Lair\dypa.sah

c:\users\Administrator\AppData\Roaming\Leowo

c:\users\Administrator\AppData\Roaming\Marido

c:\users\Administrator\AppData\Roaming\Marido\huisq.suy

c:\users\Administrator\AppData\Roaming\Omfe

c:\users\Administrator\AppData\Roaming\Orhuan

c:\users\Administrator\AppData\Roaming\Orhuan\fewi.adb

c:\users\Administrator\AppData\Roaming\Osym

c:\users\Administrator\AppData\Roaming\Osym\ruqu.eki

c:\users\Administrator\AppData\Roaming\Osym\ruqu.tmp

c:\users\Administrator\AppData\Roaming\Owix

c:\users\Administrator\AppData\Roaming\Owix\tayg.tmp

c:\users\Administrator\AppData\Roaming\Uhimw

c:\users\Administrator\AppData\Roaming\Uhimw\hyig.umz

c:\users\Administrator\AppData\Roaming\Wopot

c:\users\Administrator\AppData\Roaming\Wotu

c:\users\Administrator\AppData\Roaming\Wotu\abcu.fac

c:\users\Administrator\AppData\Roaming\Ykarr

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-06-23 to 2013-07-23 ))))))))))))))))))))))))))))))

.

.

2013-07-23 11:35 . 2013-07-23 11:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-07-23 11:35 . 2013-07-23 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-23 10:11 . 2013-07-15 01:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D26A357-062D-4B3C-911D-07CA93E7A1E2}\mpengine.dll

2013-07-19 13:02 . 2013-07-19 13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-07-19 13:02 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-07-19 11:40 . 2013-07-19 11:40 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-07-19 11:40 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-07-19 11:40 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-07-19 11:40 . 2013-07-19 11:40 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-07-19 11:40 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-07-19 11:40 . 2013-07-19 11:40 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-19 11:40 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-07-19 11:40 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-07-19 11:40 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-07-19 11:38 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

2013-07-19 11:37 . 2013-07-19 11:37 -------- d-----w- c:\program files\AVAST Software

2013-07-19 11:35 . 2013-07-19 11:37 -------- d-----w- c:\programdata\AVAST Software

2013-07-19 11:30 . 2013-07-19 11:30 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-19 11:30 . 2013-07-19 11:30 -------- d-----w- c:\program files\Trend Micro

2013-07-12 13:33 . 2013-07-12 13:39 -------- d-----w- c:\windows\system32\MRT

2013-07-10 12:32 . 2013-06-12 00:23 770648 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2013-07-10 12:32 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\system32\wininet.dll

2013-07-10 10:12 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-07-10 10:12 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-10 10:12 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-10 10:12 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-10 10:12 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 10:12 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-10 10:12 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-10 10:12 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-10 10:12 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-10 10:12 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-10 10:12 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-19 12:09 . 2012-05-04 09:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-07-19 12:09 . 2011-05-21 12:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-05 08:57 . 2013-06-05 08:57 644400 ----a-w- c:\windows\system32\mscomct2.ocx

2013-05-13 04:45 . 2013-06-12 07:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 04:45 . 2013-06-12 07:48 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 04:45 . 2013-06-12 07:48 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 03:08 . 2013-06-12 07:48 903168 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 07:48 43008 ----a-w- c:\windows\system32\certenc.dll

2013-05-10 03:20 . 2013-06-12 07:49 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-08 05:38 . 2013-06-12 07:48 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-06 05:06 . 2013-06-12 07:48 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-06 05:06 . 2013-06-12 07:48 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-02 00:06 . 2011-05-21 12:08 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts

2013-04-26 04:55 . 2013-06-12 07:49 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-04-25 23:30 . 2013-06-12 07:49 1505280 ----a-w- c:\windows\system32\d3d11.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-05 1104384]

"HP Deskjet 3520 series (NET)"="c:\program files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-03 10082920]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-05-31 09:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2013-06-05 15:50 1104384 ----a-w- c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]

R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [x]

R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [x]

R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [x]

R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]

R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]

R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1343400]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]

S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2013-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:09]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dg7glcr4.default\

FF - prefs.js: browser.startup.homepage - Google

FF - ExtSQL: 2013-07-19 13:39; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-Toawhy - c:\users\Administrator\AppData\Roaming\Iguk\nodo.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,dc,

cb,77,f1,31,07,a2,7d,d9,65,c5,87,c4,b5

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,11,

ef,68,99,44,0a,a1,32,d3,a9,2d,94,19,1f

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,fe,

ad,57,97,ba,55,a2,e4,45,e0,cd,48,f9,13

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,cb,

08,9f,bd,e9,06,bb,9f,bf,17,88,6c,f1,df

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=hex:

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"=hex:

