Mededeling

Collapse
No announcement yet.

PC start en werkt ontzettend traag

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • PC start en werkt ontzettend traag

    M'n PC (Windows 8.1) werkt sinds enkele dagen ontzettend traag. Het duurt wel een half uur voordat ik iets kan doen, en alle handelingen duren minutenlang voordat ze effect hebben. Ik heb wat software gedownload in die dagen daarvoor, ik vrees het ergste... Ik heb nu de service van Windows Search uitgeschakeld en Panda Cloud Antivirus verwijderd om deze analyse te kunnen uitvoeren. Graag hulp!


    MBAM
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2014.03.08.03

    Windows 8 x64 NTFS
    Internet Explorer 11.0.9600.16518
    LennardP :: THUIS [administrator]

    8-3-2014 12:30:20
    mbam-log-2014-03-08 (12-30-20).txt

    Scan type: Volledige scan (C:\|E:\|)
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra |

    Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 644707
    Verstreken tijd: 1 uur/uren, 43 minuut/minuten, 28 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 7
    C:\Users\Lennard\Documents\Programma's\MediaCoder2011-R2-5125.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine

    geplaatst en verwijderd.
    C:\Users\Lennard\Documents\Programma's\dm_vmw30.zip (Trojan.Agent.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Lennard\Documents\Programma's\pdf995.exe (Adware.Solimba.Lame) -> Succesvol in quarantaine geplaatst en

    verwijderd.
    C:\Users\Lennard\Downloads\bsplayer264.1073.exe (PUP.Optional.Conduit) -> Succesvol in quarantaine geplaatst en

    verwijderd.
    C:\Users\Lennard\Downloads\bsplayer265.1074.exe (PUP.Optional.Conduit) -> Succesvol in quarantaine geplaatst en

    verwijderd.
    C:\Users\Lennard\Downloads\bsplayer266.1075.exe (PUP.Optional.Conduit) -> Succesvol in quarantaine geplaatst en

    verwijderd.
    C:\Users\Lennard\Downloads\winamp5623_full_emusic-7plus_nl-nl.exe (PUP.Optional.OpenCandy) -> Succesvol in quarantaine

    geplaatst en verwijderd.

    (einde)

  • #2
    GMER deel 1
    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-03-08 12:54:30
    Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKX-221CA1 rev.17.01H17 465,76GB
    Running: 1ck5g088.exe; Driver: C:\Users\Lennard\AppData\Local\Temp\kxldipod.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000224500 15 bytes [00, F1, 0F, 02, C0, 1E, 70, ...]
    .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000224510 11 bytes [00, 4D, FC, FF, 80, 7C, DF, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\WINDOWS\system32\dwm.exe[1132] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffff161169a 4 bytes [61, F1, FF, 7F]
    .text C:\WINDOWS\system32\dwm.exe[1132] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffff16116a2 4 bytes [61, F1, FF, 7F]
    .text C:\WINDOWS\system32\dwm.exe[1132] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffff161181a 4 bytes [61, F1, FF, 7F]
    .text C:\WINDOWS\system32\dwm.exe[1132] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffff1611832 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[1856] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffff161169a 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[1856] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffff16116a2 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[1856] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffff161181a 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe[1856] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffff1611832 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 126 000000006f94968e 3 bytes [D8, DF, CC]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 460 000000006f9497dc 3 bytes [D8, DF, CC]
    .text ... * 4
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 351 000000006f949bcf 3 bytes [D8, DF, CC]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 471 000000006f949c47 3 bytes [E4, DF, CC]
    .text ... * 6
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_ M_eraseEPSt13_Rb_tree_nodeIS2_E + 49 000000006f95efa1 3 bytes [D8, DF, CC]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_ M_eraseEPSt13_Rb_tree_nodeIS2_E + 63 000000006f95efaf 3 bytes [D8, DF, CC]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14module_managerD1Ev + 675 0000000068a81c43 4 bytes [C0, E1, CC, 6F]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14module_managerD1Ev + 695 0000000068a81c57 4 bytes [C0, E1, CC, 6F]
    .text ... * 3
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14module_manager12load_builtinEP9mm_module + 52 0000000068a83604 4 bytes [C0, E1, CC, 6F]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14module_manager12load_builtinEP9mm_module + 80 0000000068a83620 4 bytes [C0, E1, CC, 6F]
    .text ... * 4
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14module_manager9load_fileESsb + 176 0000000068a83750 4 bytes [C0, E1, CC, 6F]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14module_manager9load_fileESsb + 207 0000000068a8376f 4 bytes [C0, E1, CC, 6F]
    .text ... * 11
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14module_manager8load_dirESsb + 266 0000000068a83e4a 4 bytes [D8, DF, CC, 6F]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14module_manager8load_dirESsb + 405 0000000068a83ed5 4 bytes [D8, DF, CC, 6F]
    .text ... * 2
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14base_extensionD1Ev + 47 0000000068a8a60f 4 bytes [D8, DF, CC, 6F]
    .text C:\Program Files (x86)\ownCloud\owncloud.exe[3952] C:\Program Files (x86)\ownCloud\libmodman.dll!_ZN9libmodman14base_extensionD1Ev + 725 0000000068a8a8b5 4 bytes [D8, DF, CC, 6F]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[3604] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffff161169a 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[3604] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffff16116a2 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[3604] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007ffff161181a 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[3604] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007ffff1611832 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Waterfox\waterfox.exe[628] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffff3b80670 13 bytes {MOV R11, 0x7fffea8c2538; JMP R11}
    .text C:\Program Files\Waterfox\waterfox.exe[628] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fffef861f6a 4 bytes [86, EF, FF, 7F]
    .text C:\Program Files\Waterfox\waterfox.exe[628] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fffef861f82 4 bytes [86, EF, FF, 7F]
    .text C:\Program Files\Waterfox\waterfox.exe[628] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffff161169a 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Waterfox\waterfox.exe[628] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffff16116a2 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Waterfox\waterfox.exe[628] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffff161181a 4 bytes [61, F1, FF, 7F]
    .text C:\Program Files\Waterfox\waterfox.exe[628] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffff1611832 4 bytes [61, F1, FF, 7F]

