Mededeling

Collapse
No announcement yet.

Infected met het Politievirus Ukash ransomware

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Infected met het Politievirus Ukash ransomware

    Hallo,

    Sinds 2 dagen krijg ik de popup van genoemd virus.
    Ondanks de melding kan ik toch de pc gebruiken. Na enige tijd komt de melding weer in beeld.
    Graag zou ik jullie hulp willen. Bijgevoegd de logjes waar om gevraagd wordt.
    Alvast bedankt !

    gr. Patrick

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume3
    Install Date: 9-7-2011 13:37:45
    System Uptime: 4-11-2013 8:50:19 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5KPL-AM
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2331/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 279 GiB total, 20,631 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 116 GiB total, 28,537 GiB free.
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    K: is CDROM ()
    L: is FIXED (NTFS) - 33 GiB total, 18,038 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: NetGroup Packet Filter Driver
    Device ID: ROOT\LEGACY_NPF\0000
    Manufacturer:
    Name: NetGroup Packet Filter Driver
    PNP Device ID: ROOT\LEGACY_NPF\0000
    Service: npf
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2-muis
    Device ID: ACPI\PNP0F03\4&2E2B2FDC&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2-muis
    PNP Device ID: ACPI\PNP0F03\4&2E2B2FDC&0
    Service: i8042prt
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standaard-PS/2-toetsenbord
    Device ID: ACPI\PNP0303\4&2E2B2FDC&0
    Manufacturer: (standaardtoetsenbord)
    Name: Standaard-PS/2-toetsenbord
    PNP Device ID: ACPI\PNP0303\4&2E2B2FDC&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP504: 1-11-2013 9:42:41 - Windows Update
    RP505: 4-11-2013 0:40:08 - RegCure Pro Backup
    .
    ==== Installed Programs ======================
    .
    Aangifte inkomstenbelasting 2011
    Adobe AIR
    Adobe Dreamweaver CS6
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Photoshop Lightroom 4
    Adobe Reader X (10.1.8) - Nederlands
    Adobe Shockwave Player 12.0
    Adobe Widget Browser
    AmbraSoft Familiepakket 1112 Demo
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Media Foundation Decoders
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 2012 CBE v.11.0.4
    ASUS nVidia Driver
    ATI AVIVO Codecs
    µTorrent
    Bonjour
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CDBurnerXP
    Compatibiliteitspakket voor het 2007 Microsoft Office system
    Corel PaintShop Pro X5
    DAEMON Tools Lite
    DHTML Editing Component
    DVD Flick 1.3.0.7
    Examentraining Klein Vaarbewijs 2013
    Far Cry 3
    FileZilla Client 3.7.3
    Freemake Video Converter versie 4.0.2
    Freemake Video Downloader
    Google Chrome
    Google Update Helper
    Grand Theft Auto IV
    Hema Fotoalbum
    HTML-Kit Tools
    Huur- en zorgtoeslag 2011
    HydraVision
    ICA
    IncrediMail
    IncrediMail 2.0
    Internet Explorer (Enable DEP)
    IPM_PSP_COM
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Kruidvat fotoservice
    Light Image Resizer 4.4.1.0
    Malwarebytes Anti-Malware versie 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile NLD Language Pack
    Microsoft .NET Framework 4 Extended NLD Language Pack
    Microsoft Antimalware Service NL-NL Language Pack
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Security Client
    Microsoft Security Client NL-NL Language Pack
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft WSE 3.0 Runtime
    MiniTool Partition Wizard Home Edition 7.6.1
    Mortal Kombat Komplete Edition
    Mozilla Firefox 13.0.1 (x86 nl)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero Burning Core
    Nero Burning ROM
    Nero Burning ROM 2014
    Nero Burning ROM Help (CHM)
    Nero BurningROM 12
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero SharedVideoCodecs
    Nero Update
    NVIDIA 3D Vision Video Player
    OpenAL
    Origin
    PC Booster Version 7
    Photo Notifier and Animation Creator
    Prerequisite installer
    PSPPContent
    PSPPHelp
    PunkBuster Services
    Rapport
    Rapture3D 2.4.9 Game
    RegCure Pro
    RMPrepUSB
    Rockstar Games Social Club
    Safari
    Saints Row IV
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Setup
    Sniper Ghost Warrior 2
    Spotify
    Spybot - Search & Destroy
    SpywareBlaster 5.0
    Steam
    SUPERAntiSpyware
    swMSM
    System Requirements Lab
    System Requirements Lab CYRI
    Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
    Trusteer Eindpuntbeveiliging
    Twonky 7
    uMark 3
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Uplay
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 2.0.1
    VueScan
    Web Assistant version 2.0.0.611
    Windows 7 USB/DVD Download Tool
    Windows Live ID Sign-in Assistant
    Windows Mobile Apparaatcentrum
    WinRAR 4.01 (32-bit)
    Xilisoft AVI to DVD Converter
    .
    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.4.1
    Run by Patrick at 8:57:12 on 2013-11-04
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3583.2148 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
    C:\Windows\system32\FsUsbExService.Exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\PnkBstrA.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
    C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe
    C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Twonky\TwonkyServer\TwonkyServer.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k WindowsMobile
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uSearch Bar = Preserve
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{17B328E5-0447-4C4C-91A6-8F8BFC299425} : NameServer = 208.67.222.220,192.168.0.1
    TCP: Interfaces\{17B328E5-0447-4C4C-91A6-8F8BFC299425} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{BE951577-ACE4-48C1-AF51-D4285D9E46E7} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{BE951577-ACE4-48C1-AF51-D4285D9E46E7}\3596475636F6D6832303433443 : DHCPNameServer = 192.168.0.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - c:\windows\system32\DreamScene.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\patrick\appdata\roaming\mozilla\firefox\profiles\2afx7xpl.default\
    FF - prefs.js: browser.search.selectedEngine - SearchGol
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=A4D20026180EEE2C&affID=125036&tsp=5039
    FF - prefs.js: keyword.enabled - false
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\users\patrick\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\patrick\appdata\roaming\mozilla\firefox\profiles\2afx7xpl.default\extensions\{95324e44-4b0a-47a9-8f77-9c6415e51c29}\plugins\np-mswmp.dll
    FF - plugin: c:\users\patrick\appdata\roaming\mozilla\firefox\profiles\2afx7xpl.default\extensions\{95324e44-4b0a-47a9-8f77-9c6415e51c29}\plugins\npConduitFirefoxPlugin.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-10-18 16:22; [email protected]; c:\users\patrick\appdata\roaming\mozilla\firefox\profiles\2afx7xpl.default\extensions\[email protected] gol.com
    FF - ExtSQL: 2013-10-31 21:56; [email protected]; c:\users\patrick\appdata\roaming\mozilla\firefox\profiles\2afx7xpl.default\extensions\[email protected] re.joehewitt.com.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    FF - user.js: extentions.y2layers.installId - 3f93721a-1345-4b06-8ba9-1e52f8bb1673
    FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
    .
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - a4d254040000000000000026180eee2c
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15888
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.523:52:00
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - nl
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=121562&tsp=4931
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    FF - user.js: extensions.searchgol.tlbrSrchUrl -
    FF - user.js: extensions.searchgol.id - a4d254040000000000000026180eee2c
    FF - user.js: extensions.searchgol.appId - {4277F7CF-0000-46CF-BA49-D624465C4BAB}
