Vraag & Antwoord

Beveiliging & privacy

Thunderbird sloom

64 antwoorden
  • Hoe oud is die PC al? Graag de drie logs in één keer posten. [color=#008000:a56fc911d3][b:a56fc911d3]Stap •1•[/b:a56fc911d3][/color:a56fc911d3] [b:a56fc911d3]Welk programma[/b:a56fc911d3]: [color=#008000:a56fc911d3][b:a56fc911d3]AdwCleaner[/b:a56fc911d3][/color:a56fc911d3] [b:a56fc911d3]Waarvoor/waarom[/b:a56fc911d3]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:a56fc911d3]Moeilijkheidsgraad[/b:a56fc911d3]: Geen. [b:a56fc911d3]Downloadlokatie[/b:a56fc911d3]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:a56fc911d3]Download[/b:a56fc911d3]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner][color=#FF0000:a56fc911d3][b:a56fc911d3]AdwCleaner by Xplode[/b:a56fc911d3][/color:a56fc911d3][/url]. [b:a56fc911d3]Opmerkingen[/b:a56fc911d3]: [list:a56fc911d3]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:a56fc911d3]Dat na opstarten van [b:a56fc911d3]AdwCleaner[/b:a56fc911d3] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:a56fc911d3] [b:a56fc911d3]AdwCleaner opstarten[/b:a56fc911d3]: [list:a56fc911d3][*:a56fc911d3][b:a56fc911d3][color=#0000FF:a56fc911d3]Windows 2000[/color:a56fc911d3][/b:a56fc911d3] en [color=#0000FF:a56fc911d3][b:a56fc911d3]Windows XP[/b:a56fc911d3][/color:a56fc911d3]: dubbelklik op adwcleaner.exe. [*:a56fc911d3][color=#0000FF:a56fc911d3][b:a56fc911d3]Windows Vista[/b:a56fc911d3][/color:a56fc911d3], [color=#0000FF:a56fc911d3][b:a56fc911d3]Windows 7[/b:a56fc911d3][/color:a56fc911d3] en [color=#0000FF:a56fc911d3][b:a56fc911d3]Windows 8[/b:a56fc911d3][/color:a56fc911d3]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:a56fc911d3] [b:a56fc911d3]AdwCleaner is opgestart[/b:a56fc911d3]: [list:a56fc911d3][*:a56fc911d3]Klik op de knop [b:a56fc911d3]Verwijderen[/b:a56fc911d3] [*:a56fc911d3]Klik bij [b:a56fc911d3]AdwCleaner – Afsluiting van de programma's[/b:a56fc911d3] op [b:a56fc911d3]OK[/b:a56fc911d3] [*:a56fc911d3]Klik bij [b:a56fc911d3]AdwCleaner – Herstarten noodzakelijk[/b:a56fc911d3] op [b:a56fc911d3]OK[/b:a56fc911d3][/list:u:a56fc911d3] [b:a56fc911d3]AdwCleaner logbestand[/b:a56fc911d3]: [list:a56fc911d3][*:a56fc911d3]Nadat de PC opnieuw is opgestart, opent een logfile. [*:a56fc911d3]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:a56fc911d3] [color=#008000:a56fc911d3][b:a56fc911d3]Stap •2•[/b:a56fc911d3][/color:a56fc911d3] [b:a56fc911d3]Welk programma[/b:a56fc911d3]: [color=#008000:a56fc911d3][b:a56fc911d3]Junkware Removal Tool by Thisisu[/b:a56fc911d3][/color:a56fc911d3] [b:a56fc911d3]Waarvoor/waarom[/b:a56fc911d3]: Scanner om Windows o.a. te ontdoen van malafide toolbars. [b:a56fc911d3]Moeilijkheidsgraad[/b:a56fc911d3]: Geen. [b:a56fc911d3]Downloadlokatie[/b:a56fc911d3]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:a56fc911d3]Download[/b:a56fc911d3]: [url=http://thisisudax.org/downloads/JRT.exe][color=#FF0000:a56fc911d3][b:a56fc911d3]JRT.exe[/b:a56fc911d3][/color:a56fc911d3] [/url]. [b:a56fc911d3]Opmerkingen[/b:a56fc911d3]: [list:a56fc911d3][*:a56fc911d3]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:a56fc911d3]Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.: [*:a56fc911d3][url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:a56fc911d3][color=#0000FF:a56fc911d3]Hier[/color:a56fc911d3][/b:a56fc911d3][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:a56fc911d3][color=#0000FF:a56fc911d3]hier[/color:a56fc911d3][/b:a56fc911d3][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [*:a56fc911d3]Dat tijdens de scan van [b:a56fc911d3]JRT.exe[/b:a56fc911d3] tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.[/list:u:a56fc911d3] [b:a56fc911d3]Junkware Removal Tool by Thisisu opstarten[/b:a56fc911d3]: [list:a56fc911d3][*:a56fc911d3][b:a56fc911d3][color=#0000FF:a56fc911d3]Windows 2000[/color:a56fc911d3][/b:a56fc911d3] en [color=#0000FF:a56fc911d3][b:a56fc911d3]Windows XP[/b:a56fc911d3][/color:a56fc911d3]: dubbelklik op [b:a56fc911d3]JRT.exe[/b:a56fc911d3]. [*:a56fc911d3][color=#0000FF:a56fc911d3][b:a56fc911d3]Windows Vista[/b:a56fc911d3][/color:a56fc911d3], [color=#0000FF:a56fc911d3][b:a56fc911d3]Windows 7[/b:a56fc911d3][/color:a56fc911d3] en [color=#0000FF:a56fc911d3][b:a56fc911d3]Windows 8[/b:a56fc911d3][/color:a56fc911d3]: via rechtsklik op [b:a56fc911d3]JRT.exe[/b:a56fc911d3] en kies voor "Als Administrator uitvoeren". [*:a56fc911d3][b:a56fc911d3]JRT.exe[/b:a56fc911d3] zal daarna Windows gaan scannen. [*:a56fc911d3]Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig. [*:a56fc911d3]Indien de scan voltooid is, zal een logje ([b:a56fc911d3]JRT.txt[/b:a56fc911d3]) op het bureaublad opgeslagen worden en automatisch openen. [*:a56fc911d3]Post de inhoud van dit log in je volgende bericht.[/list:u:a56fc911d3] [color=#008000:a56fc911d3][b:a56fc911d3]Stap •3•[/b:a56fc911d3][/color:a56fc911d3] [b:a56fc911d3]Welk programma[/b:a56fc911d3]: [color=#008000:a56fc911d3][b:a56fc911d3]Malwarebytes MBAM[/b:a56fc911d3][/color:a56fc911d3] [b:a56fc911d3]Waarvoor/waarom[/b:a56fc911d3]: gratis specialistische ondemandscanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware. [b:a56fc911d3]Moeilijkheidsgraad[/b:a56fc911d3]: geen. [b:a56fc911d3]Download: [url=http://www.malwarebytes.org/mbam/program/mbam-setup.exe][color=#FF0000:a56fc911d3]Malwarebytes MBAM[/b:a56fc911d3][/color:a56fc911d3][/url] [b:a56fc911d3]Allereerst[/b:a56fc911d3]:[list:a56fc911d3][*:a56fc911d3] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus. [*:a56fc911d3] Ook bij herhaald gebruik: eerst [b:a56fc911d3]Malwarebytes MBAM[/b:a56fc911d3] updaten via de tab 'Update'![/list:u:a56fc911d3] [b:a56fc911d3]Malwarebytes MBAM opstarten[/b:a56fc911d3]: [list:a56fc911d3][*:a56fc911d3]Sluit nu eerst alle nog openstaande programmavensters! [*:a56fc911d3][b:a56fc911d3][color=#0000FF:a56fc911d3]Windows 2000[/color:a56fc911d3][/b:a56fc911d3] en [color=#0000FF:a56fc911d3][b:a56fc911d3]Windows XP[/b:a56fc911d3][/color:a56fc911d3]: dubbelklik op de MBAM -snelkoppeling. [*:a56fc911d3][color=#0000FF:a56fc911d3][b:a56fc911d3]Windows Vista[/b:a56fc911d3][/color:a56fc911d3], [color=#0000FF:a56fc911d3][b:a56fc911d3]Windows 7[/b:a56fc911d3][/color:a56fc911d3] en [color=#0000FF:a56fc911d3][b:a56fc911d3]Windows 8[/b:a56fc911d3][/color:a56fc911d3]: rechtsklik op de MBAM-snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:a56fc911d3] [b:a56fc911d3]Let op:[/b:a56fc911d3] [list:a56fc911d3][*:a56fc911d3]Malwarebytes MBAM verstrekt nu de volledige versie van MBAM. [*:a56fc911d3]Bij de eerste start kijg je de mogelijkheid de gratis probeerversie van Malwarebytes AntiMalware tijdelijk te gebruiken. [*:a56fc911d3]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan voor de gratis versie te gaan en dus het vinkje bij de probeerversie te verwijderen. [*:a56fc911d3]Zodoende zal Malwarebytes MBAM als gratis versie verder te gebruiken zijn[/list:u:a56fc911d3] [b:a56fc911d3]Doe ook nog het volgende:[/b:a56fc911d3] [list:a56fc911d3][*:a56fc911d3]Zodra het programma gestart is, ga dan naar het tabblad "[b:a56fc911d3]Instellingen[/b:a56fc911d3]". [*:a56fc911d3]Vink hier aan: "[b:a56fc911d3]Sluit Internet Explorer tijdens verwijdering van malware[/b:a56fc911d3]".[/list:u:a56fc911d3] [b:a56fc911d3]Scannen[/b:a56fc911d3]: [list:a56fc911d3][*:a56fc911d3] Bij het starten [b:a56fc911d3]Malwarebytes MBAM[/b:a56fc911d3] kies je voor 'Snelle Scan'. [*:a56fc911d3]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'. [*:a56fc911d3]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:a56fc911d3] [b:a56fc911d3]Infecties gevonden[/b:a56fc911d3]: [list:a56fc911d3][*:a56fc911d3]Klik nu eerst op OK om de melding weg te klikken [*:a56fc911d3]Klik vervolgens rechtsonder op de knop Bekijk resultaten. [*:a56fc911d3]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde. [*:a56fc911d3]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:a56fc911d3]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken! [*:a56fc911d3]Daarna zal [b:a56fc911d3]Malwarebytes MBAM[/b:a56fc911d3] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:a56fc911d3] [b:a56fc911d3]MBAM-Log[/b:a56fc911d3]: [list:a56fc911d3][*:a56fc911d3] Het log wordt automatisch bewaard door [b:a56fc911d3]Malwarebytes MBAM[/b:a56fc911d3] en dat kan je terugvinden door in het hoofdmenu van [b:a56fc911d3]Malwarebytes MBAM[/b:a56fc911d3] op de tab 'Logbestanden' te klikken.[/list:u:a56fc911d3] Post aansluitend in je volgende bericht de inhoud van het MBAM-log.
  • Hey mr Abraham. Lijkt Overtoom wel, zo snel. Dank daarvoor. Leeftijd pc: oudste files in de map Windows zijn van 2008. Is dat oud ? Is het wenselijk die te vernieuwen ? Dan hoor ik dat graag. Draait/werkt overigens perfect en snel (tot voor kort) en staat 24x7x365 aan. Zie een hele procedure. Had dat al verwacht. Heb er nu geen tijd voor. Ga vanavond hopelijk een poging wagen. +
  • 1e vraag bij 1e actie: adwcleaner opgestart. In dialoogvenster krijg ik de keuzes: Zoeken, Verwijderen, Deinstallatie en Schenken. Krijg dus niet: "Als Administrator uitvoeren" Hoe dit prog uit te voeren ?
