Vraag & Antwoord

Beveiliging & privacy

ongewenste toolbars in HJT te zien

10 antwoorden
  • Af en toe doe ik een HJT controle. Dit keer zag ik (minstens) 2 ongevraagde en ongewenste toolbars, waarbij ik dacht dat ik searchqu had verwijderd. nee dus? En die onder "03" daarvan vertrouw ik die "noname" ook niet. Hierbij alvast een logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:23:39, on 4-10-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\Program Files\MailWasher Pro\MailWasher.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE O4 - Startup: MailWasher.lnk = C:\Program Files\Firetrust\MailWasher\MailWasher.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O20 - AppInit_DLLs: O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: uvnc_service - UltraVNC - C:\Users\Ultimate\AppData\Local\CrossLoop\winvnc.exe -- End of file - 5452 bytes in eerste instantie en bij voorbaat alvast hartelijk dank!
  • We gaan kijken: [color=#FF0000:5c512f23db][b:5c512f23db]Stap •1•[/b:5c512f23db][/color:5c512f23db] [b:5c512f23db]Welk programma[/b:5c512f23db]: [color=#008000:5c512f23db][b:5c512f23db]AdwCleaner[/b:5c512f23db][/color:5c512f23db] [b:5c512f23db]Waarvoor/waarom[/b:5c512f23db]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:5c512f23db]Moeilijkheidsgraad[/b:5c512f23db]: Geen. [b:5c512f23db]Downloadlokatie[/b:5c512f23db]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:5c512f23db]Download[/b:5c512f23db]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner]AdwCleaner by Xplode[/url]. [b:5c512f23db]Opmerkingen[/b:5c512f23db]: [list:5c512f23db][*:5c512f23db][color=#FF0000:5c512f23db][b:5c512f23db] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:5c512f23db][/color:5c512f23db]. [*:5c512f23db]Dat na opstarten van [color=#008000:5c512f23db][b:5c512f23db]AdwCleaner[/b:5c512f23db][/color:5c512f23db] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:5c512f23db] [b:5c512f23db][color=#008000:5c512f23db]AdwCleaner[/color:5c512f23db] opstarten[/b:5c512f23db]: [list:5c512f23db][*:5c512f23db][b:5c512f23db][color=#0000FF:5c512f23db]Windows 2000[/color:5c512f23db][/b:5c512f23db] en [color=#0000FF:5c512f23db][b:5c512f23db]Windows XP[/b:5c512f23db][/color:5c512f23db]: dubbelklik op adwcleaner.exe. [*:5c512f23db][color=#0000FF:5c512f23db][b:5c512f23db]Windows Vista[/b:5c512f23db][/color:5c512f23db] en [color=#0000FF:5c512f23db][b:5c512f23db]Windows 7[/b:5c512f23db][/color:5c512f23db]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:5c512f23db] [b:5c512f23db][color=#008000:5c512f23db]AdwCleaner[/color:5c512f23db] is opgestart[/b:5c512f23db]: [list:5c512f23db][*:5c512f23db]Klik nu eerst op de knop [color=#0000FF:5c512f23db][b:5c512f23db]Zoeken[/b:5c512f23db][/color:5c512f23db]; klik daarna het geopende log weg. [*:5c512f23db]Klik vervolgens op de knop [color=#0000FF:5c512f23db][b:5c512f23db]Verwijderen[/b:5c512f23db][/color:5c512f23db] [*:5c512f23db]Klik bij [color=#0000FF:5c512f23db][b:5c512f23db]AdwCleaner – Afsluiting van de programma's[/b:5c512f23db][/color:5c512f23db] op [b:5c512f23db]OK[/b:5c512f23db] [*:5c512f23db]Klik bij [color=#0000FF:5c512f23db][b:5c512f23db]AdwCleaner – Herstarten noodzakelijk[/b:5c512f23db][/color:5c512f23db] op [b:5c512f23db]OK[/b:5c512f23db][/list:u:5c512f23db] [b:5c512f23db][color=#008000:5c512f23db]AdwCleaner[/color:5c512f23db] logbestand[/b:5c512f23db]: [list:5c512f23db][*:5c512f23db]Nadat de PC opnieuw is opgestart, opent een logfile. [*:5c512f23db]Post vervolgens aansluitend de inhoud van dit log in je volgende bericht. [list:5c512f23db]Indien je een foutmelding krijgt, probeer dan eerst of de scan in Veilige modus wel werkt.