    FF - user.js: extensions.searchgol.instlDay - 15996
    FF - user.js: extensions.searchgol.vrsn - 1.8.16.19
    FF - user.js: extensions.searchgol.vrsni - 1.8.16.19
    FF - user.js: extensions.searchgol.vrsnTs - 1.8.16.1916:22:58
    FF - user.js: extensions.searchgol.prtnrId - searchgol
    FF - user.js: extensions.searchgol.prdct - searchgol
    FF - user.js: extensions.searchgol.aflt - babsst
    FF - user.js: extensions.searchgol.smplGrp - none
    FF - user.js: extensions.searchgol.tlbrId - base
    FF - user.js: extensions.searchgol.instlRef - sst
    FF - user.js: extensions.searchgol.dfltLng - nl
    FF - user.js: extensions.searchgol.excTlbr - false
    FF - user.js: extensions.searchgol.ffxUnstlRst - false
    FF - user.js: extensions.searchgol.admin - false
    FF - user.js: extensions.searchgol.autoRvrt - false
    FF - user.js: extensions.searchgol.rvrt - false
    FF - user.js: extensions.searchgol.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-7-25 97008]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-8-22 232512]
    R1 RapportCerberus_56758;RapportCerberus_56758;c:\programdata\trusteer\rapport\store\exts\rapportcerber us\baseline\RapportCerberus32_56758.sys [2013-8-20 330960]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-7-25 148688]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-7-25 222192]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-9-28 217600]
    R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2013-7-2 9216]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-7-14 238952]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-18 418376]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 107392]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-7-25 1435928]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-22 1153368]
    R2 TwonkyProxy;TwonkyProxy;c:\program files\twonky\twonkyserver\twonkyproxy.exe -start --> c:\program files\twonky\twonkyserver\twonkyproxy.exe -start [?]
    R2 TwonkyServer;TwonkyServer;c:\program files\twonky\twonkyserver\twonkystarter.exe -serviceversion 0 --> c:\program files\twonky\twonkyserver\twonkystarter.exe -serviceversion 0 [?]
    R2 TwonkyWebDav;TwonkyWebDav;c:\program files\twonky\twonkyserver\twonkywebdav.exe -start --> c:\program files\twonky\twonkyserver\twonkywebdav.exe -start [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-9-28 86656]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-7-14 36608]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-16 22856]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2013-8-12 295376]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-18 701512]
    S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2013-7-18 762192]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-19 83168]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-7-27 13224]
    S3 netr28u;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
    S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-7-21 15576]
    S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-7-21 10200]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-11 15872]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2012-7-14 98432]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2012-7-14 14848]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2012-7-14 123648]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-9-19 181344]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-11 52224]
    S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-10 1343400]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs6\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs6\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-11-03 22:23:56 7796464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c6bce45d-8407-45b1-b505-83aea518ffae}\mpengine.dll
    2013-11-02 08:56:43 7796464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-11-02 08:49:00 -------- d-----w- C:\Fotos website nieuw verkleind
    2013-10-31 09:08:45 -------- d-----w- C:\nieuwe fotos website
    2013-10-28 19:55:44 -------- d-----w- c:\users\patrick\appdata\roaming\IrfanView
    2013-10-28 19:55:43 -------- d-----w- c:\program files\IrfanView
    2013-10-26 17:27:21 -------- d-----w- c:\users\patrick\appdata\local\Rockstar Games
    2013-10-20 14:22:58 -------- d-----w- c:\programdata\SystemRequirementsLab
    2013-10-20 07:46:32 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{20236fa5-3375-4b32-8670-af96b3b31ba7}\gapaengine.dll
    2013-10-18 14:22:53 -------- d-----w- c:\program files\searchgol
    2013-10-18 14:22:45 -------- d-----w- c:\users\patrick\appdata\roaming\searchgol
    2013-10-18 14:22:20 -------- d-----w- c:\programdata\Canneverbe Limited
    2013-10-18 14:22:13 -------- d-----w- c:\users\patrick\appdata\roaming\Canneverbe Limited
    2013-10-18 11:15:08 74648 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    2013-10-18 11:15:08 271256 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
    2013-10-18 11:15:08 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2013-10-18 11:15:08 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2013-10-18 11:14:55 27544 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
    2013-10-17 21:12:58 -------- d-----w- c:\program files\HTML-Kit
    2013-10-17 20:36:08 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2013-10-17 17:15:37 -------- d-----w- c:\program files\RMPrepUSB
    2013-10-12 06:52:04 -------- d-----w- c:\users\patrick\appdata\local\IAC
    2013-10-10 17:14:36 -------- d-----w- c:\users\patrick\appdata\roaming\Nico Mak Computing
    2013-10-10 17:14:27 -------- d-----w- c:\program files\WinZip Registry Optimizer
    2013-10-08 21:16:53 530432 ----a-w- c:\windows\system32\comctl32.dll
    .
    ==================== Find3M ====================
    .
    2013-10-26 17:20:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2013-10-09 10:50:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-10-09 10:50:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-09-22 23:28:06 1767936 ----a-w- c:\windows\system32\wininet.dll
    2013-09-22 23:27:49 2876928 ----a-w- c:\windows\system32\jscript9.dll
    2013-09-22 23:27:48 61440 ----a-w- c:\windows\system32\iesetup.dll
    2013-09-22 23:27:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2013-09-21 03:30:24 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-09-21 02:39:47 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll
    2013-09-04 01:15:32 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2013-09-04 01:14:52 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2013-09-04 01:14:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
    2013-09-04 01:14:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2013-09-04 01:14:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2013-09-04 01:14:43 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2013-09-04 01:14:40 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
    2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll
    2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys
    2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll
    2012-08-02 09:35:46 57960 ----a-w- c:\program files\OpenCL.dll
    2011-10-18 10:22:38 436600 ----a-w- c:\program files\GDFBinary_zh_TW.dll
    2011-10-18 10:22:37 436600 ----a-w- c:\program files\GDFBinary_ko_KR.dll
    2011-10-18 10:22:35 436600 ----a-w- c:\program files\GDFBinary_ja_JP.dll
    2011-10-18 10:22:34 436600 ----a-w- c:\program files\GDFBinary_cs_CZ.dll
    2011-10-18 10:22:32 436600 ----a-w- c:\program files\GDFBinary_pl_PL.dll
    2011-10-18 10:22:31 436600 ----a-w- c:\program files\GDFBinary_es_ES.dll
    2011-10-18 10:22:29 436600 ----a-w- c:\program files\GDFBinary_de_DE.dll
    2011-10-18 10:22:27 436600 ----a-w- c:\program files\GDFBinary_it_IT.dll
    2011-10-18 10:22:26 436600 ----a-w- c:\program files\GDFBinary_fr_FR.dll
    2011-10-18 10:22:24 436600 ----a-w- c:\program files\GDFBinary_en_US.dll
    .
    ============= FINISH: 8:58:14,07 ===============