    ---- Threads - GMER 2.1 ----

    Thread C:\WINDOWS\system32\csrss.exe [588:612] fffff9600095f4d0
    ---- Processes - GMER 2.1 ----

    Library C:\Users\Lennard\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [1836] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-12-05 11:05:50) 00007fffe37b0000
    Library C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAShell.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [1836] 00007fffe4790000
    Library C:\Users\Lennard\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\Program Files\Waterfox\waterfox.exe [628] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-12-05 11:05:50) 00007fffe37b0000

    ---- Services - GMER 2.1 ----

    Service C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (*** hidden *** ) [AUTO] NanoServiceMain <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSALPC.sys (*** hidden *** ) [SYSTEM] NNSALPC <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSHTTP.sys (*** hidden *** ) [SYSTEM] NNSHTTP <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSHTTPS.sys (*** hidden *** ) [SYSTEM] NNSHTTPS <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSIDS.sys (*** hidden *** ) [SYSTEM] NNSIDS <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSPICC.sys (*** hidden *** ) [SYSTEM] NNSPICC <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSPIHSW.sys (*** hidden *** ) [DISABLED] NNSPIHSW <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSPOP3.sys (*** hidden *** ) [SYSTEM] NNSPOP3 <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSPROT.sys (*** hidden *** ) [SYSTEM] NNSPROT <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSPRV.sys (*** hidden *** ) [SYSTEM] NNSPRV <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSSMTP.sys (*** hidden *** ) [SYSTEM] NNSSMTP <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSSTRM.sys (*** hidden *** ) [SYSTEM] NNSSTRM <-- ROOTKIT !!!
    Service system32\DRIVERS\NNSTLSC.sys (*** hidden *** ) [SYSTEM] NNSTLSC <-- ROOTKIT !!!
    Service system32\DRIVERS\PSINAflt.sys (*** hidden *** ) [AUTO] PSINAflt <-- ROOTKIT !!!
    Service system32\DRIVERS\PSINFile.sys (*** hidden *** ) [AUTO] PSINFile <-- ROOTKIT !!!
    Service system32\DRIVERS\PSINKNC.sys (*** hidden *** ) [SYSTEM] PSINKNC <-- ROOTKIT !!!
    Service system32\DRIVERS\PSINProc.sys (*** hidden *** ) [AUTO] PSINProc <-- ROOTKIT !!!
    Service system32\DRIVERS\PSINProt.sys (*** hidden *** ) [AUTO] PSINProt <-- ROOTKIT !!!
    Service system32\DRIVERS\PSINReg.sys (*** hidden *** ) [MANUAL] PSINReg <-- ROOTKIT !!!
    Service System32\DRIVERS\PSKMAD.sys (*** hidden *** ) [MANUAL] PSKMAD <-- ROOTKIT !!!
    Service C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (*** hidden *** ) [AUTO] PSUAService <-- ROOTKIT !!!
    Service C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden *** ) [MANUAL] WinDefend <-- ROOTKIT !!!