  • Mogge mr Abraham, klus geklaard. Results hierbij: =================== AdwCleaner v2.303 - Verslag gemaakt op 28/06/2013 om 06:53:38 # Geactualiseerd op 08/06/2013 door Xplode # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits) # Gebruiker : Gebruiker - PC-OPA # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Documents and Settings\Gebruiker\Bureaublad\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijderd : C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\95hi6x5t.default\searchplugins\Conduit.xml File Verwijderd : C:\user.js File Verwijderd : C:\WINDOWS\system32\roboot.exe File Verwijderd : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job Map Verwijderd : C:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\AskSearch Map Verwijderd : C:\Documents and Settings\All Users\Application Data\Ask Map Verwijderd : C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\95hi6x5t.default\extensions\toolbar@ask.com Map Verwijderd : C:\Documents and Settings\Gebruiker\Application Data\OpenCandy Map Verwijderd : C:\Documents and Settings\Gebruiker\Local Settings\Application Data\APN Map Verwijderd : C:\Documents and Settings\Gebruiker\Local Settings\Application Data\AskToolbar Map Verwijderd : C:\Program Files\Ask.com Map Verwijderd : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Register] ***** Sleutel Verwijderd : HKCU\Software\APN Sleutel Verwijderd : HKCU\Software\APN PIP Sleutel Verwijderd : HKCU\Software\Ask.com Sleutel Verwijderd : HKCU\Software\AskToolbar Sleutel Verwijderd : HKCU\Software\Conduit Sleutel Verwijderd : HKCU\Software\InstallCore Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Sleutel Verwijderd : HKCU\Software\Softonic Sleutel Verwijderd : HKCU\Software\Toolbar Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar Sleutel Verwijderd : HKLM\Software\APN Sleutel Verwijderd : HKLM\Software\AskBarDis Sleutel Verwijderd : HKLM\Software\AskToolbar Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Sleutel Verwijderd : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Sleutel Verwijderd : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Sleutel Verwijderd : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\S Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Softonic.dskBnd Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Sleutel Verwijderd : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Sleutel Verwijderd : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Sleutel Verwijderd : HKLM\Software\Conduit Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Sleutel Verwijderd : HKLM\Software\PIP Sleutel Verwijderd : HKLM\Software\Softonic Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v21.0 (nl) File : C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\95hi6x5t.default\prefs.js C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\95hi6x5t.default\user.js ... Verwijderd ! Verwijderd : user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search"); Verwijderd : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&Sea[...] Verwijderd : user_pref("browser.search.selectedEngine", "Search the web (Softonic)"); Verwijderd : user_pref("extensions.Softonic.admin", false); Verwijderd : user_pref("extensions.Softonic.aflt", "SD"); Verwijderd : user_pref("extensions.Softonic.autoRvrt", "false"); Verwijderd : user_pref("extensions.Softonic.cntry", "NL"); Verwijderd : user_pref("extensions.Softonic.cv", "cv5"); Verwijderd : user_pref("extensions.Softonic.dfltLng", "nl"); Verwijderd : user_pref("extensions.Softonic.dfltSrch", true); Verwijderd : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Verwijderd : user_pref("extensions.Softonic.dspOld", "NCH EN Customized Web Search"); Verwijderd : user_pref("extensions.Softonic.envrmnt", "production"); Verwijderd : user_pref("extensions.Softonic.excTlbr", false); Verwijderd : user_pref("extensions.Softonic.hdrMd5", "B6887E756953220C0A9A180690FCD343"); Verwijderd : user_pref("extensions.Softonic.hmpg", true); Verwijderd : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&[...] Verwijderd : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc[...] Verwijderd : user_pref("extensions.Softonic.hpOld", "hxxps://news.google.com"); Verwijderd : user_pref("extensions.Softonic.id", "f49fafc800000000000000242154df54"); Verwijderd : user_pref("extensions.Softonic.instlDay", "15629"); Verwijderd : user_pref("extensions.Softonic.instlRef", "MON00086"); Verwijderd : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=[...] Verwijderd : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.414:15:28"); Verwijderd : user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); Verwijderd : user_pref("extensions.Softonic.newTab", true); Verwijderd : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=1[...] Verwijderd : user_pref("extensions.Softonic.prdct", "Softonic"); Verwijderd : user_pref("extensions.Softonic.prtnrId", "softonic"); Verwijderd : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Verwijderd : user_pref("extensions.Softonic.sg", "az"); Verwijderd : user_pref("extensions.Softonic.smplGrp", "none"); Verwijderd : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Verwijderd : user_pref("extensions.Softonic.tlbrId", "base"); Verwijderd : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00086/tb_v1?SearchSource[...] Verwijderd : user_pref("extensions.Softonic.vrsn", "1.6.7.4"); Verwijderd : user_pref("extensions.Softonic.vrsnTs", "1.6.7.414:15:28"); Verwijderd : user_pref("extensions.Softonic.vrsni", "1.6.7.4"); Verwijderd : user_pref("extensions.Softonic_i.dnsErr", true); Verwijderd : user_pref("extensions.Softonic_i.hmpg", true); Verwijderd : user_pref("extensions.Softonic_i.newTab", true); Verwijderd : user_pref("extensions.Softonic_i.smplGrp", "none"); Verwijderd : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.414:15:28"); Verwijderd : user_pref("keyword.URL", "hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=2&cc=&q="); File : C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\eoar7vek.default\prefs.js Verwijderd : user_pref("extensions.snipit.askTbInstalled", true); -\\ Google Chrome v27.0.1453.116 File : C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[R1].txt - [16119 octets] - [28/06/2013 05:53:36] AdwCleaner[S1].txt - [16185 octets] - [28/06/2013 06:53:38] ########## EOF - C:\AdwCleaner[S1].txt - [16246 octets] ######### =================================== Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Microsoft Windows XP x86 Ran by Gebruiker on vr 28-06-2013 at 9:14:52,21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B61A6899-8D17-4E3F-A7F3-698529B7253B} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Gebruiker\Application Data\systweak" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on vr 28-06-2013 at 9:16:49,53 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ====== Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.06.27.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gebruiker :: PC-OPA [administrator] 28-6-2013 9:26:31 mbam-log-2013-06-28 (09-26-31).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 221739 Verstreken tijd: 3 minuut/minuten, 19 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) === Ben benieuwd naar uw bevindingen. Mvg Opamax
  • Hallo OpaMax, ik wil nu een volledig overzicht van de Windows hebben die jij gebruikt. Overigens: bij gebruik van XP kan je gewoon dubbelklikken op de tools. De hogere Windows versies zijn veel beter beveiligd, vandaar het op andere wijze opstarten van de tools. [b:ac0437cf51]Welk programma[/b:ac0437cf51]: [color=#008000:ac0437cf51][b:ac0437cf51]OTL.exe[/b:ac0437cf51][/color:ac0437cf51] [b:ac0437cf51]Waarvoor/waarom[/b:ac0437cf51]: multifunktioneel tool - analyse en fix [b:ac0437cf51]Moeilijkheidsgraad[/b:ac0437cf51]: geen. [b:ac0437cf51]Download[/b:ac0437cf51]: [url=http://oldtimer.geekstogo.com/OTL.exe][b:ac0437cf51][color=red:ac0437cf51]OTL.exe[/color:ac0437cf51][/b:ac0437cf51][/url] en plaats het bestand op het bureaublad. [b:ac0437cf51]Sluit voordat OTL.exe gaat scannen, eerst alle andere openstaande vensters![/b:ac0437cf51] [b:ac0437cf51]OTL.exe gebruiken[/b:ac0437cf51]: [list:ac0437cf51][list:ac0437cf51][*:ac0437cf51][b:ac0437cf51][color=#0000FF:ac0437cf51]Windows 2000[/color:ac0437cf51][/b:ac0437cf51] en [color=#0000FF:ac0437cf51][b:ac0437cf51]Windows XP[/b:ac0437cf51][/color:ac0437cf51]: dubbelklik op [color=#008000:ac0437cf51][b:ac0437cf51]OTL.exe[/b:ac0437cf51][/color:ac0437cf51]. [*:ac0437cf51][color=#0000FF:ac0437cf51][b:ac0437cf51]Windows Vista[/b:ac0437cf51][/color:ac0437cf51], [color=#0000FF:ac0437cf51][b:ac0437cf51]Windows 7[/b:ac0437cf51][/color:ac0437cf51] en [color=#0000FF:ac0437cf51][b:ac0437cf51]Windows 8[/b:ac0437cf51][/color:ac0437cf51]: via rechtsklik op [color=#008000:ac0437cf51][b:ac0437cf51]OTL.exe[/b:ac0437cf51][/color:ac0437cf51] en kies voor "Als Administrator uitvoeren".[/list:u:ac0437cf51][/list:u:ac0437cf51] [list:ac0437cf51][*:ac0437cf51]Zet een vinkje bij [b:ac0437cf51]Scan All Users[/b:ac0437cf51], [b:ac0437cf51]LOP Check[/b:ac0437cf51] en bij [b:ac0437cf51]PURITY Check[/b:ac0437cf51]. [*:ac0437cf51]Kopieer onderstaande in de Code-kader staande tekst en plak deze in het kader onder [img:ac0437cf51]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:ac0437cf51] [code:1:ac0437cf51] services.* explorer.exe winlogon.exe Userinit.exe svchost.exe netsvcs BASESERVICES DRIVES msconfig %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %PROGRAMFILES%\* [/code:1:ac0437cf51] [*:ac0437cf51]Klik vervolgens op de knop [img:ac0437cf51]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:ac0437cf51]. [*:ac0437cf51]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:ac0437cf51]De scan zal niet heel erg lang duren. [list:ac0437cf51][*:ac0437cf51]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:ac0437cf51]OTL.Txt[/b:ac0437cf51] en [b:ac0437cf51]Extras.txt[/b:ac0437cf51]. [*:ac0437cf51]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:ac0437cf51][/list:u:ac0437cf51] [color=#008000:ac0437cf51][b:ac0437cf51]Notabene:[/b:ac0437cf51][/color:ac0437cf51] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.