[/list:u:5c512f23db][/list:u:5c512f23db] [color=#FF0000:5c512f23db][b:5c512f23db]Stap •2•[/b:5c512f23db][/color:5c512f23db] [b:5c512f23db]Welk programma[/b:5c512f23db]: [color=#008000:5c512f23db][b:5c512f23db]Malwarebytes MBAM[/b:5c512f23db][/color:5c512f23db] [b:5c512f23db]Waarvoor/waarom[/b:5c512f23db]: gratis specialistische ondemandscanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:5c512f23db]Moeilijkheidsgraad[/b:5c512f23db]: geen. [b:5c512f23db]Download Malwarebytes MBAM via één van deze locaties[/b:5c512f23db]: [list:5c512f23db][*:5c512f23db][url=http://www.softpedia.com/result.php?sid=&pid=1-423&r=Z2V0L0FudGl2aXJ1cy9NYWx3YXJlYnl0ZXMtQW50aS1NYWx3YXJlLnNodG1s][b:5c512f23db]Softpedia.com[/b:5c512f23db][/url][*:5c512f23db][url=http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html][b:5c512f23db]Majorgeeks.com[/b:5c512f23db][/url][/list:u:5c512f23db] [b:5c512f23db]Allereerst[/b:5c512f23db]:[list:5c512f23db][*:5c512f23db] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:5c512f23db] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:5c512f23db] [b:5c512f23db]Malwarebytes MBAM opstarten[/b:5c512f23db]: [list:5c512f23db][*:5c512f23db] [b:5c512f23db][color=#0000FF:5c512f23db]Sluit nu eerst alle nog openstaande programmavensters![/color:5c512f23db][/b:5c512f23db] [list:5c512f23db][*:5c512f23db][b:5c512f23db][color=#0000FF:5c512f23db]Windows 2000[/color:5c512f23db][/b:5c512f23db] en [color=#0000FF:5c512f23db][b:5c512f23db]Windows XP[/b:5c512f23db][/color:5c512f23db]: dubbelklik op de MBAM -snelkoppeling. [*:5c512f23db][color=#0000FF:5c512f23db][b:5c512f23db]Windows Vista[/b:5c512f23db][/color:5c512f23db] en [color=#0000FF:5c512f23db][b:5c512f23db]Windows 7[/b:5c512f23db][/color:5c512f23db]: rechtsklik op de MBAM-snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:5c512f23db][/list:u:5c512f23db] [list:5c512f23db][*:5c512f23db][b:5c512f23db]Let op:[/b:5c512f23db] [list:5c512f23db][*:5c512f23db]Malwarebytes verstrekt nu de volledige versie van MBAM. [*:5c512f23db]Bij de eerste start kijg je de mogelijkheid de gratis probeerversie van Malwarebytes AntiMalware tijdelijk te gebruiken. [*:5c512f23db]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan voor de gratis versie te gaan en dus het vinkje bij de probeerversie te verwijderen. [*:5c512f23db]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:5c512f23db] [img:5c512f23db]http://www.imgdumper.nl/uploads5/5006440296e1a/5006440291bd9-MBAM_4.jpg[/img:5c512f23db] [*:5c512f23db][b:5c512f23db]Doe ook nog het volgende:[/b:5c512f23db] [list:5c512f23db][*:5c512f23db]Zodra het programma gestart is, ga dan naar het tabblad "[b:5c512f23db]Instellingen[/b:5c512f23db]". [*:5c512f23db]Vink hier aan: "[b:5c512f23db]Sluit Internet Explorer tijdens verwijdering van malware[/b:5c512f23db]".[/list:u:5c512f23db][/list:u:5c512f23db] [b:5c512f23db]Scannen[/b:5c512f23db]: [list:5c512f23db][*:5c512f23db] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'. [*:5c512f23db]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:5c512f23db]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:5c512f23db] [b:5c512f23db]Infecties gevonden[/b:5c512f23db]: [list:5c512f23db][*:5c512f23db]Klik nu eerst op OK om de melding weg te klikken [*:5c512f23db]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:5c512f23db]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:5c512f23db]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:5c512f23db]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:5c512f23db]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:5c512f23db] [b:5c512f23db]MBAM-Log[/b:5c512f23db]: [list:5c512f23db][*:5c512f23db] Het log wordt automatisch bewaard door 'MBAM' en dat kan je terugvinden door in het hoofdmenu van 'MBAM' op de tab 'Logbestanden' te klikken.[/list:u:5c512f23db] [color=#008000:5c512f23db][b:5c512f23db]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:5c512f23db][/color:5c512f23db]
  • ADW cleaner kon ik alleen afsluiten door opnieuw te laten draaien in V.M. ; een logje heb ik niet meer maar er waren geen ongeoorloofde bestanden te zien. Hier volgt het log van de MBAM: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Databaseversie: v2012.10.04.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Ultimate :: ULTIMATE-PC [administrator] 4-10-2012 18:52:18 mbam-log-2012-10-04 (18-52-18).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 187141 Verstreken tijd: 3 minuut/minuten, 51 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) --------- Zelf doe ik ook al met regelmaat MBAM, Ccleaner en Eset online scan. Ben benieuwd.!