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\[email protected] 166
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DF2E5201-03A5-4247-AE88-D44B21A4A142}\[email protected] Reusable ISATAP Interface {DF2E5201-03A5-4247-AE88-D44B21A4A142}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\[email protected] 1444923055
    Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\[email protected] \BaseNamedObjects\WDI_{7b04ac19-4fbd-4893-b740-cb348fcd7a2f}
    Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{42afaed8-9027-4c7d-93e8-977b12958e90}@LastProbeTime 1394182829
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\[email protected] 20971520
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\AnalysisSource
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\AutodiagSource
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\AVSource
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\FirewallSource
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\IdentityProtectSource
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\KRESource
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\ROLSource
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\UpdateSource
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 9
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSNEvts.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Nano\[email protected] 7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{DF2E5201-03A5-4247-AE88-D44B21A4A142}@InterfaceName Reusable ISATAP Interface {DF2E5201-03A5-4247-AE88-D44B21A4A142}
    Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{DF2E5201-03A5-4247-AE88-D44B21A4A142}@ReusableType 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\MsLldp\Parameters\[email protected] 0xA0 0x19 0x77 0xAE ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NanoServiceMain
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Panda Cloud Antivirus Service
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Panda Cloud Antivirus Service
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0xF0 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 16
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe"
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] CryptSvc?
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NanoServiceMain
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSALPC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSALPC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Application Layer Protocol Colorizer Driver
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSALPC.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSALPC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSHTTP
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSHTTP
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] HTTP Parser Driver
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSHTTP.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSHTTP
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSHTTPS
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSHTTPS
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] HTTPS Parser Driver
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSHTTPS.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSHTTPS
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSIDS
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSIDS
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Intrusion Detection System Driver
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSIDS.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSIDS
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPICC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSPICC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Process Info Colorizer Client Driver
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSPICC.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPICC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPIHSW
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSPIHSW
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Process Information Hook Server Kernelmode WFP Callout Driver
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSPIHSW.sys