  • Scan log beslaat 17 pagina's. Probeer nu de 1e 6: Pag 1 OTL logfile created on: 28-6-2013 10:11:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gebruiker\Bureaublad Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 1,87 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 66,95% Memory free 3,72 Gb Paging File | 3,19 Gb Available in Paging File | 85,62% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 12,58 Gb Free Space | 25,76% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 40,08 Gb Free Space | 82,09% Space Free | Partition Type: NTFS Drive E: | 98,94 Gb Total Space | 91,40 Gb Free Space | 92,38% Space Free | Partition Type: NTFS Drive K: | 29,26 Gb Total Space | 29,12 Gb Free Space | 99,52% Space Free | Partition Type: FAT32 Computer Name: PC-OPA | User Name: Gebruiker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:a71481a68a]========== Processes (SafeList) ==========[/color:a71481a68a] PRC - [2013-06-28 10:06:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe PRC - [2013-06-04 12:22:55 | 006,533,200 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\setup.ovr PRC - [2013-05-11 02:01:21 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013-05-03 12:40:20 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013-03-07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013-03-07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-10-12 08:13:39 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012-10-02 16:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\FW\Online Armor\oasrv.exe PRC - [2012-10-02 16:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\FW\Online Armor\oaui.exe PRC - [2012-10-02 16:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\FW\Online Armor\oahlp.exe PRC - [2012-10-02 16:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\FW\Online Armor\oacat.exe PRC - [2012-08-28 08:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012-08-28 08:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012-08-13 12:45:10 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program pag 2 Pag 2 Files\OpenOffice.org 3\program\soffice.exe PRC - [2012-08-13 12:45:10 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010-03-05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\Branden\CD Burn\CDBurnerXP\NMSAccessU.exe PRC - [2009-12-20 00:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZilla Server.exe PRC - [2008-04-14 23:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717:a71481a68a]========== Modules (No Company Name) ==========[/color:a71481a68a] MOD - [2013-06-27 21:01:25 | 002,090,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13062701\algo.dll MOD - [2013-02-27 17:05:58 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2011-03-27 22:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2010-03-05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\Branden\CD Burn\CDBurnerXP\NMSAccessU.exe MOD - [2002-11-26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll [color=#E56717:a71481a68a]========== Services (SafeList) ==========[/color:a71481a68a] SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013-05-24 07:42:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-03-07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012-10-12 08:13:39 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-10-02 16:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\FW\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2012-10-02 16:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\FW\Online Armor\oacat.exe -- (OAcat) SRV - [2012-08-28 08:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010-03-05 00:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Branden\CD Burn\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009-12-20 00:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZilla Server.exe -- (FileZilla Server) SRV - [2008-02-19 12:45:02 | 000,718,408 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) Pag 3 [color=#E56717:a71481a68a]========== Driver Services (SafeList) ==========[/color:a71481a68a] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013-03-07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013-03-07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013-03-07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013-03-07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013-03-07 01:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013-03-07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013-03-07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013-03-07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-10-02 16:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2012-10-02 16:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet) DRV - [2012-10-02 16:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon) DRV - [2012-10-02 16:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice) DRV - [2010-04-03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2009-11-12 15:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-03-14 19:10:32 | 000,041,928 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2009-03-14 19:10:29 | 000,046,536 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2009-03-14 19:10:28 | 000,032,200 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2008-07-03 11:03:14 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008-04-14 01:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) Pag 4 DRV - [2008-01-22 23:38:03 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-01-04 05:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-06-19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-03-02 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2006-03-02 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004-06-26 14:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom) DRV - [2004-06-26 14:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv) DRV - [2003-12-03 17:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd) [color=#E56717:a71481a68a]========== Standard Registry (SafeList) ==========[/color:a71481a68a] [color=#E56717:a71481a68a]========== Internet Explorer ==========[/color:a71481a68a] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\SearchScopes\{B7CD62AB-7624-4B80-88D8-4317D295C0D7}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= Pag 5 IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:a71481a68a]========== FireFox ==========[/color:a71481a68a] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.news.google.nl" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-20 07:02:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla\Firefox 6.0.1\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla\Firefox 6.0.1\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mail\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird Pag 6 17.0.6\extensions\\Plugins: C:\Program Files\Mail\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mail\MozillaThunderbird\components [2013-06-26 16:42:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mail\MozillaThunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: K:\Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: K:\Thunderbird\plugins [2010-09-06 08:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions [2010-09-06 08:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009-07-20 17:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions\home2@tomtom.com [2013-06-28 06:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\95hi6x5t.default\extensions [2009-10-13 11:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\eoar7vek.default\extensions [2009-03-18 07:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Sunbird\Profiles\nddgf89j.default\extensions [color=#E56717:a71481a68a]========== Chrome ==========[/color:a71481a68a] CHR - homepage: http://www.google.nl/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.nl/ CHR - plugin: Eerste gebruiker (Enabled) = default_plugin CHR - plugin: Error reading preferences file CHR - Extension: avast! WebRep = C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ Hosts file not found O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Pag 7 O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\FW\Online Armor\OAui.exe (Emsisoft GmbH) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKU\S-1-5-21-1343024091-261478967-839522115-1004..\Run: [AROReminder] C:\Program Files\ARO 2013\ARO.exe (Support.com, Inc.) O4 - HKU\S-1-5-21-1343024091-261478967-839522115-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1343024091-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..Trusted Domains: comodo.com ([www] https in Vertrouwde websites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264456942403 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264456921699 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) = zijn er 7