  • het logo van Adw Cleaner deed mij denken aan een teek die ik eergisteren oogstte, maar dit terzijde: [img:7f566f17b8]http://i50.tinypic.com/kn8sp.jpg[/img:7f566f17b8]
  • Vergelijkbaar dus met unwanted sofware in Windows! Dan gaan we uitgebreider op zoek: [b:f19aa6c047]Welk programma[/b:f19aa6c047]: [color=#008000:f19aa6c047][b:f19aa6c047]OTL.com[/b:f19aa6c047][/color:f19aa6c047] [b:f19aa6c047]Waarvoor/waarom[/b:f19aa6c047]: multifunktioneel tool - analyse en fix [b:f19aa6c047]Moeilijkheidsgraad[/b:f19aa6c047]: geen. [b:f19aa6c047]Download[/b:f19aa6c047]: [url=http://oldtimer.geekstogo.com/OTL.com][b:f19aa6c047][color=red:f19aa6c047]OTL[/color:f19aa6c047][/b:f19aa6c047][/url] en plaats het bestand op het bureaublad. [b:f19aa6c047][color=#008000:f19aa6c047]OTL.com[/color:f19aa6c047] gebruiken[/b:f19aa6c047]: [list:f19aa6c047][*:f19aa6c047] [b:f19aa6c047][color=#0000FF:f19aa6c047]Sluit nu eerst alle nog openstaande programmavensters![/color:f19aa6c047][/b:f19aa6c047] [list:f19aa6c047][*:f19aa6c047][b:f19aa6c047][color=#0000FF:f19aa6c047]Windows 2000[/color:f19aa6c047][/b:f19aa6c047] en [color=#0000FF:f19aa6c047][b:f19aa6c047]Windows XP[/b:f19aa6c047][/color:f19aa6c047]: dubbelklik op [color=#008000:f19aa6c047][b:f19aa6c047]OTL[/b:f19aa6c047][/color:f19aa6c047]. [*:f19aa6c047][color=#0000FF:f19aa6c047][b:f19aa6c047]Windows Vista[/b:f19aa6c047][/color:f19aa6c047] en [color=#0000FF:f19aa6c047][b:f19aa6c047]Windows 7[/b:f19aa6c047][/color:f19aa6c047]: via rechtsklik op [color=#008000:f19aa6c047][b:f19aa6c047]OTL.[/b:f19aa6c047][/color:f19aa6c047] en kies voor "Als Administrator uitvoeren".[/list:u:f19aa6c047][/list:u:f19aa6c047] [list:f19aa6c047][*:f19aa6c047]Zet een vinkje bij [color=#0000FF:f19aa6c047][b:f19aa6c047]Scan All Users[/b:f19aa6c047][/color:f19aa6c047]. [*:f19aa6c047]Klik vervolgens op de knop [img:f19aa6c047]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:f19aa6c047]. [*:f19aa6c047]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:f19aa6c047]De scan zal niet heel erg lang duren. [list:f19aa6c047][*:f19aa6c047]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:f19aa6c047]OTL.Txt[/b:f19aa6c047] en [b:f19aa6c047]Extras.txt[/b:f19aa6c047]. [*:f19aa6c047]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:f19aa6c047] [*:f19aa6c047][color=#008000:f19aa6c047][b:f19aa6c047]Notabene:[/b:f19aa6c047][/color:f19aa6c047] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:f19aa6c047]
  • hier het OTL: OTL logfile created on: 4-10-2012 20:29:21 - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Ultimate\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3,25 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 77,88% Memory free 6,50 Gb Paging File | 5,34 Gb Available in Paging File | 82,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 190,43 Gb Free Space | 81,80% Space Free | Partition Type: NTFS Drive X: | 465,73 Gb Total Space | 211,66 Gb Free Space | 45,45% Space Free | Partition Type: NTFS Drive Z: | 298,09 Gb Total Space | 239,69 Gb Free Space | 80,41% Space Free | Partition Type: NTFS Computer Name: ULTIMATE-PC | User Name: Ultimate | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:0ba1d22f02]========== Processes (SafeList) ==========[/color:0ba1d22f02] PRC - [2012-10-04 20:27:45 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Ultimate\Desktop\OTL.com PRC - [2012-09-28 20:45:04 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_500_80.exe PRC - [2012-09-14 12:56:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-09-07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012-08-31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012-08-21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-08-21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-07-26 14:16:14 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012-04-06 04:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012-04-06 04:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012-04-05 21:56:18 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011-10-21 22:47:12 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe PRC - [2011-10-21 22:47:04 | 000,060,552 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe PRC - [2011-04-07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-01-24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe PRC - [2010-11-20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010-03-24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010-03-15 12:24:06 | 000,560,792 | ---- | M] (CrossLoop Inc) -- C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe PRC - [2009-07-14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe PRC - [2008-09-16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PRC - [2007-11-14 21:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe PRC - [2007-08-20 10:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe PRC - [2003-11-06 10:18:13 | 004,393,984 | ---- | M] (eCOSM) -- C:\Program Files\MailWasher Pro\MailWasher.exe [color=#E56717:0ba1d22f02]========== Modules (No Company Name) ==========[/color:0ba1d22f02] MOD - [2012-09-28 20:45:04 | 014,580,664 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_500_80.dll MOD - [2012-09-14 12:56:30 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll [color=#E56717:0ba1d22f02]========== Services (SafeList) ==========[/color:0ba1d22f02] SRV - [2012-09-28 20:45:04 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-09-14 12:56:30 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-08-31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012-08-21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012-07-26 14:16:14 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012-06-05 12:26:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012-04-24 12:31:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012-04-06 04:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012-04-05 21:56:18 