Ga naar inhoud

Ongewenst openen van popups

Areldi
 Delen

Aanbevolen berichten

Areldi Groentje

Areldi

Geplaatst:
Geplaatst:

Hallo

Ik heb wat probleempjes met mijn pc wanneer ik eender welke website open.

Telkens opnieuw openen er ongevraagd een heleboel popups met reclame. Heb intussen een nieuwe versie van het anti-virusprogramma Norton geïnstalleerd en een volledige systeemscan uitgevoerd. Maar spijtig genoeg is mijn probleem met de popups hiermee niet verholpen.

Ik heb intussen gelezen dat ik een logje moest maken via Hijack This. Dit heb ik dan ook gedaan en hierbij het logje.

Kan er iemand mij helpen?

Alvast enorm bedankt.

Groeten

Elly

hijackthis.log

Link naar reactie
Delen op andere sites
  • Reacties 28
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Asus Grootmeester

Asus

Geplaatst:
Geplaatst:

Hoi Areldi,

welkom op PC-Helpforum.be. ;-)

Kan je het onderstaande uitvoeren en het gevraagde logje hier in je topic posten ? ...

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hoe je controleert of je met een 32- of 64-bitversie van Windows werkt kan je hier bekijken.

Dubbelklik op RSIT.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is worden er twee kladblok bestanden geopend genaamd "Log.txt" en "Info.txt" .

RSIT Logbestanden plaatsen

  • Voeg het logbestand met de naam "Log.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map ""C:\\rsit")
  • Het logbestand met de naam "Info.txt" wat geminimaliseerd is hoeft u niet te plaatsen. (Dit logbestand wordt enkel de eerst keer bij het uitvoeren aangemaakt).
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

De handleiding voor het gebruik van RSIT kan je HIER bekijken en we hebben ook nog een instructievideo.

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  {8B624B2F-A864-36E1-8B10-D4103705A0E3};c
 C:\ProgramData\saaveron;fs
 {CB0783F5-C378-C372-052D-95B5BB96A522};c
 C:\ProgramData\shoPndrop;fs
 {ae07101b-46d4-4a98-af68-0333ea26e113};c
 AnyProtect Scanner;s
 C:\Program Files (x86)\AnyProtectEx;fs
 C:\Windows\tasks\APSnotifierPP1.job;f
 C:\Windows\tasks\APSnotifierPP2.job;f 
 C:\Windows\tasks\APSnotifierPP3.job,f 
 C:\Windows\tasks\couponsupport-S-649636217.job;f
 C:\Windows\tasks\Dunuwqzqyp.job;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B624B2F-A864-36E1-8B10-D4103705A0E3}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0783F5-C378-C372-052D-95B5BB96A522}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B624B2F-A864-36E1-8B10-D4103705A0E3}];r64
 [-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0783F5-C378-C372-052D-95B5BB96A522}];r64
 [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run];r64
 ""=-,r64
 "fst_be_69"=-;r64
 "BlockAndSurf"=-;r64
 "AnyProtect Scanner"=-;r64
 C:\Program Files (x86)\ver8BlockAndSurf;fs
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r64
 "AppInit_DLLs"=-;r64
 C:\ProgramData\GetTheDiscount;fs
 C:\ProgramData\374311380;fs
  emptyfolderscheck;delete 
startupall; 
filesrcm;

  • Klik op de knop "More options" en vink nu de onderstaande opties aan.
  • Do a Quick Scan

  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Link naar reactie
Delen op andere sites
Areldi Groentje

Areldi

Geplaatst:
  • Auteur
Geplaatst:

Zoek.exe v5.0.0.0 Updated 04-October-2014

Tool run by Elly on zo 05/10/2014 at 15:23:42,59.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Elly\Downloads\zoek (2)\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

5/10/2014 15:24:56 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\cosstminn deleted successfully

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\predm deleted successfully

C:\Program Files\Google deleted successfully

C:\Program Files\log deleted successfully

C:\PROGRA~3\374311380 deleted successfully

C:\PROGRA~3\Babylon deleted successfully

C:\PROGRA~3\cosstminn deleted successfully

C:\PROGRA~3\GetTheDiscount deleted successfully

C:\Users\Elly\AppData\Roaming\ap_logs deleted successfully

C:\Users\Elly\AppData\Roaming\TP deleted successfully

C:\Users\Elly\AppData\Local\PackageAware deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B624B2F-A864-36E1-8B10-D4103705A0E3} deleted successfully

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8B624B2F-A864-36E1-8B10-D4103705A0E3} deleted successfully