  • En dan hier de rest: Pag 8 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6441D7FB-45A6-4209-9ECE-BD505CAD136F}: NameServer = 212.45.33.3,212.45.32.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EEE978B-0D8A-4B02-9017-73407C4AD059}: DhcpNameServer = 10.0.0.138 O20 - AppInit_DLLs: (C:\WINDOWS\system32\cssdll32.dll) - C:\WINDOWS\system32\cssdll32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\FW\Online Armor\oaevent.dll (Emsisoft GmbH) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-18 11:29:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3c583d15-7121-11de-a5e4-00242154df54}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: [b:1a6540d4e0]Adobe ARM[/b:1a6540d4e0] - hkey= - key= - File not found MsConfig - StartUpReg: [b:1a6540d4e0]Adobe Reader Speed Launcher[/b:1a6540d4e0] - hkey= - key= - File not found MsConfig - StartUpReg: [b:1a6540d4e0]AVKTray[/b:1a6540d4e0] - hkey= - key= - File not found MsConfig - StartUpReg: [b:1a6540d4e0]Google Update[/b:1a6540d4e0] - hkey= - key= - C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) Pag 9 MsConfig - StartUpReg: [b:1a6540d4e0]IndexSearch[/b:1a6540d4e0] - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.) MsConfig - StartUpReg: [b:1a6540d4e0]NBKeyScan[/b:1a6540d4e0] - hkey= - key= - File not found MsConfig - StartUpReg: [b:1a6540d4e0]NeroFilterCheck[/b:1a6540d4e0] - hkey= - key= - File not found MsConfig - StartUpReg: [b:1a6540d4e0]PaperPort PTD[/b:1a6540d4e0] - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.) MsConfig - StartUpReg: [b:1a6540d4e0]TomTomHOME.exe[/b:1a6540d4e0] - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 [color=#E56717:1a6540d4e0]========== Files/Folders - Created Within 30 Days ==========[/color:1a6540d4e0] [2013-06-28 10:06:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe [2013-06-28 09:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes [2013-06-28 09:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware [2013-06-28 09:23:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013-06-28 09:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013-06-28 09:21:00 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup-1.75.0.1300.exe [2013-06-28 09:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013-06-28 09:14:17 | 000,000,000 | ---D | C] -- C:\JRT [2013-06-28 08:18:32 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Gebruiker\Bureaublad\JRT.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717:1a6540d4e0]========== Files - Modified Within 30 Days ==========[/color:1a6540d4e0] [2013-06-28 10:06:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe [2013-06-28 10:06:00 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-06-28 09:45:00 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-261478967-839522115-1004UA.job [2013-06-28 09:23:54 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk [2013-06-28 09:21:01 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup-1.75.0.1300.exe [2013-06-28 08:18:33 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Gebruiker\Bureaublad\JRT.exe [2013-06-28 06:59:30 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013-06-28 06:58:29 | 000,001,046 | ---- | M] () -- Pag 10 C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-06-28 06:58:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-06-28 06:58:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-06-28 06:58:04 | 2012,467,200 | -HS- | M] () -- C:\hiberfil.sys [2013-06-27 21:29:16 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\adwcleaner.exe [2013-06-27 12:45:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-261478967-839522115-1004Core.job [2013-06-19 08:26:48 | 000,000,434 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2013-06-13 03:02:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013-06-10 11:43:13 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Thunderbird.lnk [2013-06-05 21:25:45 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Eierprijzen (2).lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717:1a6540d4e0]========== Files Created - No Company Name ==========[/color:1a6540d4e0] [2013-06-28 09:23:54 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk [2013-06-27 21:29:15 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\adwcleaner.exe [2013-06-05 21:25:45 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Eierprijzen (2).lnk [2013-05-06 14:35:16 | 000,204,932 | R--- | C] () -- C:\WINDOWS\System32\MSPOS_USB.dll [2013-03-20 07:26:26 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys [2013-03-20 07:26:25 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys [2013-03-20 07:03:14 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013-03-20 07:03:13 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2012-12-14 19:50:30 | 000,000,063 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2012-03-08 17:42:42 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012-02-27 15:17:59 | 000,000,290 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012-02-15 10:50:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-01-07 12:45:39 | 000,002,416 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2011-12-21 18:44:14 | 000,098,304 | R--- | C] () -- C:\WINDOWS\System32\DLSBAR32.DLL [2011-12-21 18:44:12 | 000,979,672 | R--- | C] () -- C:\WINDOWS\System32\libxml2.dll [2011-12-21 18:44:12 | 000,169,688 | R--- | C] () -- C:\WINDOWS\System32\libxslt.dll [2011-12-21 18:44:12 | 000,077,016 | R--- | C] () -- C:\WINDOWS\System32\zlib1.dll [2010-05-11 13:53:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Application Data\winscp.rnd [2009-10-07 05:19:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\PUTTY.RND [2009-06-26 07:59:50 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Application Data\testtool.ini [2009-06-22 22:48:09 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Gebruiker\default.pls [2009-06-05 13:27:33 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\Gebruiker\.recently-used.xbel [2009-05-30 15:35:12 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-03-14 19:15:04 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gebruiker\.rnd Pag 11 [2009-03-14 19:10:39 | 000,002,845 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Config.nt.bak [2009-03-14 19:10:39 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Autoexec.nt.bak [2008-11-18 13:18:53 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\fusioncache.dat [color=#E56717:1a6540d4e0]========== ZeroAccess Check ==========[/color:1a6540d4e0] [2008-11-18 12:18:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-08-20 07:30:55 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 23:32:46 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717:1a6540d4e0]========== LOP Check ==========[/color:1a6540d4e0] [2013-03-20 07:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2010-11-05 16:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2013-05-10 07:52:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012-10-16 14:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA [2009-03-14 19:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA [2011-03-25 17:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2013-03-20 07:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor Pag 12 [2009-05-27 09:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009-07-20 17:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2013-05-10 07:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2013-05-10 07:52:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2011-05-30 14:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Canneverbe Limited [2009-10-27 09:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\cmw [2010-11-04 13:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\DeepBurner Pro [2013-02-11 22:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\EssentialPIM [2009-06-05 13:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\EssentialPIM Pro [2013-04-08 17:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\FileZilla [2010-10-23 14:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Notepad++ [2013-03-20 07:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\OnlineArmor [2008-11-18 14:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\OpenOffice.org [2009-05-28 14:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\PC-FAX TX [2013-05-10 11:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Sammsoft [2013-02-13 10:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\TeamViewer [2010-09-10 14:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Thunderbird [2009-07-20 17:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\TomTom [2013-05-10 07:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\TuneUp Software [2008-11-27 16:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\TuxPaint [2010-05-11 09:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Uniblue [2012-11-10 09:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GeekBuddyRSP [color=#E56717:1a6540d4e0]========== Purity Check ==========[/color:1a6540d4e0] [color=#E56717:1a6540d4e0]========== Custom Scans ==========[/color:1a6540d4e0] Pag 13 [color=#A23BEC:1a6540d4e0]< services.