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011-10-21 22:47:12 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent) SRV - [2011-10-21 22:47:04 | 000,060,552 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent) SRV - [2011-01-24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus) SRV - [2010-03-15 12:24:06 | 000,560,792 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService) SRV - [2009-12-06 22:12:48 | 001,590,216 | ---- | M] (UltraVNC) [On_Demand | Stopped] -- C:\Users\Ultimate\AppData\Local\CrossLoop\winvnc.exe -- (uvnc_service) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008-09-16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) SRV - [2007-11-14 21:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize) [color=#E56717:0ba1d22f02]========== Driver Services (SafeList) ==========[/color:0ba1d22f02] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BurnInTest\DirectIo32.sys -- (DIRECTIO37) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BurnInTest\DirectIo32.sys -- (DIRECTIO) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2012-10-04 18:52:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012-08-21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012-08-21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012-08-21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012-08-21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012-08-21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012-08-21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-04-06 07:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012-04-06 03:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012-03-05 16:04:30 | 000,045,184 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.1) DRV - [2012-02-23 14:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011-10-21 22:46:56 | 000,185,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\EuFdDisk.sys -- (EUFDDISK) DRV - [2011-10-21 22:46:54 | 000,043,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON) DRV - [2011-10-21 22:46:48 | 000,017,032 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS) DRV - [2011-10-21 22:46:46 | 000,039,560 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP) DRV - [2011-10-13 13:06:14 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2011-10-13 13:06:14 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim) DRV - [2011-10-13 13:06:14 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus) DRV - [2011-03-02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent) DRV - [2011-02-16 17:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2011-01-17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2011-01-17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw) DRV - [2011-01-12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter) DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010-11-20 14:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010-11-20 12:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010-07-08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdisMP) DRV - [2010-07-08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdis) DRV - [2010-02-18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) [color=#E56717:0ba1d22f02]========== Standard Registry (SafeList) ==========[/color:0ba1d22f02] [color=#E56717:0ba1d22f02]========== Internet Explorer ==========[/color:0ba1d22f02] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 0D 95 B7 EF 21 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{B6153D8F-0AD9-4528-ABC2-A94F8DCC9D11}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:0ba1d22f02]========== FireFox ==========[/color:0ba1d22f02] FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811_yserp" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.startup.homepage: "www.google.nl" FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.3 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=388&systemid=406&sr=0&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_500_80.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-31 03:58:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-14 12:56:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-03 13:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ultimate\AppData\Roaming\mozilla\Extensions [2012-04-28 16:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ultimate\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012-10-04 09:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ultimate\AppData\Roaming\mozilla\Firefox\Profiles\7ailpn14.default\extensions [2012-10-04 09:21:24 | 000,257,937 | ---- | M] () (No name found) -- C:\Users\Ultimate\AppData\Roaming\mozilla\firefox\profiles\7ailpn14.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-10-03 13:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-08-31 03:58:40 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012-09-14 12:56:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-09-14 12:56:29 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012-07-14 02:37:45 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml [2012-07-14 02:37:45 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml [2012-07-14 02:37:45 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml [color=#E56717:0ba1d22f02]========== Chrome ==========[/color:0ba1d22f02] O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) O4 - HKCU..