    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.11.01.08

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16721
    Patrick :: PATRICK-PC [administrator]

    Bescherming: Uitgeschakeld

    3-11-2013 0:52:04
    mbam-log-2013-11-03 (00-52-04).txt

    Scan type: Flash scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: Register | Bestanden en mappen | P2P
    Objecten gescand: 195393
    Verstreken tijd: 2 minuut/minuten, 33 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)



    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-11-04 09:33:30
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 Maxtor_6L300S0 rev.BANC1G10 279,48GB
    Running: blqkmewi.exe; Driver: C:\Users\Patrick\AppData\Local\Temp\pwdiyfob.sys


    ---- System - GMER 2.1 ----

    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x959AA960]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys ZwClose [0x8D513F70]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x959A8C60]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys ZwCreateThreadEx [0x8D514A50]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x959A9700]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x959AC430]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x959AC4D0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x959AC8A0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x959A9510]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x959AAC70]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x959AAF90]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x959AB1C0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x959AC750]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x959AC590]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x959AC630]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x959AC6C0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x959AA870]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x959A98A0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x959AC2F0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x959AA750]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x959AA520]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x959AA5F0]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8364CA15 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83686212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8368D4E8 4 Bytes [60, A9, 9A, 95]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 116F 8368D504 4 Bytes [70, 3F, 51, 8D]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 8368D544 4 Bytes [60, 8C, 9A, 95]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1207 8368D59C 4 Bytes [50, 4A, 51, 8D]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 123F 8368D5D4 8 Bytes [00, 97, 9A, 95, 30, C4, 9A, ...]
    .text ...
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x96C39000, 0x147F58, 0xE8000020]
    ? C:\Users\Patrick\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[964] ntdll.dll!KiUserApcDispatcher 77796F98 5 Bytes JMP 009913D0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[964] WS2_32.dll!getaddrinfo 77714296 5 Bytes JMP 71A50022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[964] WS2_32.dll!gethostbyname 77727673 5 Bytes JMP 71AE0022
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] SHELL32.dll!RealDriveType + 173D 75EEFE30 4 Bytes [E5, 36, CA, 68]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3264] SHELL32.dll!RealDriveType + 1745 75EEFE38 8 Bytes [1B, 57, CA, 68, A7, 83, CB, ...] {SBB EDX, [EDI-0x36]; PUSH DWORD 0x68cb83a7}
    .text C:\Program Files\Internet Explorer\iexplore.exe[4024] SHELL32.dll!RealDriveType + 173D 75EEFE30 4 Bytes [E5, 36, CA, 68]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4024] SHELL32.dll!RealDriveType + 1745 75EEFE38 8 Bytes [1B, 57, CA, 68, A7, 83, CB, ...] {SBB EDX, [EDI-0x36]; PUSH DWORD 0x68cb83a7}

    ---- Devices - GMER 2.1 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

    ---- EOF - GMER 2.1 ----



    (GMER loopt op een gegeven moment vast.)