    Comment


    • #3
      GMER deel 2
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPIHSW
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPOP3
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSPOP3
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] POP3 Parser Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPOP[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSPOP3.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPOP3
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPROT
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSPROT
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Network Protector Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSPROT.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPROT
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPRV
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSPRV
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Network Provider Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSPRV.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSPRV
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSSMTP
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSSMTP
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] SMTP Parser Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSSMTP.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSSMTP
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSSTRM
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSSTRM
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Streamer Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSSTRM.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSSTRM
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSTLSC
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] NNSTLSC
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Transport Layer Session Colorizer Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\NNSTLSC.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\NNSTLSC
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINAflt
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSINAflt
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Analysis Filter
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\PSINAflt.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINAflt\Parameters
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINAflt\[email protected] DLL?EXE?SYS?COM?CPL?
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINAflt
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINFile
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSINFile
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSINFile Mini-Filter Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] system32\DRIVERS\PSINFile.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] FSFilter Anti-Virus
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] FltMgr?
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINFile\Instances
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINFile\[email protected] PSINFile Instance
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINFile\Instances\PSINFile Instance
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINFile\Instances\PSINFile [email protected] 327610
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINFile\Instances\PSINFile [email protected] 0
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINFile
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINKNC
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSINKNC
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINKNC[email protected] PSINKNC Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\PSINKNC.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINKNC\Parameters
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINKNC\[email protected] C:\ProgramData\Panda Security\Panda Cloud Antivirus\
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINKNC
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProc
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSINProc Filter Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSINProc
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] system32\DRIVERS\PSINProc.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] FSFilter Anti-Virus
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] FltMgr?
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProc\Instances
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProc\[email protected] PSINProc Instance
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProc\Instances\PSINProc Instance
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProc\Instances\PSINProc [email protected] 327620
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProc\Instances\PSINProc [email protected] 0
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProc\Parameters
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProc\[email protected] 3000
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProc
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProt
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSINProt
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Analysis Filter
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\DRIVERS\PSINProt.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProt\Parameters
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProt\[email protected] DLL?EXE?SYS?COM?CPL?
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINProt
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINReg
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSINReg Driver
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSINReg
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] system32\DRIVERS\PSINReg.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] FSFilter Anti-Virus
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINReg\Parameters
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINReg\[email protected]
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSINReg
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSKMAD
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] System32\DRIVERS\PSKMAD.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] PSKMAD
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSKMAD
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSUAService
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Panda Product Service
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Panda Product Service
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0xF0 0x00 0x00 0x00 ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 16
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe"
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] RPCSS?
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
      Reg HKLM\SYSTEM\CurrentControlSet\Services\PSUAService
      Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 3198
      Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\[email protected] 408
      Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60009FF2-B7C0-48B1-A584-EE01D9700A51}@LeaseObtainedTime 1394179212
      Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60009FF2-B7C0-48B1-A584-EE01D9700A51}@T1 1394222412
      Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60009FF2-B7C0-48B1-A584-EE01D9700A51}@T2 1394254812
      Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{60009FF2-B7C0-48B1-A584-EE01D9700A51}@LeaseTerminatesTime 1394265612
      Reg HKLM\SYSTEM\CurrentControlSet\Services\UmPass\Parameters\[email protected] 0xC2 0xFB 0x9C 0xF8 ...
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] _Early-Launch
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\drivers\WdBoot.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1.260 (1) (1.155.266.0) (1.1.9700.0)
      Reg HKLM\SYSTEM\CurrentControlSet\Services\WdBoot
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \SystemRoot\system32\drivers\WdFilter.sys
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
      Reg HKLM\SYSTEM\CurrentControlSet\Services\WdFilter
      Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 3
      Reg HKLM\SYSTEM\CurrentControlSet\Services\WinDefend
      Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\[email protected] 0xCB 0xF9 0x17 0xCF ...
      Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\[email protected] 0x64 0x62 0x03 0x00 ...
      Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\[email protected] 0x64 0x62 0x03 0x00 ...
      Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\[email protected] 0x64 0x62 0x03 0x00 ...
      Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\[email protected] 0x64 0x62 0x03 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File [email protected] C:\Users\Lennard\Documents\Studie\SemST\essay1_LennardPors_conflict-20140227-103602.docx
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File [email protected] C:\Users\Lennard\Documents\Studie\SemST\essay1_LennardPors.docx
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\[email protected] 218
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\[email protected] 0x43 0x00 0x3A 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\[email protected] 0x01 0x00 0x00 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\[email protected] 0x43 0x00 0x3A 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRULegacy
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\[email protected] 0xFF 0xFF 0xFF 0xFF
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\reg
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\[email protected] 0x14 0x00 0x1F 0x50 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\[email protected] 0x00 0x00 0x00 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\zip
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\[email protected] 0x14 0x00 0x1F 0x50 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\[email protected] 0x00 0x00 0x00 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.avi
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x00 0x00 0x00 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x4D 0x00 0x65 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.docx
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x00 0x00 0x00 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x65 0x00 0x73 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x65 0x00 0x73 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x61 0x00 0x74 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x00 0x00 0x00 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x00 0x00 0x00 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x4D 0x00 0x45 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\[email protected] 0x53 0x00 0x65 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\[email protected] msconfig\1
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\[email protected] a
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\[email protected] 0x0C 0x00 0x00 0x00 ...
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths
      Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count