\Run: [MailWasher] C:\Program Files\MailWasher Pro\MailWasher.exe (eCOSM) O4 - Startup: C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D5CE26-332D-432B-B622-E97B7F631628}: DhcpNameServer = 192.168.2.254 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717:0ba1d22f02]========== Files/Folders - Created Within 30 Days ==========[/color:0ba1d22f02] [2012-10-04 20:27:43 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Ultimate\Desktop\OTL.com [2012-10-04 18:51:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012-10-04 13:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012-10-04 13:40:05 | 000,000,000 | ---D | C] -- C:\Users\Ultimate\AppData\Roaming\Canneverbe Limited [2012-10-04 13:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012-10-03 16:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotoservice [2012-10-03 11:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2012-10-03 11:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs [2012-10-01 16:39:14 | 000,000,000 | ---D | C] -- C:\Users\Ultimate\Desktop\LR 4.2 r.c [2012-09-28 20:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2012-09-26 08:54:51 | 000,000,000 | ---D | C] -- C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACD Systems [2012-09-26 08:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems [2012-09-26 08:25:09 | 000,000,000 | ---D | C] -- C:\Users\Ultimate\AppData\Local\ACD Systems [2012-09-25 10:42:29 | 000,000,000 | ---D | C] -- C:\Users\Ultimate\AppData\Local\Adobe [2012-09-23 15:26:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012-09-23 15:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto [2012-09-23 08:30:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter [2012-09-22 20:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2012-09-22 20:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint [2012-09-22 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Ultimate\AppData\Roaming\CD-LabelPrint [2012-09-20 12:08:31 | 000,000,000 | ---D | C] -- C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit [2012-09-20 12:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\EMET [2012-09-15 13:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2012-09-15 13:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software [2012-09-15 13:58:11 | 000,000,000 | ---D | C] -- C:\Users\Ultimate\AppData\Roaming\NCH Software [2012-09-14 18:42:43 | 000,000,000 | ---D | C] -- C:\Users\Ultimate\Documents\restore [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717:0ba1d22f02]========== Files - Modified Within 30 Days ==========[/color:0ba1d22f02] [2012-10-04 20:28:26 | 000,004,605 | ---- | M] () -- C:\Users\Ultimate\intlname.ols [2012-10-04 20:27:45 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Ultimate\Desktop\OTL.com [2012-10-04 20:27:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-10-04 20:26:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-10-04 20:26:43 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-10-04 18:58:30 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-10-04 18:58:30 | 000,021,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-10-04 18:50:35 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-10-04 18:50:26 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys [2012-10-04 18:42:17 | 000,513,501 | ---- | M] () -- C:\Users\Ultimate\Desktop\adwcleaner.exe [2012-10-03 11:33:15 | 000,701,326 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2012-10-03 11:33:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-10-03 11:33:15 | 000,133,358 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2012-10-03 11:33:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-10-01 16:46:07 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.2 RC.lnk [2012-10-01 11:38:50 | 000,000,047 | ---- | M] () -- C:\Users\Ultimate\Desktop\Google.URL [2012-09-28 20:47:02 | 000,001,124 | ---- | M] () -- C:\Users\Ultimate\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2012-09-25 20:51:39 | 000,000,148 | ---- | M] () -- C:\Users\Ultimate\Desktop\Onze nieuwe tuin - Jacob Doeglas - Picasa Webalbums.URL [2012-09-23 15:30:05 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012-09-20 09:07:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012-09-15 07:39:44 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717:0ba1d22f02]========== Files Created - No Company Name ==========[/color:0ba1d22f02] [2012-10-04 18:42:12 | 000,513,501 | ---- | C] () -- C:\Users\Ultimate\Desktop\adwcleaner.exe [2012-10-04 13:39:58 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012-10-01 16:46:08 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.2 RC.lnk [2012-10-01 16:46:07 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.2 RC.lnk [2012-10-01 11:38:50 | 000,000,047 | ---- | C] () -- C:\Users\Ultimate\Desktop\Google.URL [2012-09-25 20:51:39 | 000,000,148 | ---- | C] () -- C:\Users\Ultimate\Desktop\Onze nieuwe tuin - Jacob Doeglas - Picasa Webalbums.URL [2012-09-24 15:29:27 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk [2012-09-23 15:26:59 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012-07-31 15:46:36 | 000,038,465 | ---- | C] () -- C:\Users\Ultimate\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (DOS).ADR [2012-07-09 08:22:23 | 000,007,605 | ---- | C] () -- C:\Users\Ultimate\AppData\Local\Resmon.ResmonCfg [2012-07-01 14:04:10 | 000,043,656 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys [2012-04-27 19:26:55 | 000,022,728 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2012-04-27 13:15:07 | 000,004,605 | ---- | C] () -- C:\Users\Ultimate\intlname.ols [2012-04-27 12:52:51 | 000,028,286 | ---- | C] () -- C:\Users\Ultimate\AppData\Roaming\Door tabs gescheiden waarden (Windows).ADR [2012-04-27 12:30:47 | 000,028,245 | ---- | C] () -- C:\Users\Ultimate\AppData\Roaming\Door tabs gescheiden waarden (DOS).ADR [2012-04-27 12:00:12 | 000,038,423 | ---- | C] () -- C:\Users\Ultimate\AppData\Roaming\Microsoft Excel.ADR [2012-04-26 19:17:13 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI [2012-04-25 18:04:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012-04-24 15:30:53 | 000,088,656 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2012-04-24 10:55:07 | 000,028,308 | ---- | C] () -- C:\Users\Ultimate\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (Windows).ADR [2012-04-24 10:38:23 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI [2012-04-24 10:05:55 | 000,000,663 | ---- | C] () -- C:\Windows\unins000.dat [2012-04-05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012-03-09 06:22:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012-03-09 06:22:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012-01-31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012-01-10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011-06-15 17:54:34 | 000,009,525 | ---- | C] () -- C:\Users\Ultimate\huidig adresboek [2011-04-12 06:48:01 | 000,701,326 | ---- | C] () -- C:\Windows\System32\perfh013.dat [2011-04-12 06:48:01 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat [2011-04-12 06:48:01 | 000,133,358 | ---- | C] () -- C:\Windows\System32\perfc013.dat [2011-04-12 06:48:01 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat [color=#E56717:0ba1d22f02]========== ZeroAccess Check ==========[/color:0ba1d22f02] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717:0ba1d22f02]========== LOP Check ==========[/color:0ba1d22f02] [2012-06-13 19:18:36 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\ACD Systems [2012-09-02 09:51:06 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\Auslogics [2012-10-04 13:40:05 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\Canneverbe Limited [2012-05-07 12:46:24 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\Canon [2012-09-22 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\CD-LabelPrint [2012-05-13 09:39:54 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\Christofer Persson [2012-08-05 09:19:59 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\Firetrust [2012-06-19 09:21:11 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\Foxit Software [2012-08-07 16:14:05 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\MailWasherFree [2012-10-04 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\MailWasherPro [2012-06-22 15:34:31 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\PC Cleaners [2012-06-22 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\PCPro [2012-04-26 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\PCToolsFirewallPlus [2012-08-16 08:22:19 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\Spotify [2012-04-24 10:58:06 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\Thunderbird [2012-04-28 16:02:24 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\TomTom [2012-05-16 10:46:05 | 000,000,000 | ---D | M] -- C:\Users\Ultimate\AppData\Roaming\YoWindow [color=#E56717:0ba1d22f02]========== Purity Check ==========[/color:0ba1d22f02] [color=#E56717:0ba1d22f02]========== Alternate Data Streams ==========[/color:0ba1d22f02] @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6 < End of report > en hier Extras OTL Extras logfile created on: 4-10-2012 20:29:21 - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Ultimate\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3,25 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 77,88% Memory free 6,50 Gb Paging File | 5,34 Gb Available in Paging File | 82,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 190,43 Gb Free Space | 81,80% Space Free | Partition Type: NTFS Drive X: | 465,73 Gb Total Space | 211,66 Gb Free Space | 45,45% Space Free | Partition Type: NTFS Drive Z: | 298,09 Gb Total Space | 239,69 Gb Free Space | 80,41% Space Free | Partition Type: NTFS Computer Name: ULTIMATE-PC | User Name: Ultimate | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:0ba1d22f02]========== Extra Registry (SafeList) ==========[/color:0ba1d22f02] [color=#E56717:0ba1d22f02]========== File Associations ==========[/color:0ba1d22f02] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717:0ba1d22f02]========== Shell Spawning ==========[/color:0ba1d22f02] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Unable to open value key hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- Reg Error: Unable to open value key https [open] -- Reg Error: Unable to open value key inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Unable to open value key scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Unable to open value key Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoservice] -- "C:\Program Files\AH\Fotoservice\Fotoservice.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717:0ba1d22f02]========== Security Center Settings ==========[/color:0ba1d22f02] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717:0ba1d22f02]========== Firewall Settings ==========[/color:0ba1d22f02] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717:0ba1d22f02]========== Authorized Applications List ==========[/color:0ba1d22f02] [color=#E56717:0ba1d22f02]========== Vista Active Open Ports Exception List ==========[/color:0ba1d22f02] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0609EBB1-B486-4636-862D-7198AEBB8496}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2EEDF5BE-C4DC-4FF1-BCD6-BF3F1D4A4579}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4874608D-4934-49E3-BC0A-8B45DC2EDF45}" = rport=445 | protocol=6 | dir=out | app=system | "{4C65FE78-18E2-41DF-B684-CF665069B29C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4DB1D5F6-67D9-414C-9189-144C5EE67C69}" = lport=139 | protocol=6 | dir=in | app=system | "{5DCDD79F-071E-45AD-A550-D398C1F34F7C}" = lport=445 | protocol=6 | dir=in | app=system | "{69BDCCB7-DA8F-466F-927B-DDD0AE810C6B}" = rport=139 | protocol=6 | dir=out | app=system | "{6D46F93F-0D9F-43C6-8FB9-AB7B191D4650}" = lport=138 | protocol=17 | dir=in | app=system | "{6F148229-29CA-4E13-88B4-403B688CBB69}" = rport=138 | protocol=17 | dir=out | app=system | "{7B6C8CC4-02C8-4D17-A044-125E95A11BD9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B8DFFB33-036F-432E-8CF9-CC11194DF2AD}" = lport=137 | protocol=17 | dir=in | app=system | "{EE78C9AA-101C-4559-900D-1491DC6FAAC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F68788B2-0A41-489D-BD31-AB767A15887D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FFAFBBB1-CB13-4676-B265-D1BEE8E335F9}" = rport=137 | protocol=17 | dir=out | app=system | [color=#E56717:0ba1d22f02]========== Vista Active Application Exception List ==========[/color:0ba1d22f02] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{20431594-A2FD-4679-AB3B-E5BBE3FB796A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2225897E-753F-42A4-B112-3AFCF20A6F11}" = protocol=17 | dir=in | app=c:\users\ultimate\appdata\local\crossloop\vncviewer.exe | "{2498890C-FE75-470E-B3E4-B21375C321A9}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe | "{4AB12A2A-1FEE-4294-BE69-32371AE4A3D0}" = protocol=6 | dir=in | app=c:\users\ultimate\appdata\local\crossloop\vncviewer.exe | "{4F81F2CD-328F-4914-AA1B-EFAB8F86793B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4F9D1B14-A3DB-49D1-9870-308017B11511}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe | "{5DF84106-3489-44DE-82E0-1CCB7AF220C8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{974A4F08-49D6-4BB9-8435-3D8AC762A2C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9851EB90-B199-4C54-B9D8-26A520B0F959}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A6D40755-819F-4366-BE55-066E4F7246D5}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe | "{AB56F165-F622-4F27-959C-A7E689D9CC15}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{AF8E6C91-AA8F-41F4-BADC-9BE9031405D5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B27E1178-07E7-40BF-ACC0-819A6AB7F728}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{BC624937-6249-46B3-B9A9-0EF52314A992}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe | "{CD59705E-CB63-4355-91DE-4C970C781BE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{EABC683D-8D9A-4246-8160-D87409639C9B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{FE7D7812-4D95-4576-882C-B3B211605955}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | [color=#E56717:0ba1d22f02]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:0ba1d22f02] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F30C0D-4193-4555-8BEA-C60AE8040383}" = Microsoft Camera Codec Pack "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver "{115C6DA4-A8B1-4DA2-B675-302576FD04FB}" = LUMIX RAW Codec 1.0 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7 "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{48FC3F43-D57D-43A3-B1E6-EE88AFD93DE5}" = Easy Rolodex 3.2 "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A6F1A4B7-4EFA-653F-98EB-BFD8C209FF1C}" = AMD Accelerated Video Transcoding "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB6DFD70-C112-4369-869D-9DD148F9285E}" = Adobe Photoshop Lightroom 4.2 RC "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{BE46269C-3DB6-281D-07AC-E658A9768A8E}" = AMD Drag and Drop Transcoding "{BF7E72DC-FD54-20A6-8F92-E6F27F1D579D}" = AMD Fuel "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{CE3DF04B-D674-369C-8469-75285614A8C4}" = AMD Catalyst Install Manager "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows "7-Zip" = 7-Zip 9.22beta "ACDSee" = ACDSee "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "Adres 2000_is1" = Adres 2000 Versie 1.931 "avast" = avast! Free Antivirus "CanonMyPrinter" = Canon My Printer "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0 "CCleaner" = CCleaner "CrossLoop_is1" = CrossLoop 2.72 "CutePDF Writer Installation" = CutePDF Writer 3.0 "EaseUS Todo Backup Free 3.5_is1" = EaseUS Todo Backup Free 3.5 "ESET Online Scanner" = ESET Online Scanner v3 "ExpressBurn" = Express Burn "FastStone Image Viewer" = FastStone Image Viewer 4.6 "FastStone Photo Resizer" = FastStone Photo Resizer 3.0 "FileHippo.com" = FileHippo.com Update Checker "Fotoservice" = Fotoservice "Foxit Reader_is1" = Foxit Reader "Gadwin PrintScreen" = Gadwin PrintScreen "HijackThis" = HijackThis 2.0.2 "Icon Restore_is1" = Icon Restore 1.0 "MailWasher Pro_is1" = MailWasher Pro "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.0.1400 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "Mozilla Firefox 15.0.1 (x86 nl)" = Mozilla Firefox 15.0.1 (x86 nl) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "NTREGOPT_is1" = NTREGOPT 1.1j "PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0 "Picasa 3" = Picasa 3 "TeamViewer 7" = TeamViewer 7 "VLC media player" = VLC media player 2.0.3 [color=#E56717:0ba1d22f02]========== Last 20 Event Log Errors ==========[/color:0ba1d22f02] [ Application Events ] Error - 2-10-2012 1:40:03 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10 Description = Error - 2-10-2012 2:00:58 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 2-10-2012 9:57:53 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10 Description = Error - 2-10-2012 13:27:27 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 3-10-2012 2:55:05 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10 Description = Error - 3-10-2012 7:33:17 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 3-10-2012 8:14:34 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 4-10-2012 3:11:31 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10 Description = Error - 4-10-2012 3:45:38 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 4-10-2012 12:50:58 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 9-8-2012 2:56:07 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim Error - 9-8-2012 4:39:57 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim Error - 9-8-2012 8:36:46 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim Error - 9-8-2012 15:02:53 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim Error - 10-8-2012 1:18:19 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim Error - 11-8-2012 1:55:52 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim Error - 11-8-2012 4:37:40 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim Error - 12-8-2012 2:45:05 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim Error - 12-8-2012 7:00:59 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim Error - 13-8-2012 2:54:24 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim < End of report > tot zo!