  • #2
    Download Zoek.zip naar het bureaublad.
    1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
    2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

    • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
    • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
      Code:
      emptyclsid;
      emptyfolderscheck;delete
      firefoxlook; 
      Chromelook; 
      CHRdefaults;
      autoclean; 
      iedefaults; 
      filesrcm;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Zoek.exe Version 4.0.0.5 Updated 26-October-2013
      Tool run by Patrick on ma 04-11-2013 at 17:41:17,97.
      Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
      Running in: Normal Mode Internet Access Detected
      Launched: C:\Users\Patrick\Desktop\zoek.exe [Script inserted]

      ==== System Restore Info ======================

      4-11-2013 17:44:17 Zoek.exe System Restore Point Created Succesfully.

      ==== Empty Folders Check ======================

      C:\Program Files\1ClickDownload deleted successfully
      C:\Program Files\DVDVideoSoft deleted successfully
      C:\Program Files\iMesh Applications deleted successfully
      C:\Program Files\Kalypso Media deleted successfully
      C:\Program Files\MSXML 4.0 deleted successfully
      C:\Program Files\Origin Games deleted successfully
      C:\Program Files\PC Speed Up deleted successfully
      C:\Program Files\searchgol deleted successfully
      C:\Program Files\Sony Ericsson deleted successfully
      C:\Program Files\TornTV.com deleted successfully
      C:\Program Files\TorrentSearch deleted successfully
      C:\Program Files\WBFS deleted successfully
      C:\Program Files\WinZip Registry Optimizer deleted successfully
      C:\Program Files\Common Files\Symantec Shared deleted successfully
      C:\ProgramData\EA Logs deleted successfully
      C:\ProgramData\eBay deleted successfully
      C:\ProgramData\Panda Security deleted successfully
      C:\ProgramData\Sony Ericsson deleted successfully
      C:\ProgramData\Symantec deleted successfully
      C:\ProgramData\Uniblue deleted successfully
      C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully
      C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted successfully
      C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
      C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} deleted successfully
      C:\Users\Patrick\AppData\Roaming\DefaultTab deleted successfully
      C:\Users\Patrick\AppData\Roaming\Erzi deleted successfully
      C:\Users\Patrick\AppData\Roaming\EurekaLog deleted successfully
      C:\Users\Patrick\AppData\Roaming\Media Player Classic deleted successfully
      C:\Users\Patrick\AppData\Roaming\Nico Mak Computing deleted successfully
      C:\Users\Patrick\AppData\Local\CrashDumps deleted successfully
      C:\Users\Patrick\AppData\Local\Downloaded Installations deleted successfully
      C:\Users\Patrick\AppData\Local\PackageAware deleted successfully
      C:\Users\Patrick\AppData\Local\Unity deleted successfully

      ==== Deleting CLSID Registry Keys ======================

      HKEY_USERS\S-1-5-21-1679512840-3538495933-3668016776-1001\Software\Microsoft\Internet Explorer\SearchScopes\{31D8A13B-CB55-45D8-AFFD-9F15091A96D1} deleted successfully
      HKEY_USERS\S-1-5-21-1679512840-3538495933-3668016776-1001\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} deleted successfully
      HKEY_USERS\S-1-5-21-1679512840-3538495933-3668016776-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} deleted successfully
      HKEY_USERS\S-1-5-21-1679512840-3538495933-3668016776-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully
      HKEY_USERS\S-1-5-21-1679512840-3538495933-3668016776-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully

      ==== Deleting CLSID Registry Values ======================

      HKEY_USERS\S-1-5-21-1679512840-3538495933-3668016776-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

      ==== Deleting Services ======================


      ==== FireFox Fix ======================

      ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\izas1ncm.default

      user.js not found
      ---- FireFox user.js and prefs.js backups ----

      prefs_04-11-2013_1754_.backup

      ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default

      ---- Lines delta removed from prefs.js ----
      user_pref("extensions.delta.admin", false);
      user_pref("extensions.delta.aflt", "babsst");
      user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
      user_pref("extensions.delta.autoRvrt", "false");
      user_pref("extensions.delta.dfltLng", "nl");
      user_pref("extensions.delta.excTlbr", false);
      user_pref("extensions.delta.ffxUnstlRst", true);
      user_pref("extensions.delta.id", "a4d254040000000000000026180eee2c");
      user_pref("extensions.delta.instlDay", "15888");
      user_pref("extensions.delta.instlRef", "sst");
      user_pref("extensions.delta.newTab", false);
      user_pref("extensions.delta.prdct", "delta");
      user_pref("extensions.delta.prtnrId", "delta");
      user_pref("extensions.delta.rvrt", "false");
      user_pref("extensions.delta.smplGrp", "none");
      user_pref("extensions.delta.tlbrId", "base");
      user_pref("extensions.delta.tlbrSrchUrl", "");
      user_pref("extensions.delta.vrsn", "1.8.21.5");
      user_pref("extensions.delta.vrsnTs", "1.8.21.523:52:00");
      user_pref("extensions.delta.vrsni", "1.8.21.5");
      user_pref("extensions.delta_i.babExt", "");
      user_pref("extensions.delta_i.babTrack", "affID=121562&tsp=4931");
      user_pref("extensions.delta_i.srcExt", "ss");
      ---- Lines delta removed from user.js ----

      user_pref("extensions.delta.tlbrSrchUrl", "");
      user_pref("extensions.delta.id", "a4d254040000000000000026180eee2c");
      user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
      user_pref("extensions.delta.instlDay", "15888");
      user_pref("extensions.delta.vrsn", "1.8.21.5");
      user_pref("extensions.delta.vrsni", "1.8.21.5");
      user_pref("extensions.delta.vrsnTs", "1.8.21.523:52:00");
      user_pref("extensions.delta.prtnrId", "delta");
      user_pref("extensions.delta.prdct", "delta");
      user_pref("extensions.delta.aflt", "babsst");
      user_pref("extensions.delta.smplGrp", "none");
      user_pref("extensions.delta.tlbrId", "base");
      user_pref("extensions.delta.instlRef", "sst");
      user_pref("extensions.delta.dfltLng", "nl");
      user_pref("extensions.delta.excTlbr", false);
      user_pref("extensions.delta.ffxUnstlRst", true);
      user_pref("extensions.delta.admin", false);
      user_pref("extensions.delta_i.babTrack", "affID=121562&tsp=4931");
      user_pref("extensions.delta_i.babExt", "");
      user_pref("extensions.delta_i.srcExt", "ss");
      user_pref("extensions.delta.autoRvrt", "false");
      user_pref("extensions.delta.rvrt", "false");
      user_pref("extensions.delta.newTab", false);