      Comment


      • #4
        GMER deel 3
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]_PGYPHNPbhaggbe 0xFF 0xFF 0xFF 0xFF ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{36N24SN2-0802-4R87-N974-5O0109992921} 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]_PGYFRFFVBA 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\QevireZnk\qevireznk.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected] 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected] 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zzp.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]:\Hfref\Yraaneq\Qrfxgbc\334.89-qrfxgbc-jva8-jva7-jvaivfgn-64ovg-vagreangvbany-judy.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\bjaPybhq\bjapybhq.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Jrogru\OFCynlre\ofcynlre.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected] 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\FlfgrzCebcregvrfNqinaprq.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ehaqyy32.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{N639S8NS-3220-414Q-O298-561QQO091R0O}\Nsfyhvgra.yax 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected] 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\FlapGbl\FlapGbl.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\Zvpebfbsg.ARG\Senzrjbex64\i2.0.50727\qj20.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr 2010\Bssvpr14\JVAJBEQ.RKR 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\BcraJvgu.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\ABGRCNQ.RKR 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{6Q809377-6NS0-444O-8957-N3773S02200R}\Jvaqbjf AG\Npprffbevrf\JBEQCNQ.RKR 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected] 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\[email protected]{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\zfpbasvt.rkr 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\[email protected]_PGYPHNPbhaggbe 0xFF 0xFF 0xFF 0xFF ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count@{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Nsfyhvgra.yax 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\[email protected]_PGYFRFFVBA 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\[email protected]{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\FlapGbl 2.1(k64).yax 0x00 0x00 0x00 0x00 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12A66224-5E8A-4679-8941-0B9B960BF5EA}\[email protected] 6
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12A66224-5E8A-4679-8941-0B9B960BF5EA}\[email protected] 1
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{45D30484-7DED-43D9-957A-D2FD1F046511}\[email protected] 16
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\[email protected] 20
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\[email protected] 3
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\[email protected] 3
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\[email protected] 3
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\[email protected] 3
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\[email protected] 3
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\[email protected] 3
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\[email protected] 7
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014030620140307
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\[email protected] :2014030620140307:
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\[email protected] %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014030620140307
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\[email protected] 11
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\[email protected] 0
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\[email protected] 8192
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\[email protected] 0x1C 0x88 0xFD 0x25 ...
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter\DVD Decrypter.lnk?C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter\Uninstall.lnk?C:\Program Files (x86)\DVD Decrypter\uninstall.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft\AnyDVD\Uninstall.lnk?C:\Program Files (x86)\AnyDVD\AnyDVD-uninst.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft\AnyDVD\AnyDVD Help.lnk?C:\Program Files (x86)\AnyDVD\HelpLauncher.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft\AnyDVD\AnyDVD Image Ripper.lnk?C:\Program Files (x86)\AnyDVD\AnyDVD.exe?-iso?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft\AnyDVD\AnyDVD Ripper.lnk?C:\Program Files (x86)\AnyDVD\AnyDVD.exe?-r?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft\AnyDVD\AnyDVD System Information.lnk?C:\Program Files (x86)\AnyDVD\AnyDVD.exe?-syslog?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft\AnyDVD\AnyDVD.lnk?C:\Program Files (x86)\AnyDVD\AnyDVD.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk?C:\Program Files\Java\jre7\bin\javacpl.exe?-tab about?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk?C:\Program Files\Java\jre7\bin\javacpl.exe?-tab update?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\AutoGK.lnk?C:\Program Files (x86)\AutoGK\AutoGK.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\DirectVobSub Configure.lnk?C:\Windows\System32\rundll32.exe?dvobsub.ax,Configure?