* >[/color:1a6540d4e0] [2008-11-18 11:27:20 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2008-11-18 11:31:53 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2010-02-27 06:12:27 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-261478967-839522115-1004Core.job [2010-02-27 06:12:28 | 000,001,152 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-261478967-839522115-1004UA.job [2011-12-29 11:29:39 | 000,001,046 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2011-12-29 11:29:39 | 000,001,050 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012-10-20 16:26:06 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\prismDowngrade.job [2012-10-20 16:26:06 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\prismShakeIcon.job [2013-03-20 07:03:13 | 000,000,322 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job [color=#A23BEC:1a6540d4e0]< explorer.exe >[/color:1a6540d4e0] [color=#A23BEC:1a6540d4e0]< winlogon.exe >[/color:1a6540d4e0] [color=#A23BEC:1a6540d4e0]< Userinit.exe >[/color:1a6540d4e0] [color=#A23BEC:1a6540d4e0]< svchost.exe >[/color:1a6540d4e0] [color=#E56717:1a6540d4e0]========== Base Services ==========[/color:1a6540d4e0] SRV - [2008-04-14 23:32:50 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG) SRV - [2008-04-14 23:32:48 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2008-04-14 23:32:40 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) SRV - [2012-07-06 15:58:53 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser) SRV - [2008-04-14 23:32:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc) SRV - [2008-04-14 23:32:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp) SRV - [2009-04-20 19:22:17 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache) SRV - [2009-02-09 13:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog) SRV - [2008-04-14 23:32:26 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost) SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility) SRV - [2008-04-14 23:32:46 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2008-04-14 23:33:02 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService) SRV - [2008-04-14 23:33:04 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- Pag 14 C:\WINDOWS\system32\lsass.exe -- (PolicyAgent) SRV - [2008-04-14 23:32:26 | 000,024,064 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver) SRV - [2008-04-14 23:32:56 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin) SRV - [2008-04-14 23:32:56 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv) SRV - [2008-04-14 23:33:04 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon) SRV - [2008-04-14 23:32:34 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman) SRV - [2008-06-20 18:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla) SRV - [2009-02-09 13:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay) SRV - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler) SRV - [2008-04-14 23:33:04 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage) SRV - [2008-04-14 23:32:40 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto) SRV - [2008-04-14 23:32:40 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan) SRV - [2009-02-09 12:56:07 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs) SRV - [2008-04-14 23:32:36 | 000,437,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc) SRV - [2008-04-14 23:32:40 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon) SRV - [2008-04-14 23:33:04 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs) SRV - [2008-04-14 23:32:46 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc) SRV - [2010-08-27 07:55:04 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver) SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection) SRV - [2008-04-14 23:32:46 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice) SRV - [2008-04-14 23:32:40 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule) SRV - [2008-04-14 23:32:30 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts) SRV - [2008-04-14 23:32:46 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv) SRV - [2008-04-14 23:32:46 | 000,297,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService) SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes) SRV - [2008-04-14 23:33:18 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS) Pag 15 SRV - [2008-04-14 23:32:24 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv) SRV - [2008-04-14 23:32:30 | 000,332,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) SRV - [2008-04-14 23:32:46 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc) SRV - [2008-05-19 02:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer) SRV - [2008-04-14 23:32:46 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt) No service found with a name of Wmi SRV - [2008-04-14 23:32:26 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc) SRV - [2008-04-14 23:32:48 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC) SRV - [2009-06-10 08:16:47 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation) [color=#E56717:1a6540d4e0]========== Drive Information ==========[/color:1a6540d4e0] Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: SAMSUNG HD753LJ Partitions: 3 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE1 - Removable media other than\tfloppy Interface type: USB Media Type: Removable media other than\tfloppy Model: Kingston DataTraveler 2.0 USB Device Partitions: 1 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE2 - Interface type: USB Media Type: Model: Generic USB SD Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE3 - Interface type: USB Media Type: Model: Generic USB CF Reader USB Device Pag 16 Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE4 - Interface type: USB Media Type: Model: Generic USB SM Reader USB Device Partitions: 0 Status: OK Status Info: 0 Drive: \\\\.\\PHYSICALDRIVE5 - Interface type: USB Media Type: Model: Generic USB MS Reader USB Device Partitions: 0 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 49,00GB Starting Offset: 32256 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Extended w/Extended Int 13 Bootable: False BootPartition: False PrimaryPartition: False Size: 148,00GB Starting Offset: 52436160000 Hidden sectors: 0 DeviceID: Disk #1, Partition #0 PartitionType: Unknown Bootable: True BootPartition: True PrimaryPartition: True Size: 29,00GB Starting Offset: 4128768 Hidden sectors: 0 Pag 17 [color=#A23BEC:1a6540d4e0]< %systemroot%\system32\*.dll /lockedfiles >[/color:1a6540d4e0] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC:1a6540d4e0]< %systemroot%\Tasks\*.job /lockedfiles >[/color:1a6540d4e0] [color=#A23BEC:1a6540d4e0]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color:1a6540d4e0] [color=#A23BEC:1a6540d4e0]< %systemroot%\system32\*.exe /lockedfiles >[/color:1a6540d4e0] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC:1a6540d4e0]< %PROGRAMFILES%\* >[/color:1a6540d4e0] < End of report > Kijk maar of het compleet is. Hoor graag uw commentaar. gr opamax
  • Het log is inderdaad nog niet compleet en het tweede log mist geheel.
  • Als ik het bericht -rustig- nalees dan ziet het er toch wel compleet uit. De paginanummers staan er heel onopvallend tussen.
  • Dit - Zet een vinkje bij [b:7b0cfd5dc7]Scan All Users[/b:7b0cfd5dc7], [b:7b0cfd5dc7]LOP Check[/b:7b0cfd5dc7] en bij [b:7b0cfd5dc7]PURITY Check[/b:7b0cfd5dc7] - heb je niet of onvolledig gedaan! [b:7b0cfd5dc7]Sluit voordat [color=#008000:7b0cfd5dc7]OTL[/color:7b0cfd5dc7] de fix gaat doen, eerst alle andere openstaande vensters![/b:7b0cfd5dc7] [list:7b0cfd5dc7][*:7b0cfd5dc7][b:7b0cfd5dc7][color=#0000FF:7b0cfd5dc7]Windows 2000[/color:7b0cfd5dc7][/b:7b0cfd5dc7] en [color=#0000FF:7b0cfd5dc7][b:7b0cfd5dc7]Windows XP[/b:7b0cfd5dc7][/color:7b0cfd5dc7]: dubbelklik op [b:7b0cfd5dc7]OTL.exe[/b:7b0cfd5dc7]. [*:7b0cfd5dc7][color=#0000FF:7b0cfd5dc7][b:7b0cfd5dc7]Windows Vista[/b:7b0cfd5dc7][/color:7b0cfd5dc7], [color=#0000FF:7b0cfd5dc7][b:7b0cfd5dc7]Windows 7[/b:7b0cfd5dc7][/color:7b0cfd5dc7] en [color=#0000FF:7b0cfd5dc7][b:7b0cfd5dc7]Windows 8[/b:7b0cfd5dc7][/color:7b0cfd5dc7]: via rechtsklik op [b:7b0cfd5dc7]OTL.exe[/b:7b0cfd5dc7] en kies voor "Als Administrator uitvoeren". [b:7b0cfd5dc7][*:7b0cfd5dc7]Kopieer onderstaande in de Code-kader staande tekst en plak deze in het venster onder [img:7b0cfd5dc7]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:7b0cfd5dc7][/b:7b0cfd5dc7][/list:u:7b0cfd5dc7] [code:1:7b0cfd5dc7] :OTL O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - Reg Error: Value error. File not found O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) C:\WINDOWS\system32\cssdll32.dll MsConfig - StartUpReg: Adobe ARM - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AVKTray - hkey= - key= - File not found MsConfig - StartUpReg: NBKeyScan - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found :Services :Reg :Files ipconfig /flushdns /c C:\Program Files\Common Files\G DATA C:\WINDOWS\system32\drivers\GDTdiIcpt.sys C:\WINDOWS\system32\drivers\MiniIcpt.sys C:\WINDOWS\system32\drivers\HookCentre.sys C:\Documents and Settings\Gebruiker\Application Data\Uniblue :Commands [purity] [emptytemp] [resethosts] [emptyjava] [emptyflash] [createrestorepoint] [reboot][/code:1:7b0cfd5dc7] [list:7b0cfd5dc7][*:7b0cfd5dc7]Klik daarna bovenaan op [img:7b0cfd5dc7]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:7b0cfd5dc7] [*:7b0cfd5dc7]Laat het programma ongestoord zijn werk doen. [*:7b0cfd5dc7][color=#FF0000:7b0cfd5dc7][b:7b0cfd5dc7]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:7b0cfd5dc7][/color:7b0cfd5dc7] [*:7b0cfd5dc7]Klik op [b:7b0cfd5dc7]OK[/b:7b0cfd5dc7] [*:7b0cfd5dc7]Na het opnieuw opstarten wordt enkel een nieuw log geopend. [*:7b0cfd5dc7]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:7b0cfd5dc7]
  • Hoi OpaMax - wil het lukken met de fix?