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB0783F5-C378-C372-052D-95B5BB96A522} deleted successfully

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB0783F5-C378-C372-052D-95B5BB96A522} deleted successfully

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47358875-3DC9-476D-86D8-E23DFF8D4E13} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B624B2F-A864-36E1-8B10-D4103705A0E3} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8B624B2F-A864-36E1-8B10-D4103705A0E3} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{8B624B2F-A864-36E1-8B10-D4103705A0E3} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8B624B2F-A864-36E1-8B10-D4103705A0E3} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B624B2F-A864-36E1-8B10-D4103705A0E3} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B624B2F-A864-36E1-8B10-D4103705A0E3} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CB0783F5-C378-C372-052D-95B5BB96A522} deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CB0783F5-C378-C372-052D-95B5BB96A522} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{CB0783F5-C378-C372-052D-95B5BB96A522} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{CB0783F5-C378-C372-052D-95B5BB96A522} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0783F5-C378-C372-052D-95B5BB96A522} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0783F5-C378-C372-052D-95B5BB96A522} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]

@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"bProtectorDefaultScope"=-

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B624B2F-A864-36E1-8B10-D4103705A0E3}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0783F5-C378-C372-052D-95B5BB96A522}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B624B2F-A864-36E1-8B10-D4103705A0E3}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0783F5-C378-C372-052D-95B5BB96A522}]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"fst_be_69"=-

"BlockAndSurf"=-

"AnyProtect SCANNER"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\AnyProtectEx not found

C:\Program Files (x86)\ver8BlockAndSurf not found

C:\ProgramData\GetTheDiscount not found

C:\ProgramData\374311380 not found

C:\ProgramData\saaveron deleted

C:\ProgramData\shoPndrop deleted

C:\PROGRA~3\153a4c4d4d36ec26 deleted

C:\PROGRA~2\GUTC8E2.tmp deleted

C:\PROGRA~2\GUMC8D2.tmp deleted

C:\PROGRA~2\Feed2All deleted

C:\Support deleted

C:\Users\Elly\AppData\Roaming\Claro LTD deleted

C:\Users\Elly\AppData\Roaming\aps.uninstall.scan.results deleted

C:\Users\Elly\AppData\Roaming\freegames4357 deleted

C:\Users\Elly\AppData\Roaming\speedtest4354 deleted

C:\Users\Elly\AppData\Roaming\Babylon deleted

C:\PROGRA~3\Ask deleted

C:\PROGRA~3\APN deleted

C:\PROGRA~3\Partner deleted

C:\PROGRA~3\WindowsMangerProtect deleted

C:\Users\Elly\AppData\Local\com deleted

C:\Users\Elly\AppData\Local\WebPlayer\FLV Player deleted

C:\Users\Elly\AppData\Local\WebPlayer deleted

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted

C:\Users\Elly\Downloads\iLividSetup-r420-n-bc.exe deleted

C:\Users\Elly\Downloads\iLividSetup.exe deleted

C:\Users\Elly\Downloads\iLividSetupV1.exe deleted

C:\Users\Elly\Downloads\avg_free_stb_all_2013_2897_cnet.exe deleted

C:\Users\Elly\Downloads\VideoPerformerSetup_v65ce9b.exe deleted

C:\Users\Elly\AppData\LocalLow\{378FC349-45C6-091B-1BB6-6DBFC756C030} deleted

C:\windows\SysNative\tasks\couponsupport-S-649636217 deleted

C:\Windows\tasks\couponsupport-S-649636217.job deleted

C:\Windows\tasks\APSnotifierPP1.job deleted

C:\Windows\tasks\APSnotifierPP2.job deleted

C:\Windows\tasks\APSnotifierPP3.job deleted

C:\windows\SysNative\tasks\APSnotifierPP1 deleted

C:\windows\SysNative\tasks\APSnotifierPP2 deleted

C:\windows\SysNative\tasks\APSnotifierPP3 deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\Windows\SysWow64\searchplugins deleted

C:\Windows\SysWow64\Extensions deleted

C:\Users\Elly\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers deleted

C:\Users\Elly\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers deleted

"C:\Windows\tasks\Dunuwqzqyp.job" deleted

"C:\PROGRA~3\Performance Optimizer\PerformanceOptimizer_x64.dll" deleted

"C:\PROGRA~3\Performance Optimizer" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Elly\AppData\Local\Temp ====

2014-10-05 10:10:56 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Elly\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1nvfk7.dll