      ---- Lines searchgol removed from user.js ----

      user_pref("extensions.searchgol.tlbrSrchUrl", "");
      user_pref("extensions.searchgol.id", "a4d254040000000000000026180eee2c");
      user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
      user_pref("extensions.searchgol.instlDay", "15996");
      user_pref("extensions.searchgol.vrsn", "1.8.16.19");
      user_pref("extensions.searchgol.vrsni", "1.8.16.19");
      user_pref("extensions.searchgol.vrsnTs", "1.8.16.1916:22:58");
      user_pref("extensions.searchgol.prtnrId", "searchgol");
      user_pref("extensions.searchgol.prdct", "searchgol");
      user_pref("extensions.searchgol.aflt", "babsst");
      user_pref("extensions.searchgol.smplGrp", "none");
      user_pref("extensions.searchgol.tlbrId", "base");
      user_pref("extensions.searchgol.instlRef", "sst");
      user_pref("extensions.searchgol.dfltLng", "nl");
      user_pref("extensions.searchgol.excTlbr", false);
      user_pref("extensions.searchgol.ffxUnstlRst", false);
      user_pref("extensions.searchgol.admin", false);
      user_pref("extensions.searchgol.autoRvrt", "false");
      user_pref("extensions.searchgol.rvrt", "false");
      user_pref("extensions.searchgol.newTab", false);

      ---- Lines y2layers removed from user.js ----

      user_pref("extentions.y2layers.installId", "3f93721a-1345-4b06-8ba9-1e52f8bb1673");
      user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");

      ---- FireFox user.js and prefs.js backups ----

      user_04-11-2013_1754_.backup
      prefs_04-11-2013_1754_.backup

      ==== Deleting Files \ Folders ======================

      C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found
      C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} not found
      C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
      C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} not found
      C:\Windows\system32\appdata deleted
      C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted
      C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml deleted
      C:\Program Files\ParetoLogic deleted
      C:\Program Files\Common Files\ParetoLogic deleted
      C:\Program Files\iLivid deleted
      C:\Program Files\Conduit deleted
      C:\Program Files\Web Assistant deleted
      C:\Users\Administrator\AppData\Roaming\Uniblue deleted
      C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers deleted
      C:\Users\Patrick\AppData\Roaming\BrowserCompanion deleted
      C:\Users\Patrick\AppData\Roaming\ParetoLogic deleted
      C:\Users\Patrick\AppData\Roaming\DriverCure deleted
      C:\Users\Patrick\AppData\Roaming\Registry Mechanic deleted
      C:\Users\Patrick\AppData\Roaming\searchgol deleted
      C:\ProgramData\boost_interprocess deleted
      C:\ProgramData\ParetoLogic deleted
      C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted
      C:\Users\Patrick\AppData\Local\Ilivid Player deleted
      C:\Users\Patrick\AppData\Local\CRE deleted
      C:\Users\Patrick\AppData\Local\APN deleted
      C:\Users\Patrick\AppData\Local\SwvUpdater deleted
      C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted
      C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic deleted
      C:\Users\Patrick\AppData\LocalLow\IAC deleted
      C:\Users\Patrick\AppData\LocalLow\wincorebsband deleted
      C:\Users\Patrick\AppData\LocalLow\searchgol deleted
      C:\Users\Patrick\AppData\LocalLow\searchquband deleted
      C:\Users\Patrick\AppData\LocalLow\searchqutoolbar deleted
      C:\Users\Patrick\AppData\LocalLow\MyWebSearch deleted
      C:\Users\Patrick\AppData\LocalLow\Delta deleted
      C:\Users\Patrick\AppData\LocalLow\PriceGong deleted
      C:\Users\Patrick\AppData\LocalLow\Conduit deleted
      C:\Users\Patrick\AppData\LocalLow\FunWebProducts deleted
      C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
      C:\Windows\wininit.ini deleted
      C:\Windows\tasks\ParetoLogic Registration3.job deleted
      C:\Windows\tasks\ParetoLogic Update Version3.job deleted
      C:\Windows\system32\Tasks\EPUpdater deleted
      C:\Windows\System32\searchplugins deleted
      C:\Windows\System32\Extensions deleted
      C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\izas1ncm.default\searchqutoolbar deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\searchplugins\askcom.xml deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\searchplugins\MyStart Search.xml deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\searchplugins\mywebsearch .xml deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\searchplugins\search-here.xml deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\searchplugins\searchgol.x ml deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\searchplugins\SearchResul ts.xml deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\searchplugins\Search_Resu lts.xml deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\Invalidprefs.js deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\searchqutoolbar deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\jetpack deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\CT2727678 deleted
      C:\Users\Public\Desktop\iLivid.lnk deleted
      C:\Users\Public\Desktop\Freemake Video Downloader.lnk deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\extensions\[email protected] gol.com deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\extensions\[email protected] ers.com deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\smartbar deleted
      C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\extensions\[email protected] com.xpi deleted
      "C:\Users\Patrick\AppData\Local\{1503EC43-7D47-45C1-82AA-D7364A72E385}" deleted
      "C:\Users\Patrick\AppData\Local\{3326D550-E977-43AE-A81C-BE70EB16A7E2}" deleted
      "C:\Users\Patrick\AppData\Local\{88942164-A278-4A91-ABB2-1CACEFD50336}" deleted
      "C:\Users\Patrick\AppData\Local\{9F0EBF1B-3C84-4BE8-BA37-E4C76BDC5914}" deleted
      "C:\Users\Patrick\AppData\Local\{FA258AA8-C11B-41C5-9948-6535BDE26E94}" deleted
      "C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\extensions\[email protected] .com.xpi" deleted
      "C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\extensions\[email protected] tab.com.xpi" deleted
      "C:\Users\Patrick\AppData\Roaming\Cucua\lidim.elq" deleted
      "C:\Users\Patrick\AppData\Roaming\Ikpue\ecaru.aqd" deleted
      "C:\Users\Patrick\AppData\Roaming\Cucua" deleted
      "C:\Users\Patrick\AppData\Roaming\Ikpue" deleted