  • Ja hoor, hier komt die file: hopelijk helemaal: OTL logfile created on: 1-7-2013 8:11:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gebruiker\Bureaublad Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 1,87 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 47,29% Memory free 3,72 Gb Paging File | 2,70 Gb Available in Paging File | 72,45% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 12,49 Gb Free Space | 25,57% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 40,08 Gb Free Space | 82,09% Space Free | Partition Type: NTFS Drive E: | 98,94 Gb Total Space | 91,39 Gb Free Space | 92,37% Space Free | Partition Type: NTFS Drive K: | 29,26 Gb Total Space | 29,12 Gb Free Space | 99,52% Space Free | Partition Type: FAT32 Computer Name: PC-OPA | User Name: Gebruiker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:1f2a2a9b55]========== Processes (SafeList) ==========[/color:1f2a2a9b55] PRC - [2013-06-28 10:06:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe PRC - [2013-06-04 12:22:55 | 006,533,200 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\Setup\setup.ovr PRC - [2013-05-24 07:42:44 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla\Firefox 6.0.1\firefox.exe PRC - [2013-05-11 02:01:21 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013-05-03 12:40:20 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013-03-07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013-03-07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-10-12 08:13:39 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012-10-02 16:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\FW\Online Armor\oasrv.exe PRC - [2012-10-02 16:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\FW\Online Armor\oaui.exe PRC - [2012-10-02 16:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\FW\Online Armor\oahlp.exe PRC - [2012-10-02 16:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\FW\Online Armor\oacat.exe PRC - [2012-08-28 08:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012-08-28 08:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012-08-13 12:45:10 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2012-08-13 12:45:10 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010-03-05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\Branden\CD Burn\CDBurnerXP\NMSAccessU.exe PRC - [2009-12-20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe PRC - [2009-12-20 00:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZilla Server.exe PRC - [2009-12-20 00:00:00 | 000,148,112 | ---- | M] (Apache Friends) -- C:\xampp\xampp-control.exe PRC - [2009-12-20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2008-04-14 23:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717:1f2a2a9b55]========== Modules (No Company Name) ==========[/color:1f2a2a9b55] MOD - [2013-06-30 20:25:27 | 002,090,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13063001\algo.dll MOD - [2013-06-27 21:01:25 | 002,090,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13062701\algo.dll MOD - [2013-05-24 07:42:43 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla\Firefox 6.0.1\mozjs.dll MOD - [2013-02-27 17:05:58 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2013-02-27 17:05:58 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll MOD - [2011-03-27 22:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2010-03-05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\Branden\CD Burn\CDBurnerXP\NMSAccessU.exe MOD - [2009-11-04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll MOD - [2008-09-16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008-04-14 23:32:32 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2002-11-26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll [color=#E56717:1f2a2a9b55]========== Services (SafeList) ==========[/color:1f2a2a9b55] SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013-05-24 07:42:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-03-07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012-10-12 08:13:39 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012-10-02 16:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\FW\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2012-10-02 16:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\FW\Online Armor\oacat.exe -- (OAcat) SRV - [2012-08-28 08:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010-03-05 00:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Branden\CD Burn\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009-12-20 00:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZilla Server.exe -- (FileZilla Server) SRV - [2008-02-19 12:45:02 | 000,718,408 | ---- | M] (G DATA Software AG) [Auto | Stopped] -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) [color=#E56717:1f2a2a9b55]========== Driver Services (SafeList) ==========[/color:1f2a2a9b55] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013-03-07 01:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013-03-07 01:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013-03-07 01:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013-03-07 01:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013-03-07 01:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013-03-07 01:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013-03-07 01:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013-03-07 01:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-10-02 16:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2012-10-02 16:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet) DRV - [2012-10-02 16:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon) DRV - [2012-10-02 16:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice) DRV - [2010-04-03 12:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2009-11-12 15:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-03-14 19:10:32 | 000,041,928 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2009-03-14 19:10:29 | 000,046,536 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2009-03-14 19:10:28 | 000,032,200 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2008-07-03 11:03:14 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008-04-14 01:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008-01-22 23:38:03 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-01-04 05:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006-06-19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-03-02 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2006-03-02 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004-06-26 14:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom) DRV - [2004-06-26 14:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv) DRV - [2003-12-03 17:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd) [color=#E56717:1f2a2a9b55]========== Standard Registry (All) ==========[/color:1f2a2a9b55] [color=#E56717:1f2a2a9b55]========== Internet Explorer ==========[/color:1f2a2a9b55] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\SearchScopes\{B7CD62AB-7624-4B80-88D8-4317D295C0D7}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= IE - HKU\S-1-5-21-1343024091-261478967-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:1f2a2a9b55]========== FireFox ==========[/color:1f2a2a9b55] FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "http://www.news.google.nl" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-11-30 16:39:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-20 07:02:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla\Firefox 6.0.1\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla\Firefox 6.0.1\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mail\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mail\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mail\MozillaThunderbird\components [2013-06-26 16:42:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files\Mail\MozillaThunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: K:\Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: K:\Thunderbird\plugins [2010-09-06 08:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions [2010-09-06 08:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008-11-27 17:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-07-20 17:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Extensions\home2@tomtom.com [2013-06-28 06:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\95hi6x5t.default\extensions [2009-10-13 11:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\eoar7vek.default\extensions [2009-03-18 07:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gebruiker\Application Data\Mozilla\Sunbird\Profiles\nddgf89j.default\extensions [color=#E56717:1f2a2a9b55]========== Chrome ==========[/color:1f2a2a9b55] CHR - homepage: http://www.google.nl/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.nl/ CHR - plugin: Eerste gebruiker (Enabled) = default_plugin CHR - plugin: Error reading preferences file CHR - Extension: avast! WebRep = C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ Hosts file not found O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Aanmelden - Help) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\Toolbar\ShellBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\Toolbar\WebBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..\Toolbar\WebBrowser: (&Koppelingen) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\FW\Online Armor\OAui.exe (Emsisoft GmbH) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe () O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1343024091-261478967-839522115-1004..\Run: [AROReminder] C:\Program Files\ARO 2013\ARO.exe (Support.com, Inc.) O4 - HKU\S-1-5-21-1343024091-261478967-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1343024091-261478967-839522115-1004..\Run: [Google Update] C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKU\S-1-5-21-1343024091-261478967-839522115-1004..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1343024091-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1343024091-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-1343024091-261478967-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-1343024091-261478967-839522115-1004\..Trusted Domains: comodo.com ([www] https in Vertrouwde websites) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264456942403 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264456921699 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6441D7FB-45A6-4209-9ECE-BD505CAD136F}: NameServer = 212.45.33.3,212.45.32.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EEE978B-0D8A-4B02-9017-73407C4AD059}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\cssdll32.dll) - C:\WINDOWS\system32\cssdll32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Preloader van browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Cache-daemon voor onderdeelcategorieën - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\FW\Online Armor\oaevent.dll (Emsisoft GmbH) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-18 11:29:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3c583d15-7121-11de-a5e4-00242154df54}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [CREATERESTOREPOINT] Restore point Set: OTL Restore Point [color=#E56717:1f2a2a9b55]========== Files/Folders - Created Within 30 Days ==========[/color:1f2a2a9b55] [2013-06-28 10:06:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe [2013-06-28 09:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gebruiker\Application Data\Malwarebytes [2013-06-28 09:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware [2013-06-28 09:23:52 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013-06-28 09:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013-06-28 09:21:00 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup-1.75.0.1300.exe [2013-06-28 09:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013-06-28 09:14:17 | 000,000,000 | ---D | C] -- C:\JRT [2013-06-28 08:18:32 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Gebruiker\Bureaublad\JRT.