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2014-10-01 13:27:54 BBA80D3CAB22620A6AC9BB603386EE33 519680 ----a-w- C:\Windows\SysWOW64\qdvd.dll

2014-09-25 18:19:57 C263F3E7E0523556964D661BC7CB9565 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-10-01 13:27:54 8D46C7BCDF7FBAAC8666D6640ADA930E 371712 ----a-w- C:\Windows\Sysnative\qdvd.dll

2014-09-25 18:19:57 A8A87343CAE432677D82C0BCC753D905 2048 ----a-w- C:\Windows\Sysnative\tzres.dll

====== C:\Windows\Sysnative\drivers =====

2014-09-21 10:50:25 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.INF

2014-09-21 10:50:25 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.SYS

2014-09-21 10:50:25 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.CAT

====== C:\Windows\Tasks ======

2014-10-05 11:12:24 943FB4913164A7004FF411B071C1B4ED 3120 ----a-w- C:\Windows\Sysnative\Tasks\{0D143806-64DD-4266-B2BA-0055DC9DCA9E}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-10-05 11:11:09 -------- d-----w- C:\Program Files\trend micro

======= C:\PROGRA~2 =====

======= C: =====

====== C:\Users\Elly\AppData\Roaming ======

====== C:\Users\Elly ======

2014-10-05 11:10:41 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Elly\Downloads\RSITx64 (1).exe

2014-10-05 11:09:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Elly\Downloads\RSITx64.exe

2014-09-07 17:34:55 -------- d-----w- C:\ProgramData\Performance Optimizer

====== C: exe-files ==

2014-10-05 11:11:12 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Elly.exe

2014-10-05 11:10:41 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Elly\Downloads\RSITx64 (1).exe

2014-10-05 11:09:56 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Elly\Downloads\RSITx64.exe

=== C: other files ==

2014-10-05 10:56:55 1565A2857483225C38BCA60A1D8D8C6D 9765 ----a-w- C:\Users\Elly\Downloads\Kampioenschappen Ede Haaltert.zip

2014-10-02 17:59:08 E163E10191958FF6A2B0B48353F9E9FD 876248 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtsp64.sys

2014-10-02 17:59:08 9F31630D7FC2DD9D5DA1CE359AAD1F46 1148120 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\symefa64.sys

2014-10-02 17:59:08 68E7B6708B9EEE021301C483825D05EA 37592 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtspx64.sys

2014-10-02 17:59:08 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\symds64.sys

2014-10-02 17:59:08 5570A74FF9B1EFBC5154DD1E2F05C517 593112 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys

2014-10-02 17:59:08 2C95265BE19F338E1C1090E4E91055BB 266968 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys

2014-10-02 17:59:08 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\symelam.sys

2014-10-02 17:59:08 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\drivers\NISx64\1506000.020\ccsetx64.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe /STARTUP"

"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"NBAgent"="c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"

"beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

"ITSecMng"="%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START"

"TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe /STARTUP"

"TomTomHOME.exe"="C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\\progra~3\\browse~1\\261040~1.25\\{c16c1~1\\browse~1.dll "

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 "

"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"

"Toshiba Registration"="C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe"

"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe "

"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe "

"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"

"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe "

"TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

"Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r"

"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"

"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "

==== Startup Folders ======================

2011-08-01 10:33:25 1258 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

2011-08-01 10:33:25 1258 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

2014-05-14 17:26:02 1055 ----a-w- C:\Users\Elly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2012-07-19 14:37:30 2042 ----a-w- C:\Users\Elly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

2012-12-12 21:41:52 1964 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FocalFilterHelper.lnk

2014-07-25 07:52:52 2106 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

2011-08-01 11:12:20 773 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [25/09/2014 20:15]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\ConfigFree Startup Programs" [C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe]

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"]

"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]

"C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe]

"C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn" [05/10/2014 12:10]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [25/07/2014 09:54]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Elly\AppData\Roaming\TomTom\HOME\Profiles\l2vk0jy4.default

- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com

- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

- Carminat TomTom - %ProfilePath%\extensions\RenaultTheme@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

==== Firefox Plugins ======================

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bopakagnckmlgajfccecajhnimjiiedh - No path found[]

iikflkcanblccfahdhdonehdalibjnif - No path found[]

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20/09/2014 10:52]

nppllibpnmahfaklnpggkibhkapjkeob - No path found[]

cosstminn - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Administrator\AppData\Local\Torch\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Elly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Elly\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

MSS+ Extension - Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Earth TV - Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn

Norton Security Toolbar - Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Google Wallet - Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Facebook Font Changer - Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlngaodoaf

Select City - Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma

cosstminn - Elly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Elly\AppData\Local\Torch\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - Gast\AppData\Local\Torch\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

cosstminn - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej

==== Chromium Startpages ======================

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Preferences

"homepage": "http://www.google.be/",

"startup_urls": [ "http://www.google.be/" ],

==== Chromium Fix ======================

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Elly\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Elly\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Elly\AppData\Local\Torch\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\flbbgbcgipbbjabligcdnadielmngeej deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kpnmncjdpbehanjnmpmodhbheohhcpdn_0.localstorage deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kpnmncjdpbehanjnmpmodhbheohhcpdn_0.localstorage-journal deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkmjdncgblppfakdnmcbljlngaodoaf deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olkmjdncgblppfakdnmcbljlngaodoaf_0.localstorage deleted successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olkmjdncgblppfakdnmcbljlngaodoaf_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.istartsurf.com/?type=hp&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS"

"Search Page"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQc47Bo-q0x6Mz2OCdh716vxofi5OC_-49x6JO22twHnhRo3fYEx5brKUg8Mkpoq4WO_-QKyPYOtci8rkIhSK3NvMbLoFc3iuUh8h60346-vAqfhPN8dNQo9Yx_cRn1i3356DgKjMMXNWU8C-hp3wxzH8t5&q={searchTerms}"

"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS"

"Search Bar"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQc47Bo-q0x6Mz2OCdh716vxofi5OC_-49x6JO22twHnhRo3fYEx5brKUg8Mkpoq4WO_-QKyPYOtci8rkIhSK3NvMbLoFc3iuUh8h60346-vAqfhPN8dNQo9Yx_cRn1i3356DgKjMMXNWU8C-hp3wxzH8t5&q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS&q={searchTerms}"

"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS"

"Start Page"="http://www.istartsurf.com/?type=hp&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS"

"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS&q={searchTerms}"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS&q={searchTerms}"

"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS"

"Start Page"="http://www.istartsurf.com/?type=hp&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS"

"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1408301009&from=tugs&uid=TOSHIBAXMK5075GSX_12L2S45YSXX12L2S45YS&q={searchTerms}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQc47Bo-q0x6Mz2OCdh716vxofi5OC_-49x6JO22twHnhRo3fYEx5brKUg8Mkpoq4WO_-QKyPYOtci8rkIhSK3NvMbLoFc3iuUh8h60346-vAqfhPN8dNQo9Yx_cRn1i3356DgKjMMXNWU8C-hp3wxzH8t5&q={searchTerms}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQc47Bo-q0x6Mz2OCdh716vxofi5OC_-49x6JO22twHnhRo3fYEx5brKUg8Mkpoq4WO_-QKyPYOtci8rkIhSK3NvMbLoFc3iuUh8h60346-vAqfhPN8dNQo9Yx_cRn1i3356DgKjMMXNWU8C-hp3wxzH8t5&q={searchTerms}"

"SearchAssistant"="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbPGr6Jy1Ks2e111hOmaVHQc47Bo-q0x6Mz2OCdh716vxofi5OC_-49x6JO22twHnhRo3fYEx5brKUg8Mkpoq4WO_-QKyPYOtci8rkIhSK3NvMbLoFc3iuUh8h60346-vAqfhPN8dNQo9Yx_cRn1i3356DgKjMMXNWU8C-hp3wxzH8t5&q={searchTerms}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\mozilla\Firefox\Extensions\speedtest4354@BestOffers deleted successfully

HKEY_USERS\S-1-5-21-4235831444-233613508-3393084733-1000\Software\mozilla\Firefox\Extensions\freegames4357@BestOffers deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{F04D2D30-776C-4d02-8627-8E4385ECA58D} deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\speedtest4354@BestOffers deleted successfully

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\freegames4357@BestOffers deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\S-649636217 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Elly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Elly\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Elly\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=418 folders=156 35845043 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Elly\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Elly\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\Performance Optimizer" not found

==== EOF on zo 05/10/2014 at 16:08:44,58 ======================

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Dubbelklik op Zoek.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

 
 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
"AppInit_DLLs"=-;r64
 CHRdefaults;

  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Link naar reactie
Delen op andere sites
Areldi Groentje

Areldi

Geplaatst:
  • Auteur
Geplaatst:

Hierbij het logje

Zoek.exe v5.0.0.0 Updated 04-October-2014

Tool run by Elly on zo 05/10/2014 at 22:53:33,24.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Elly\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-10-05-140844.log 36471 bytes

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Reset Google Chrome ======================

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=418 folders=156 35845043 bytes)

==== EOF on zo 05/10/2014 at 22:55:46,74 ======================

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Download adwcleaner.pngAdwCleaner by Xplode naar het bureaublad.