      ==== Files Recently Created / Modified ======================

      ====== C:\Windows ====
      ====== C:\Users\Patrick\AppData\Local\Temp ====
      ====== Java Cache =====
      2013-10-20 14:23:01 E195D5F1BA4BD5A393B665C387295F8B 106 ----a-w- C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\615bb896-67f953f8
      2013-10-20 14:22:47 D41F3BBA3B6E699FD31957B5209C278F 354733 ----a-w- C:\Users\Patrick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\e729e45-25c7265f
      ====== C:\Windows\system32 =====
      ====== C:\Windows\system32\drivers =====
      2013-10-08 21:16:51 FDA6F2BB7FA034D95863ED8788B4E416 284672 ----a-w- C:\Windows\System32\drivers\usbport.sys
      2013-10-08 21:16:51 C4FB8E7ADEA9B5CEEA885A1B504B7E40 43008 ----a-w- C:\Windows\System32\drivers\usbehci.sys
      2013-10-08 21:16:51 8E51D04175BAA14C4F79AA5F6D248770 24064 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
      2013-10-08 21:16:51 86AA95ACB611001E26CD2C0145F2225A 258560 ----a-w- C:\Windows\System32\drivers\usbhub.sys
      2013-10-08 21:16:51 71D97F1A3CC47A56728F7A400A3F8295 76288 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
      2013-10-08 21:16:51 6FB17D7A2E76B838886E5E8C60239DAE 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys
      2013-10-08 21:16:50 DCDF9855145A14DFCA0AB32308871961 20480 ----a-w- C:\Windows\System32\drivers\usbohci.sys
      2013-10-08 21:16:48 FC6B21DB4B5B398AB93DBE59CBF11036 36352 ----a-w- C:\Windows\System32\drivers\usbscan.sys
      2013-10-08 21:16:48 F1B27299F547D452EDAEF01FC187CB91 25728 ----a-w- C:\Windows\System32\drivers\hidparse.sys
      2013-10-08 21:16:48 50ABE682EBE752EAF62B18790D6D491C 55808 ----a-w- C:\Windows\System32\drivers\hidclass.sys
      2013-10-08 21:16:47 CA59F7C570AF70BC174F477CFE2D9EE3 1294272 ----a-w- C:\Windows\System32\drivers\tcpip.sys
      2013-10-08 21:16:46 F81BB7E487EDCEAB630A7EE66CF23913 338944 ----a-w- C:\Windows\System32\drivers\afd.sys
      2013-10-08 21:16:44 71BC35067CABC02C9453AEAA42B2E43E 729024 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
      2013-10-08 21:16:21 21F4B24ACFC79A483515BD986DD9043F 115712 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
      2013-10-08 21:16:17 25944D2CC49E0A6C581D02A74B7D6645 527064 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
      2013-10-08 21:16:17 2352AB5F9F8F097BF9D41D5A4718A041 86016 ----a-w- C:\Windows\System32\drivers\usbcir.sys
      ====== C:\Windows\Tasks ======
      2013-10-17 20:37:46 DC559A4EE78CF4404E31B4B4A6CCAEAC 3498 ----a-w- C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-Patrick-PC-Patrick
      ====== C:\Windows\Temp ======
      ======= C:\Program Files =====
      2013-10-28 19:55:43 -------- d-----w- C:\Program Files\IrfanView
      2013-10-18 14:22:10 -------- d-----w- C:\Program Files\CDBurnerXP
      2013-10-17 21:12:58 -------- d-----w- C:\Program Files\HTML-Kit
      2013-10-17 20:32:12 -------- d-----w- C:\Program Files\Common Files\Adobe AIR
      2013-10-17 17:15:37 -------- d-----w- C:\Program Files\RMPrepUSB
      2013-10-10 17:14:04 -------- d-----w- C:\Program Files\FileZilla FTP Client
      ======= C: =====
      2013-11-03 23:40:26 92739690676B750C11B4F52D18275C30 25 ----a-w- C:\0.bak
      ====== C:\Users\Patrick\AppData\Roaming ======
      2013-10-28 19:55:44 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
      2013-10-28 19:55:44 -------- d-----w- C:\Users\Patrick\AppData\Roaming\IrfanView
      2013-10-26 17:27:21 -------- d-----w- C:\Users\Patrick\AppData\Local\Rockstar Games
      2013-10-18 14:22:13 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Canneverbe Limited
      2013-10-17 17:15:55 -------- d-----w- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RMPrepUSB
      2013-10-12 06:52:04 -------- d-----w- C:\Users\Patrick\AppData\Local\IAC
      2013-10-10 17:14:12 -------- d-----w- C:\Users\Patrick\AppData\Roaming\FileZilla
      ====== C:\Users\Patrick ======
      2013-11-04 08:11:28 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Patrick\defogger_reenable
      2013-11-04 08:11:15 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Patrick\Desktop\Defogger.exe
      2013-11-04 07:59:01 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Patrick\Desktop\blqkmewi.exe
      2013-11-04 07:56:41 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Patrick\Desktop\dds.com
      2013-10-28 19:55:16 1AFAB6EE6F3EA3456E8F5560CD28DCA2 1855072 ----a-w- C:\Users\Patrick\Downloads\iview436_setup.exe
      2013-10-26 17:17:49 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
      2013-10-20 14:22:58 -------- d-----w- C:\ProgramData\SystemRequirementsLab
      2013-10-18 14:22:20 -------- d-----w- C:\ProgramData\Canneverbe Limited
      2013-10-17 21:13:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTML-Kit Tools
      2013-10-17 20:36:08 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
      2013-10-10 17:14:06 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