"Timestamp"=hex:d8,9e,2d,76,53,22,ce,01

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,88,12,fd,f3,4f,53,46,a4,99,cd,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,88,12,fd,f3,4f,53,46,a4,99,cd,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d5,16,a2,c2,51,23,ed,42,86,7f,ea,\

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.aif"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.aifc"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.aiff"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.avi"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.cda"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.cdda"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\wmplayer.exe"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.ipa"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.ipg"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.ipsw"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.itdb"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.ite"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.itl"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.itlp"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.itls"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.itms"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.itpc"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.m3u"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.m3u8"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.m4a"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.m4b"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.m4p"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.m4r"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.m4v"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.mov"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.mp2"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.mp3"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.pcast"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\photoviewer.dll"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.pls"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PBrush"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]

@Denied: (2) (Administrator)

"Progid"="txtfile"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.wav"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]

@Denied: (2) (Administrator)

"Progid"="iTunes.wave"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2695659227-4190923716-1575364736-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-07-23 13:41:49

ComboFix-quarantined-files.txt 2013-07-23 11:41

ComboFix2.txt 2013-07-22 13:20

ComboFix3.txt 2013-07-21 09:50

.

Pre-Run: 198.415.122.432 bytes beschikbaar

Post-Run: 198.381.637.632 bytes beschikbaar

.

- - End Of File - - 07EAD1FA4D4B4B0394ADE1045C2960A1

A36C5E4F47E84449FF07ED3517B43A31

Aub

[kape]

Dit is uitstekend verlopen

Hoe staat het nu met de snelheid en eventuele virusmeldingen ?

[hidde565]

Snelheid is top! En heb nu een andere virusscanner, ben van Microsoft Security Essentials overgestapt naar Avast, is dit een goede keuze?

In principe heb ik het liefst een virusscanner waar je zo min mogelijk last van hebt qua verbruik, etc. Maar hij moet natuurlijk wel goed werken, download alleen muziek en films.

Daarnaast een minpuntje, wanneer ik de pc opstart en daarna iTunes + Mozilla Firefox (is dit een handige browser?) loopt de pc 10 à 20 seconden vast, dus doet niets.

Voor de rest top!

Nogmaals bedankt haha

[kape]

De overstap van MSE naar Avast is absoluut een goede keuze, want Avast is de top bij de gratis antivirusprogramma's, terwijl MSE niet meteen de beste referenties heeft. Ook Firefox als browser durf ik aan te bevelen. Goede verbeteringen, dus. En dan kijken we nog eens even verder voor dat minpuntje :

Download de Junkware Removal Tool by Thisisu naar je bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met JRT

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

• Dubbelklik op JRT.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• De tool zal vervolgens het systeem scannen.
  
• De scan kan afhankelijk van je systeemspecificaties soms vrij lang duren, wacht geduldig af.
  
• Als de scan gereed is zal er een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch worden geopend.
  
• Post de inhoud van deze log in je volgende bericht als bijlage.
  

[hidde565]

Goedemorgen, het logje:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.2 (07.22.2013:2)

OS: Windows 7 Enterprise x86

Ran by Hofte on wo 24-07-2013 at 10:23:20,71

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\dg7glcr4.default\minidumps [227 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on wo 24-07-2013 at 10:27:47,77

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

En dan nog een vraagje, namelijk die programma's zoals malware antibytes, hijackthis, etc. kan ik verwijderen van de pc?

[kweezie wabbit]

Voor de JRT ga je moeten wachten op de beoordeling van Kape.

Voor de andere gebruikte programma's kan je hieronder de verwijderprocedure vinden.

Malwarebytes kan je houden en op regelmatige basis (bvb wekelijks) laten scannen als aanvulling op je virusscanner.

Wil je malwarebytes toch verwijderen, dan kan dat gewoon via het configuratiescherm - programma's en onderdelen.

Hijackthis kan je ook gewoon verwijderen via het configuratiescherm - programma's en onderdelen.

Voor het verwijderen van Combofix ga je naar Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen

AdwCleaner verwijder je als volgt:

Sluit alle openstaande vensters

• Start AdwCleaner en klik Deinstallatie.
  
• Klik op "Ja"
  

AdwCleaner is nu verwijderd van je PC.

[kape]

Junkware Removal Tool heeft nog een kleinigheidje opgeruimd en mag je nu ook verwijderen. Dat moet het maximum zijn dat we nu hebben kunnen oplossen.

Indien ook alle suggesties van Kweezie Wabbit probleemloos verlopen zijn en je binnen dit topic verder geen vragen of problemen meer hebt, mag je dit onderwerp afsluiten door een klik op de knop "Markeer als opgelost", die je links onderaan kan terugvinden … zo blijft het voor iedereen overzichtelijk.

[hidde565]

Alles is verwijderd, mag ik u hartelijk danken

[kape]

Namens Kweezie Wabbit en mezelf ... héééééééééééél graag gedaan xD