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik op Scan.
  • Klik vervolgens op Clean.
  • Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[s0].txt.

Logbestand plaatsen

  • Voeg het logbestand met de naam C:\AdwCleaner\AdwCleaner[s0].txt als bijlage toe aan het volgende bericht.
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Link naar reactie
Delen op andere sites
Areldi Groentje

Areldi

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Hierbij de gevraagde info.

# AdwCleaner v3.311 - Rapport aangemaakt 06/10/2014 op 18:41:42

# Laatste Update 30/09/2014 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruikersnaam : Elly - AREZINA

# Gestart vanuit : C:\Users\Elly\Downloads\adwcleaner_3.311.exe

# Optie : Verwijderen

***** [ Services ] *****

***** [ Bestanden / Mappen ] *****

Map Verwijderd : C:\Users\Administrator\AppData\Local\Chromatic Browser

Map Verwijderd : C:\Users\Administrator\AppData\Local\torch

Map Verwijderd : C:\Users\Elly\AppData\Local\Chromatic Browser

Map Verwijderd : C:\Users\Elly\AppData\Local\torch

Map Verwijderd : C:\Users\Elly\AppData\LocalLow\HPAppData

Map Verwijderd : C:\Users\Gast\AppData\Local\Chromatic Browser

Map Verwijderd : C:\Users\Gast\AppData\Local\torch

Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

Map Verwijderd : C:\Users\HomeGroupUser$\AppData\Local\torch

Map Verwijderd : C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

[!] Map Verwijderd : C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

***** [ Taken ] *****

Taak Verwijderd : APSnotifierPP1

Taak Verwijderd : APSnotifierPP2

***** [ Snelkoppelingen ] *****

***** [ Register ] *****

Sleutel Verwijderd : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Sleutel Verwijderd : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Superfish

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

Sleutel Verwijderd : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Sleutel Verwijderd : HKCU\Software\5948f8bb03be515

Sleutel Verwijderd : HKLM\SOFTWARE\5948f8bb03be515

Sleutel Verwijderd : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2977C29A-6723-4436-90BB-F7C5FDEF88A1}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Sleutel Verwijderd : HKCU\Software\1ClickDownload

Sleutel Verwijderd : HKCU\Software\AnyProtect

Sleutel Verwijderd : HKCU\Software\Claro LTD

Sleutel Verwijderd : HKCU\Software\DataMngr

[#] Sleutel Verwijderd : HKCU\Software\DataMngr_Toolbar

Sleutel Verwijderd : HKCU\Software\InstallCore

Sleutel Verwijderd : HKCU\Software\performersoft llc

Sleutel Verwijderd : HKCU\Software\SmartBar

Sleutel Verwijderd : HKCU\Software\SupHpUISoft

Sleutel Verwijderd : HKCU\Software\SweetIM

Sleutel Verwijderd : HKCU\Software\TutoTag

Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\BlockAndSurf

Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Show-Password

Sleutel Verwijderd : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Sleutel Verwijderd : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Sleutel Verwijderd : HKLM\SOFTWARE\Babylon

Sleutel Verwijderd : HKLM\SOFTWARE\DataMngr

Sleutel Verwijderd : HKLM\SOFTWARE\FreeSoftToday

Sleutel Verwijderd : HKLM\SOFTWARE\istartsurfSoftware

Sleutel Verwijderd : HKLM\SOFTWARE\SupDp

Sleutel Verwijderd : HKLM\SOFTWARE\SupTab

Sleutel Verwijderd : HKLM\SOFTWARE\supWindowsMangerProtect

Sleutel Verwijderd : HKLM\SOFTWARE\SweetIM

Sleutel Verwijderd : HKLM\SOFTWARE\Tutorials

Sleutel Verwijderd : HKLM\SOFTWARE\Uniblue

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Gegevens Verwijderd : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Sleutel Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Instelling Hersteld : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

-\\ Google Chrome v36.0.1985.143

[ Bestand : C:\Users\Elly\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Verwijderd [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [9328 octets] - [06/10/2014 18:39:58]

AdwCleaner[s0].txt - [8043 octets] - [06/10/2014 18:41:42]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8103 octets] ##########

aangepast door kape
dubbellog verwijderd
Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.