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717:1f2a2a9b55]========== Files - Modified Within 30 Days ==========[/color:1f2a2a9b55] [2013-07-01 08:06:00 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-07-01 07:45:00 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-261478967-839522115-1004UA.job [2013-07-01 06:15:00 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013-07-01 02:06:00 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-06-30 12:45:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-261478967-839522115-1004Core.job [2013-06-28 10:06:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gebruiker\Bureaublad\OTL.exe [2013-06-28 09:23:54 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk [2013-06-28 09:21:01 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gebruiker\Bureaublad\mbam-setup-1.75.0.1300.exe [2013-06-28 08:18:33 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Gebruiker\Bureaublad\JRT.exe [2013-06-28 06:58:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-06-28 06:58:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-06-28 06:58:04 | 2012,467,200 | -HS- | M] () -- C:\hiberfil.sys [2013-06-27 21:29:16 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\adwcleaner.exe [2013-06-19 08:26:48 | 000,000,434 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2013-06-13 03:02:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013-06-10 11:43:13 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Thunderbird.lnk [2013-06-05 21:25:45 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Eierprijzen (2).lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717:1f2a2a9b55]========== Files Created - No Company Name ==========[/color:1f2a2a9b55] [2013-06-28 09:23:54 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk [2013-06-27 21:29:15 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\adwcleaner.exe [2013-06-05 21:25:45 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Bureaublad\Eierprijzen (2).lnk [2013-05-06 14:35:16 | 000,204,932 | R--- | C] () -- C:\WINDOWS\System32\MSPOS_USB.dll [2013-03-20 07:26:26 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys [2013-03-20 07:26:25 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys [2013-03-20 07:03:14 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013-03-20 07:03:13 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2012-12-14 19:50:30 | 000,000,063 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2012-03-08 17:42:42 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012-02-27 15:17:59 | 000,000,290 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012-02-15 10:50:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-01-07 12:45:39 | 000,002,416 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2011-12-21 18:44:14 | 000,098,304 | R--- | C] () -- C:\WINDOWS\System32\DLSBAR32.DLL [2011-12-21 18:44:12 | 000,979,672 | R--- | C] () -- C:\WINDOWS\System32\libxml2.dll [2011-12-21 18:44:12 | 000,169,688 | R--- | C] () -- C:\WINDOWS\System32\libxslt.dll [2011-12-21 18:44:12 | 000,077,016 | R--- | C] () -- C:\WINDOWS\System32\zlib1.dll [2010-05-11 13:53:18 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Application Data\winscp.rnd [2009-10-07 05:19:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\PUTTY.RND [2009-06-26 07:59:50 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Application Data\testtool.ini [2009-06-22 22:48:09 | 000,000,077 | ---- | C] () -- C:\Documents and Settings\Gebruiker\default.pls [2009-06-05 13:27:33 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\Gebruiker\.recently-used.xbel [2009-05-30 15:35:12 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-03-14 19:15:04 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Gebruiker\.rnd [2009-03-14 19:10:39 | 000,002,845 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Config.nt.bak [2009-03-14 19:10:39 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Autoexec.nt.bak [2008-11-18 13:18:53 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gebruiker\Local Settings\Application Data\fusioncache.dat [color=#E56717:1f2a2a9b55]========== ZeroAccess Check ==========[/color:1f2a2a9b55] [2008-11-18 12:18:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008-08-20 07:30:55 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 23:32:46 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717:1f2a2a9b55]========== LOP Check ==========[/color:1f2a2a9b55] [2013-03-20 07:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2010-11-05 16:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2013-05-10 07:52:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012-10-16 14:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA [2009-03-14 19:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA [2011-03-25 17:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2013-03-20 07:33:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2009-05-27 09:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009-07-20 17:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2013-05-10 07:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2013-05-10 07:52:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2011-05-30 14:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Canneverbe Limited [2009-10-27 09:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\cmw [2010-11-04 13:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\DeepBurner Pro [2013-02-11 22:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\EssentialPIM [2009-06-05 13:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\EssentialPIM Pro [2013-04-08 17:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\FileZilla [2010-10-23 14:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Notepad++ [2013-03-20 07:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\OnlineArmor [2008-11-18 14:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\OpenOffice.org [2009-05-28 14:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\PC-FAX TX [2013-05-10 11:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Sammsoft [2013-02-13 10:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\TeamViewer [2010-09-10 14:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Thunderbird [2009-07-20 17:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\TomTom [2013-05-10 07:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\TuneUp Software [2008-11-27 16:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\TuxPaint [2010-05-11 09:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gebruiker\Application Data\Uniblue [2012-11-10 09:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GeekBuddyRSP [color=#E56717:1f2a2a9b55]========== Purity Check ==========[/color:1f2a2a9b55] [color=#E56717:1f2a2a9b55]========== Custom Scans ==========[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< >[/color:1f2a2a9b55] [2008-11-18 11:27:20 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2008-11-18 11:31:53 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2010-02-27 06:12:27 | 000,001,100 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-261478967-839522115-1004Core.job [2010-02-27 06:12:28 | 000,001,152 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-261478967-839522115-1004UA.job [2011-12-29 11:29:39 | 000,001,046 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2011-12-29 11:29:39 | 000,001,050 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012-10-20 16:26:06 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\prismDowngrade.job [2012-10-20 16:26:06 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\prismShakeIcon.job [2013-03-20 07:03:13 | 000,000,322 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job [color=#A23BEC:1f2a2a9b55]< :OTL >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - Reg Error: Value error. File not found >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - Reg Error: Value error. File not found >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< O4 - HKLM..\Run: [] File not found >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) >[/color:1f2a2a9b55] Invalid Switch: jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) [color=#A23BEC:1f2a2a9b55]< O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) >[/color:1f2a2a9b55] Invalid Switch: jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) [color=#A23BEC:1f2a2a9b55]< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) >[/color:1f2a2a9b55] Invalid Switch: jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) [color=#A23BEC:1f2a2a9b55]< C:\WINDOWS\system32\cssdll32.dll >[/color:1f2a2a9b55] [2009-05-11 13:17:31 | 000,249,592 | ---- | M] (COMODO) -- C:\WINDOWS\system32\cssdll32.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC:1f2a2a9b55]< MsConfig - StartUpReg: Adobe ARM - hkey= - key= - File not found >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< MsConfig - StartUpReg: AVKTray - hkey= - key= - File not found >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< MsConfig - StartUpReg: NBKeyScan - hkey= - key= - File not found >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< :Services >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< :Reg >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< :Files >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< ipconfig /flushdns /c >[/color:1f2a2a9b55] Windows IP-configuratie De DNS-omzettingscache is leeggemaakt. [color=#A23BEC:1f2a2a9b55]< C:\Program Files\Common Files\G DATA >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< C:\WINDOWS\system32\drivers\GDTdiIcpt.sys >[/color:1f2a2a9b55] [2009-03-14 19:10:32 | 000,041,928 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [color=#A23BEC:1f2a2a9b55]< C:\WINDOWS\system32\drivers\MiniIcpt.sys >[/color:1f2a2a9b55] [2009-03-14 19:10:29 | 000,046,536 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\system32\drivers\MiniIcpt.sys [color=#A23BEC:1f2a2a9b55]< C:\WINDOWS\system32\drivers\HookCentre.sys >[/color:1f2a2a9b55] [2009-03-14 19:10:28 | 000,032,200 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\system32\drivers\HookCentre.sys [color=#A23BEC:1f2a2a9b55]< C:\Documents and Settings\Gebruiker\Application Data\Uniblue >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< :Commands >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< [purity] >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< [emptytemp] >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< [resethosts] >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< [emptyjava] >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< [emptyflash] >[/color:1f2a2a9b55] [color=#A23BEC:1f2a2a9b55]< [reboot] >[/color:1f2a2a9b55] < End of report > ==== voila !