  • Hoi, kijk hier: http://www.sevenforums.com/software/138171-uimbus-uim_im-drivers.html voor de foutmeldingen: [b:3719b7cd29]Error - 13-8-2012 2:54:24 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026 Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim[/b:3719b7cd29] [b:3719b7cd29]Sluit voordat [color=#008000:3719b7cd29]OTL[/color:3719b7cd29] de fix laat doen, eerst alle andere openstaande vensters![/b:3719b7cd29] [list:3719b7cd29][*:3719b7cd29]Dubblklik op [img:3719b7cd29]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:3719b7cd29] [*:3719b7cd29]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het kader onder [img:3719b7cd29]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:3719b7cd29] [b:3719b7cd29][color=#0000FF:3719b7cd29] :OTL IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6 :Services :Reg :Files ipconfig /flushdns /c C:\Users\Ultimate\Desktop\adwcleaner.exe :Commands [purity] [emptytemp] [resethosts] [emptyjava] [emptyflash] [createrestorepoint] [reboot][/color:3719b7cd29][/b:3719b7cd29] [*:3719b7cd29]Klik daarna bovenaan op [img:3719b7cd29]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:3719b7cd29] [*:3719b7cd29]Laat het programma ongestoord zijn werk doen. [*:3719b7cd29][color=#FF0000:3719b7cd29][b:3719b7cd29]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:3719b7cd29][/color:3719b7cd29] [*:3719b7cd29]Klik op [b:3719b7cd29]OK[/b:3719b7cd29] [*:3719b7cd29]Na het opnieuw opstarten wordt enkel een nieuw log geopend. [*:3719b7cd29]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:3719b7cd29]
  • hier komt ie: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. C:\ProgramData\xml3CC9.tmp deleted successfully. C:\ProgramData\xml3DF3.tmp deleted successfully. C:\ProgramData\xml3E81.tmp deleted successfully. C:\ProgramData\xml3F0E.tmp deleted successfully. C:\ProgramData\xml443B.tmp deleted successfully. C:\ProgramData\xml44B9.tmp deleted successfully. C:\Program Files\GUME2F5.tmp\GoogleCrashHandler.exe deleted successfully. C:\Program Files\GUME2F5.tmp\GoogleCrashHandler64.exe deleted successfully. C:\Program Files\GUME2F5.tmp\GoogleUpdate.exe deleted successfully. C:\Program Files\GUME2F5.tmp\GoogleUpdateBroker.exe deleted successfully. C:\Program Files\GUME2F5.tmp\GoogleUpdateHelper.msi deleted successfully. C:\Program Files\GUME2F5.tmp\GoogleUpdateOnDemand.exe deleted successfully. C:\Program Files\GUME2F5.tmp\GoogleUpdateSetup.exe deleted successfully. C:\Program Files\GUME2F5.tmp\goopdate.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_am.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ar.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_bg.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_bn.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ca.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_cs.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_da.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_de.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_el.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_en-GB.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_en.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_es-419.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_es.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_et.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_fa.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_fi.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_fil.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_fr.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_gu.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_hi.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_hr.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_hu.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_id.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_is.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_it.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_iw.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ja.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_kn.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ko.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_lt.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_lv.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ml.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_mr.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ms.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_nl.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_no.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_pl.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_pt-BR.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_pt-PT.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ro.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ru.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_sk.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_sl.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_sr.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_sv.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_sw.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ta.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_te.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_th.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_tr.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_uk.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_ur.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_vi.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_zh-CN.dll deleted successfully. C:\Program Files\GUME2F5.tmp\goopdateres_zh-TW.dll deleted successfully. C:\Program Files\GUME2F5.tmp\npGoogleUpdate3.dll deleted successfully. C:\Program Files\GUME2F5.tmp\psmachine.dll deleted successfully. C:\Program Files\GUME2F5.tmp\psuser.dll deleted successfully. C:\Program Files\GUME2F5.tmp folder deleted successfully. C:\Program Files\GUTE2F6.tmp deleted successfully. ADS C:\ProgramData\TEMP:07BF512B deleted successfully. ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== [color=#A23BEC:5f9491a133]< ipconfig /flushdns /c >[/color:5f9491a133] Windows IP-configuratie De DNS-omzettingscache is leeggemaakt. C:\Users\Ultimate\Desktop\cmd.bat deleted successfully. C:\Users\Ultimate\Desktop\cmd.txt deleted successfully. C:\Users\Ultimate\Desktop\adwcleaner.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Ultimate ->Temp folder emptied: 6114373 bytes ->Temporary Internet Files folder emptied: 7770402 bytes ->Java cache emptied: 1878 bytes ->FireFox cache emptied: 90047878 bytes ->Flash cache emptied: 1363 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 119061563 bytes RecycleBin emptied: 8039392 bytes Total Files Cleaned = 220,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Ultimate ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Ultimate ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.70.2 log created on 10042012_212046 Files\Folders moved on Reboot... File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DF571B8BC9804D8F50.TMP not found! File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DF66E8D2DBB1663BF3.TMP not found! File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DF7503DF930DA38E70.TMP not found! File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DFDC7054AD26DEF71C.TMP not found! File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DFE38D2A3BF0E7D21F.TMP not found! File\Folder C:\Users\Ultimate\AppData\Local\Temp\~WRD0004.doc not found! File\Folder C:\Users\Ultimate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS0001.tmp not found! File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... ik zie staan: all processes killed.
  • Hoe gaat het nu?
  • ik zag met HJT dat de rommel weg is. Voor mij mag je 30 april een lintje krijgen. Hartelijk dank. f.j.s. p.s. klachten had ik niet maar ik heb een hekel aan toolbars, vooral als ze niet te de-installeren zijn.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.