      ====== C: exe-files ==
      2013-11-04 08:11:15 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Patrick\Desktop\Defogger.exe
      2013-11-04 07:59:01 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Patrick\Desktop\blqkmewi.exe
      2013-10-28 19:55:44 45D02C0B85A84CFCA8B504DCA3B8B22E 97280 ----a-w- C:\Program Files\IrfanView\Plugins\Slideshow.exe
      2013-10-28 19:55:43 FE6D6405F3819D9F9D658B5D3A368053 37984 ----a-w- C:\Program Files\IrfanView\iv_uninstall.exe
      2013-10-28 19:55:43 867D1B3AD637FFAC3D87E0DE2D6B75D4 593504 ----a-w- C:\Program Files\IrfanView\i_view32.exe
      2013-10-28 19:55:16 1AFAB6EE6F3EA3456E8F5560CD28DCA2 1855072 ----a-w- C:\Users\Patrick\Downloads\iview436_setup.exe
      === C: other files ==
      2013-11-04 07:56:41 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Patrick\Desktop\dds.com
      2013-10-31 20:56:06 DE78D668476EC49153820BA9DEA45425 2209433 ----a-w- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default\extensions\[email protected] re.joehewitt.com.xpi

      ==== Firefox Extensions Registry ======================

      [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
      "{8E9E3331-D360-4f87-8803-52DE43566502}"="C:\Program Files\Web Assistant\Firefox"
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
      "{8E9E3331-D360-4f87-8803-52DE43566502}"="C:\Program Files\Web Assistant\Firefox"

      ==== Firefox Extensions ======================

      ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\izas1ncm.default
      - Searchqu Toolbar - %ProfilePath%\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
      - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

      ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default
      - VideoFileDownload - Download YouTube Videos - %ProfilePath%\extensions\[email protected]
      - IncrediMail MediaBar Nederlands 2 - %ProfilePath%\extensions\{95324e44-4b0a-47a9-8f77-9c6415e51c29}
      - Firebug - %ProfilePath%\extensions\[email protected]
      - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

      AppDir: C:\Program Files\Mozilla Firefox
      - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

      ==== Firefox Plugins ======================

      Profilepath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default
      CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update
      4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
      BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
      0C0C5C207121C7A78414A8250E8E099A - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director
      04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
      77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
      D493C8FC0D0FD015BB9765658D77346E - C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
      AB45A736C78A166B89C0A578AD5E4392 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.40.255
      136485E00BA2917F0FEA68D2EE78D733 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U4
      1F8FFDE82C52353906244AFDC6BAF2AB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
      B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight
      15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


      ==== Deleted Firefox Extensions ======================

      C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\izas1ncm.default\extensions\{99079a2 5-328f-4bd4-be04-00955acaa0a7} deleted

      ==== Chrome Look ======================

      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
      aanjjkgbodmfkdnkkhcjcghgnibdllak - C:\Users\Patrick\AppData\Local\CRE\aanjjkgbodmfkdnkkhcjcghgnibdllak.crx
      bodddioamolcibagionmmobehnbhiakf - No path found
      bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[05-02-2013 02:05]
      dlnembnfbcpjnepmfjmngjenhhajpdfd - C:\Program Files\Web Assistant\source.crx
      ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[07-05-2013 05:12]
      jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[01-07-2013 20:58]
      jbpkiefagocgkmemidfngdkamloieekf - C:\Program Files\TornTV.com\torn11.crx
      kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files\DefaultTab\DefaultTab.crx

      HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
      aanjjkgbodmfkdnkkhcjcghgnibdllak - C:\Users\Patrick\AppData\Local\CRE\aanjjkgbodmfkdnkkhcjcghgnibdllak.crx

      IncrediMail MediaBar Nederlands 2 - Administrator - Default\Extensions\aanjjkgbodmfkdnkkhcjcghgnibdllak
      YouTube - Administrator - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - Administrator - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Gmail - Administrator - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
      IncrediMail MediaBar Nederlands 2 - Patrick - Default\Extensions\aanjjkgbodmfkdnkkhcjcghgnibdllak
      Freemake Video Downloader - Patrick - Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
      Freemake Youtube Download Button - Patrick - Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
      Freemake Video Converter - Patrick - Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
      DefaultTab - Patrick - Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
      Google Wallet - Patrick - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

      ==== Chrome Fix ======================

      C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanjjkgbodmfkdnkkhcjcghgnibdllak deleted successfully
      C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aanjjkgbodmfkdnkkhcjcghgnibdllak deleted successfully
      C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aanjjkgbodmfkdnkkhcjcghgnibdllak_0.localstorage deleted successfully
      C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aanjjkgbodmfkdnkkhcjcghgnibdllak_0.localstorage deleted successfully
      C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_aanjjkgbodmfkdnkkhcjcghgnibdllak_0 deleted successfully
      C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully
      C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage deleted successfully
      C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
      C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kdidombaedgpfiiedeimiebkmbilgmlc_0.localstorage deleted successfully

      ==== Set IE to Default ======================

      Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.nl/"

      New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.nl/"

      ==== All HKCU SearchScopes ======================

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
      {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"
      {DC0A83A2-BFE5-4814-9F8F-01D81513719E} Bing Url="http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox"

      ==== Reset Google Chrome ======================

      C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

      ==== Deleting CLSID Registry Keys ======================


      ==== Deleting CLSID Registry Values ======================

      HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
      HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
      HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully
      HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{8E9E3331-D360-4f87-8803-52DE43566502} deleted successfully