  • In plaats van op de knop "Run Fix" heb je op de knop "Run Scan" geklikt. Dus nogmaals mijn vorige opdracht uitvoeren!
  • Hoop dat ik het nu goed heb gedaan. File hierbij: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe ARM\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe Reader Speed Launcher\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVKTray\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NBKeyScan\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ deleted successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== [color=#A23BEC:38e7748ce3]< ipconfig /flushdns /c >[/color:38e7748ce3] Windows IP-configuratie De DNS-omzettingscache is leeggemaakt. C:\Documents and Settings\Gebruiker\Bureaublad\cmd.bat deleted successfully. C:\Documents and Settings\Gebruiker\Bureaublad\cmd.txt deleted successfully. C:\Program Files\Common Files\G DATA\IUpdate folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\QBase folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\Base folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\SETUP folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\DATA\skin folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\DATA\report folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\DATA\moved folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\DATA\log folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\DATA\journal folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\DATA\integ folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\DATA\chest folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\DATA\backup folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast\DATA folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner\avast folder moved successfully. C:\Program Files\Common Files\G DATA\AVKScanner folder moved successfully. C:\Program Files\Common Files\G DATA\AVKProxy folder moved successfully. C:\Program Files\Common Files\G DATA\AVKMail folder moved successfully. C:\Program Files\Common Files\G DATA folder moved successfully. C:\WINDOWS\system32\drivers\GDTdiIcpt.sys moved successfully. C:\WINDOWS\system32\drivers\MiniIcpt.sys moved successfully. C:\WINDOWS\system32\drivers\HookCentre.sys moved successfully. C:\Documents and Settings\Gebruiker\Application Data\Uniblue\RegistryBooster\_temp folder moved successfully. C:\Documents and Settings\Gebruiker\Application Data\Uniblue\RegistryBooster\history folder moved successfully. C:\Documents and Settings\Gebruiker\Application Data\Uniblue\RegistryBooster\backup folder moved successfully. C:\Documents and Settings\Gebruiker\Application Data\Uniblue\RegistryBooster folder moved successfully. C:\Documents and Settings\Gebruiker\Application Data\Uniblue folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Gast User: Gebruiker ->Temp folder emptied: 82224969 bytes ->Temporary Internet Files folder emptied: 10142073 bytes ->Java cache emptied: 7621540 bytes ->FireFox cache emptied: 93233581 bytes ->Google Chrome cache emptied: 557424 bytes ->Flash cache emptied: 506 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33237 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2845 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 29227184 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 535221242 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 264880 bytes RecycleBin emptied: 11050277 bytes Total Files Cleaned = 734,00 mb HOSTS file reset successfully [EMPTYJAVA] User: All Users User: Default User User: Gast User: Gebruiker ->Java cache emptied: 0 bytes User: LocalService User: NetworkService Total Java Files Cleaned = 0,00 mb [EMPTYFLASH] User: All Users User: Default User User: Gast User: Gebruiker ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 07012013_144159 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Gebruiker\Local Settings\Temp\_asw_aisI.tm~a03988\setup.lok not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... ===== Btw: Thunderbird werkt inmiddels weer flitsend. Ben toch benieuwd naar uw aan/opmerking en adviezen. Mvg Opamax.
  • Dat is nu goed gegaan inderdaad en er is behoorlijk wat opgeruimd. Nieuwe opdracht: [b:499b072d40]Welk programma[/b:499b072d40]: [img:499b072d40]http://www.imgdumper.nl/uploads6/51c590ce3cf4a/51c590ce361e7-ComboFix_resized_2.png[/img:499b072d40][color=#008000:499b072d40][b:499b072d40] ComboFix[/b:499b072d40][/color:499b072d40] [b:499b072d40]Waarvoor/waarom[/b:499b072d40]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:499b072d40]Moeilijkheidsgraad[/b:499b072d40]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:499b072d40]Downloadlokatie[/b:499b072d40]: Dit programma absoluut naar het bureaublad downloaden! [b:499b072d40]Download ComboFix via één van deze locaties[/b:499b072d40]: [list:499b072d40][*:499b072d40][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:499b072d40]Bleepingcomputer[/b:499b072d40][/url] [*:499b072d40][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:499b072d40]ForoSpyware[/b:499b072d40][/url] [*:499b072d40][url=http://subs.geekstogo.com/ComboFix.exe][b:499b072d40]Geekstogo[/b:499b072d40][/url][/list:u:499b072d40] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:499b072d40][color=#0000FF:499b072d40]Hier[/color:499b072d40][/b:499b072d40][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:499b072d40][color=#0000FF:499b072d40]Hier[/color:499b072d40][/b:499b072d40][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:499b072d40][color=#0000FF:499b072d40]hier[/color:499b072d40][/b:499b072d40][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:499b072d40]Opmerkingen[/b:499b072d40]: [list:499b072d40][*:499b072d40] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:499b072d40]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:499b072d40] [b:499b072d40]ComboFix opstarten[/b:499b072d40]: [list:499b072d40][*:499b072d40][b:499b072d40][color=#0000FF:499b072d40]Windows 2000[/color:499b072d40][/b:499b072d40] en [color=#0000FF:499b072d40][b:499b072d40]Windows XP[/b:499b072d40][/color:499b072d40]: dubbelklik op ComboFix.exe. [*:499b072d40][color=#0000FF:499b072d40][b:499b072d40]Windows Vista[/b:499b072d40][/color:499b072d40], [color=#0000FF:499b072d40][b:499b072d40]Windows 7[/b:499b072d40][/color:499b072d40] en [color=#0000FF:499b072d40][b:499b072d40]Windows 8[/b:499b072d40][/color:499b072d40]: via rechtsklik op [b:499b072d40]ComboFix.exe[/b:499b072d40] en kies voor "Als Administrator uitvoeren".[/list:u:499b072d40] [b:499b072d40]ComboFix is opgestart[/b:499b072d40]: [list:499b072d40][*:499b072d40]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:499b072d40]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:499b072d40]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:499b072d40]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:499b072d40]Post de inhoud van dit logbestand in je volgende bericht. [*:499b072d40]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:499b072d40] [b:499b072d40]Belangrijke opmerking[/b:499b072d40]: [list:499b072d40][*:499b072d40][b:499b072d40][color=#0000FF:499b072d40]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:499b072d40][/b:499b072d40] [*:499b072d40][b:499b072d40][color=#FF0000:499b072d40]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:499b072d40][/b:499b072d40] [*:499b072d40][b:499b072d40][color=#008000:499b072d40]Start dan de computer opnieuw op.[/color:499b072d40][/b:499b072d40][/list:u:499b072d40]
  • Wil het lukken?
  • Hallo OpaMax, al een tijd niks meer van jou vernomen?
  • Dag Abraham54, Is Abraham 54 is is hij in 1954 geboren ? Ja,ja, k ben r nog, maar 2 handicaps: zit met dit weer zo min mogelijk achter pc ennee.... heb geen bericht gezien dat er een nieuwe antwoord is. Zal dat ff checken. Wil en zal de laatste opdracht uitvoeren, maar omdat ik niet tevoren weet hoeveel tijd het gaat kosten kan ik het niet overdag doen(als er een klant belt moet de pc beschikbaar zijn). Wordt dus op een avond, maar niet vanavond, want dan is er weer de zoveelste party. Zal het zeker binnenkort uitvoeren, want ik stel uw kennis en advies best wel op prijs. Gr opamax
  • 1954 is inderdaad mijn bouwjaar. Zo te lezen heb je het dus druk, maar ik heb geduld hoor.
  • Hello to you all. De afgelopen weken is mijn pc 2x gereboot zonder mijn wil. Vreemd Gisteren kon ik mail niet verzenden. Na uitgebreid overleg met provider heb ik de pc herstart en Thunderburd werkte weer. Vandaag blijkt dat het mailprog ineens veel trager gaat werken. Heb graag dat een specialist er naar wil kijken. Weet dat ik dan een procedue moet afwerken en dan files opsturen. Wil iemand zich ermee belasten en de procedure noemen. Bvd, Opamax

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.