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\SubMux.lnk?C:\Program Files (x86)\Gabest\VobSub\submux.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\SubResync.lnk?C:\Program Files (x86)\Gabest\VobSub\subresync.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\Uninstall.lnk?C:\Program Files (x86)\Gabest\VobSub\uninstall.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub Configure.lnk?C:\Windows\System32\rundll32.exe?vobsub.dll,Configure?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub Cutter.lnk?C:\Windows\System32\rundll32.exe?vobsub.dll,Cutter?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub Joiner.lnk?C:\Windows\System32\rundll32.exe?vobsub.dll,Joiner?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK\Uninstall.lnk?C:\Program Files (x86)\AutoGK\uninst.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\Configure Decoder.lnk?C:\Windows\SysWOW64\rundll32.exe?xvid.ax,Configure?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\Configure Encoder.lnk?C:\Windows\SysWOW64\rundll32.exe?xvidvfw.dll,Configure?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\Uninstall.lnk?C:\Program Files (x86)\XviD\xvid-uninstall.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gordian Knot\Gordian Knot.lnk?C:\Program Files (x86)\GordianKnot\GordianKnot.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gordian Knot\Apps\Nandub.lnk?C:\Program Files (x86)\GordianKnot\Nandub\Nandub.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gordian Knot\Apps\VirtualDubMod.lnk?C:\Program Files (x86)\GordianKnot\VirtualDubMod\VirtualDubMod.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gordian Knot\Apps\BeSweet.lnk?C:\Program Files (x86)\GordianKnot\BeSweet\BeSweetGUI.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gordian Knot\Apps\DGIndex.lnk?C:\Program Files (x86)\GordianKnot\DGMPGDec\DGIndex.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gordian Knot\robot4rip.lnk?C:\Program Files (x86)\GordianKnot\Robot4Rip\robot4rip.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gordian Knot\Apps\ChapterXtractor.lnk?C:\Program Files (x86)\GordianKnot\ChapterXtractor\ChapterXtractor.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gordian Knot\Apps\VobSub Rip.lnk?C:\Program Files (x86)\GordianKnot\VSRip\VSRip.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gordian Knot\Apps\vStrip.lnk?C:\Program Files (x86)\GordianKnot\vStrip\vStrip_gui.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\DirectVobSub Configure.lnk?C:\Windows\System32\rundll32.exe?dvobsub.ax,Configure?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\SubMux.lnk?C:\Program Files (x86)\Gabest\VobSub\submux.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\SubResync.lnk?C:\Program Files (x86)\Gabest\VobSub\subresync.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\Uninstall.lnk?C:\Program Files (x86)\Gabest\VobSub\uninstall.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub Configure.lnk?C:\Windows\System32\rundll32.exe?vobsub.dll,Configure?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub Cutter.lnk?C:\Windows\System32\rundll32.exe?vobsub.dll,Cutter?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub\VobSub Joiner.lnk?C:\Windows\System32\rundll32.exe?vobsub.dll,Joiner?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5\Uninstall AviSynth.lnk?C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Handbrake.lnk?C:\Program Files (x86)\Handbrake\Handbrake.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Handbrake.lnk?C:\Program Files (x86)\Handbrake\Handbrake.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\Configure Decoder.lnk?C:\WINDOWS\system32\rundll32.exe?xvid.ax,Configure?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\Configure Encoder.lnk?C:\WINDOWS\system32\rundll32.exe?xvidvfw.dll,Configure?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\Koepi's OGMCalc.lnk?C:\Program Files (x86)\XviD\OGMCalc.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\Nic's FourCC changer.lnk?C:\Program Files (x86)\XviD\AviC.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\Nic's MiniCalc.lnk?C:\Program Files (x86)\XviD\MiniCalc.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\StatsReader 2.1.lnk?C:\Program Files (x86)\XviD\StatsReader.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XviD\Vidc.Cleaner.lnk?C:\Program Files (x86)\XviD\vidccleaner.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5\Uninstall AviSynth.lnk?C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo\CrystalDiskInfo.lnk?C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft\Driver Reviver\Driver Reviver.lnk?C:\Program Files\ReviverSoft\Driver Reviver\DriverReviver.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax\DriverMax.lnk?C:\Program Files (x86)\DriverMax\drivermax.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter\DVD Decrypter.lnk?C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter\Uninstall.lnk?C:\Program Files (x86)\DVD Decrypter\uninstall.exe??
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk?C:\Program Files\Java\jre7\bin\javacpl.exe?-tab about?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk?C:\Program Files\Java\jre7\bin\javacpl.exe?-tab update?
        Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\[email protected] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk?C:\Program Files\Java\jre7\bin\javacpl.exe??