      ==== Deleting Registry Keys ======================

      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aanjjkgbodmfkdnkkhcjcghgnibdllak deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
      HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\aanjjkgbodmfkdnkkhcjcghgnibdllak deleted successfully
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 deleted successfully

      ==== Empty IE Cache ======================

      C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

      ==== Empty FireFox Cache ======================

      No FireFox Cache found

      ==== Empty Chrome Cache ======================

      C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

      ==== Empty All Flash Cache ======================

      Flash Cache Emptied Successfully

      ==== Empty All Java Cache ======================

      Java Cache cleared successfully

      ==== After Reboot ======================

      ==== Empty Temp Folders ======================

      C:\Windows\Temp successfully emptied
      C:\Users\Patrick\AppData\Local\Temp successfully emptied

      ==== Empty Recycle Bin ======================

      C:\$RECYCLE.BIN successfully emptied

      ==== EOF on ma 04-11-2013 at 18:11:32,93 ======================

      Comment


      • #4
        Hallo, wil je onderstaand script nogmaals runnen met zoek.exe aub.

        Code:
        Searchqu Toolbar;ff
        {99079a25-328f-4bd4-be04-00955acaa0a7};c
        autoclean;

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Hoi,

          Nog bedankt voor de hulp

          Bij deze :

          Zoek.exe Version 4.0.0.5 Updated 26-October-2013
          Tool run by Patrick on ma 04-11-2013 at 20:35:40,44.
          Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
          Running in: Normal Mode Internet Access Detected
          Launched: C:\Users\Patrick\Desktop\zoek.exe [Script inserted]

          ==== Older Logs ======================

          C:\zoek-results2013-11-04-171132.log 30368 bytes

          ==== Deleting CLSID Registry Keys ======================


          ==== Deleting CLSID Registry Values ======================


          ==== Deleting Services ======================


          ==== FireFox Fix ======================

          ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\izas1ncm.default

          user.js not found
          ---- FireFox user.js and prefs.js backups ----

          prefs_04-11-2013_2106_.backup

          ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default

          ---- FireFox user.js and prefs.js backups ----

          user_04-11-2013_2106_.backup
          prefs_04-11-2013_2106_.backup

          ==== Firefox Extensions Registry ======================

          [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
          "[email protected]"="C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [04-07-2013 15:59]

          ==== Firefox Extensions ======================

          ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\izas1ncm.default
          - Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

          ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default
          - VideoFileDownload - Download YouTube Videos - %ProfilePath%\extensions\[email protected]
          - IncrediMail MediaBar Nederlands 2 - %ProfilePath%\extensions\{95324e44-4b0a-47a9-8f77-9c6415e51c29}
          - Firebug - %ProfilePath%\extensions\[email protected]
          - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

          AppDir: C:\Program Files\Mozilla Firefox
          - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
          - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

          ==== Firefox Plugins ======================

          Profilepath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\2afx7xpl.default
          CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update
          4BF70B35B943BD73BD6E13EB7C1BA4B3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll - Shockwave Flash
          BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
          0C0C5C207121C7A78414A8250E8E099A - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director
          04ACC61B47857E779CD92D1D88770BF1 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
          77B09C2C6F407531447DA75E3ACD1C5B - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
          D493C8FC0D0FD015BB9765658D77346E - C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
          AB45A736C78A166B89C0A578AD5E4392 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.40.255
          136485E00BA2917F0FEA68D2EE78D733 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U4
          1F8FFDE82C52353906244AFDC6BAF2AB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
          B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight
          15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


          ==== Chrome Look ======================

          HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
          bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[05-02-2013 02:05]
          ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[07-05-2013 05:12]
          jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[01-07-2013 20:58]

          YouTube - Administrator - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
          Freemake Video Downloader - Patrick - Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
          Freemake Youtube Download Button - Patrick - Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
          Freemake Video Converter - Patrick - Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

          ==== Set IE to Default ======================

          Old Values:
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
          "Start Page"="http://www.google.nl/"

          New Values:
          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
          "Start Page"="http://www.google.nl/"

          ==== All HKCU SearchScopes ======================

          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
          "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
          {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
          {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"
          {DC0A83A2-BFE5-4814-9F8F-01D81513719E} Bing Url="http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox"

          ==== Empty IE Cache ======================

          C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
          C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
          C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

          ==== Empty FireFox Cache ======================

          No FireFox Cache found

          ==== Empty Chrome Cache ======================

          C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

          ==== Empty All Flash Cache ======================

          Flash Cache Emptied Successfully

          ==== Empty All Java Cache ======================

          Java Cache cleared successfully

          ==== After Reboot ======================

          ==== Empty Temp Folders ======================

          C:\Windows\Temp successfully emptied
          C:\Users\Patrick\AppData\Local\Temp successfully emptied

          ==== Empty Recycle Bin ======================

          C:\$RECYCLE.BIN successfully emptied

          ==== EOF on ma 04-11-2013 at 21:12:12,33 ======================

          Comment


          • #6
            Mooi, hoe gaat het nu ?

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Tot nog toe ondervind ik geen hinder meer !
              U wordt vriendelijk bedankt. Heel erg bedankt voor de hulp !

              mvg Patrick

              Comment


              • #8
                Download Delfix by Xplode naar het bureaublad.

                Dubbelklik op Delfix.exe om de tool te starten.
                Zet nu vinkjes voor de volgende items:
                • Activate UAC
                • Remove disinfection tools
                • Create registry backup
                • Purge System Restore
                • Reset system settings

                Klik nu op "Run" en wacht geduldig tot de tool gereed is.
                Wanneer de tool gereed is wordt er een logbestand aangemaakt. Dit hoeft u echter niet te plaatsen.

                Windows 10 opstarten in Veilige Modus

                Comment

                Sorry, you are not authorized to view this page
                Working...
                X