        ---- EOF - GMER 2.1 ----
        Last edited by CarlosV; 08-03-14, 14:55. Reden: Smilies stonden nog aan

        Comment


        • #5
          Download Zoek.zip naar het bureaublad.
          • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.


          Antivirussoftware uitschakelen
          Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met Zoek.exe.

          Zoek.exe uitvoeren
          Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
          • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
          • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
          • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
          • Klik nu op de knop "Run script".
          • Er verschijnt een popup met de melding dat er geen script aangetroffen is, druk gewoon op OK.
          • Zoek.exe gaat nu een scan + reparatie uitvoeren, bij sommige systemen kan deze langer dan een half uur duren.
          • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
          • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
          • Post het geopende logje in het volgende bericht als bijlage.


          Zoek.exe logbestand plaatsen
          • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht.
            (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\Zoek-results.log.)

          Windows 10 opstarten in Veilige Modus

          Comment


          • #6
            Zoek-results in de bijlage
            Bijgevoegde Bestanden

            Comment


            • #7
              Prima gedaan, hoe gaat het nu?

              Windows 10 opstarten in Veilige Modus

              Comment


              • #8
                Tot nu toe gaat het goed, ik heb hem alleen nog niet uit durven schakelen. Kan ik Windows Search gewoon uitlaten?

                Comment


                • #9
                  The day after: De combinatie Waterfox en het proces System laten m'n harde schijf nog af en toe op 100% draaien. Dan hangt de pc heel even, daarna gaat hij weer verder. Is daar nog iets mee te doen?

                  Comment


                  • #10
                    Download zhpdiag.exe vanaf deze website: http://en.kioskea.net/download/download-23176-zhpdiag
                    1. XP gebruikers: dubbelklik zhpdiag.exe om het te installeren.
                      Voor Windows Vista en hoger: rechtsklik zhpdiag.exe en kies voor "Uitvoeren als administrator".
                    2. Klik meerdere keren op "Suivant" om het installatieproces te doorlopen.
                    3. Klik op "Installer" wanneer daar om gevraagd wordt en op "Terminer" wanneer de installatie voltooid is.
                    4. Er zijn nu 2 pictogrammen op je bureaublad verschenen: ZHPDiag en ZHPFix.
                    5. Dubbelklik nu op de snelkoppeling met de naam ZHPDiag
                    6. Het startvenster verschijnt, klik nu op "Configurer".
                    7. Klik rechts onderaan op het icoontje met het huisje "Sélectionner une langue" en kies "Anglais"(Engels).
                    8. Klik daarna links onderaan op het middelste icoontje(een vergrootglas en een + symbool) "Diagnostic options".
                    9. Er wordt nu een scan van je systeem gemaakt wacht geduldig tot deze voltooid is.
                    10. Na afloop staat er een tekstbestand met de naam ZHPDiag.txt op je bureaublad, post deze in je volgende bericht.

                    Windows 10 opstarten in Veilige Modus

                    Comment


                    • #11
                      In de bijlage het log-bestand.
                      ZHPDiag.txt

                      Comment


                      • #12
                        Kopieer onderstaande code volledig:

                        Code:
                        Script ZHPFix
                        [HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}]   =>Toolbar.Ask
                        [HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}]   =>Spyware.Soft2PC
                        [HKLM\Software\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}]   =>Spyware.Soft2PC
                        [HKCU\Software\Conduit]   =>Toolbar.Conduit^
                        [HKLM\Software\Wow6432Node\Conduit]   =>Toolbar.Conduit^
                        shortcutfix
                        emptytemp
                        emptyflash
                        Antivirussoftware uitschakelen
                        Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk conflicteren met ZHPFix.

                        ZHPFix uitvoeren
                        Wanneer u problemen ondervindt bij het uitvoeren van dit programma of bepaalde foutmeldingen te zien krijgt laat dit dan even weten in uw bericht.
                        • Dubbelklik de snelkoppeling ZHPFix op het bureaublad.
                        • Druk op de knop "Import"
                        • Druk daarna onderaan op de knop "Go".
                        • Wacht nu geduldig af tot er een logje opent


                        ZHPFix logbestand plaatsen.
                        • Voeg het logbestand met de naam "ZPHFix[r1].txt" als bijlage toe aan het volgende bericht.

                        Windows 10 opstarten in Veilige Modus

                        Comment


                        • #13
                          Hierbij het logbestand.

                          Dit gebeurt nog steeds wel heel regelmatig, met korte momenten dat de computer vastloopt: Click image for larger version

Name:	printscreen.png
Views:	1
Size:	37,5 KB
ID:	1067596
                          Last edited by CarlosV; 12-03-14, 13:25.

                          Comment


                          • #14
                            Download AdwCleaner by Xplode naar het bureaublad.
                            • Sluit alle openstaande vensters.
                            • Dubbelklik op AdwCleaner om hem te starten.
                            • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
                            • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                            • Klik vervolgens op Scan.
                            • Klik vervolgens op Clean als er items zijn gevonden.
                            • Klik bij Herstarten Noodzakelijk op OK


                            Nadat de PC opnieuw is opgestart, opent meestal een logfile.
                            Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[S0].txt.

                            Logbestand plaatsen
                            • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[S0].txt als bijlage toe aan het volgende bericht.

                            Windows 10 opstarten in Veilige Modus

                            Comment


                            • #15
                              Uitgevoerd, hierbij het logbestand.
                              Bijgevoegde Bestanden

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X