Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
mar
hoi
Helaas het heeft niets geholpen
gr mar
Goeie morgen Mar,
Vreemd dat het wel van de ene computer af wil maar niet van deze.
We gaan het over een andere boeg gooien en bijna helemaal over nieuw beginnen.
Voer een systeemherstel uit van voor dat het probleem zich voordeed en probeer te vertellen hoe het probleem is begonnen.
Maak nadat je systeemherstel hebt gedaan een nieuw HijackThis logje.
Groetjes Huib;)
Hallo,
Dan gaan we kijken of we nog wat kunnen vinden:
Heb je voor die melding een programma verwijderd?
Download OTL naar je bureaublad.
Klik met je rechtermuisknop op OTL en klik op Als Administrator uitvoeren om het uit te voeren. Zorg ervoor dat alle andere vensters gesloten zijn, en de scan zonder onderbrekingen kan worden voltooid.
Wijzig, als het scherm wordt getoond, onder Output bovenaan, de waarde naar Minimal Output.
Klik nu op de Run Scan knop. Wijzig geen opties, tenzij anders vermeld. De scan zal niet lang duren.
Wanneer de scan is voltooid zullen er twee Kladblok vensters worden geopend. OTListIt.Txt en Extras.Txt. Deze logbestanden worden opgeslagen in dezelfde locatie als OTL.
Kopieer (Edit->Select All, Edit->Copy) de inhoud van OTListIt.Txt, in je volgende bericht.
Gr.Ben
hoi
zoals geadviseerd
gr mar
OTL logfile created on: 26-10-2012 11:29:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gebruiker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy
3,96 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 59,96% Memory free
7,92 Gb Paging File | 6,08 Gb Available in Paging File | 76,78% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 325,03 Gb Total Space | 262,87 Gb Free Space | 80,88% Space Free | Partition Type: NTFS
Drive D: | 303,19 Gb Total Space | 77,51 Gb Free Space | 25,57% Space Free | Partition Type: NTFS
Drive E: | 303,19 Gb Total Space | 194,97 Gb Free Space | 64,31% Space Free | Partition Type: NTFS
Computer Name: GEBRUIKER-PC | User Name: Gebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Gebruiker\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - e:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
========== Services (SafeList) ==========
SRV:64bit: - (NisSrv) – c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) – c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) – C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) – C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) – C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (MBAMService) – e:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) – e:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Skype C2C Service) – C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeARMservice) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) – C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) – C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (KMService) – C:\Windows\SysWOW64\srvany.exe ()
SRV - (clr_optimization_v4.0.30319_32) – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) – C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) – C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avgtp) – C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (NisDrv) – C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) – C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) – C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) – C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) – C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) – C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USB28xxBGA) – C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) – C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (HpSAMD) – C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) – C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HECIx64) – C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) – C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) – C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) – C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) – C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) – C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (netr7364) – C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) – C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) – C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) – C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) – C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TuneUpUtilitiesDrv) – C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) – C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{FF405D4B-1CBF-4A12-AA87-6DC60937699D}: “URL” = http://downloads.phpnuke.org/nl/index.php?rvs=google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA E8 30 46 0D B2 CD 01
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FF405D4B-1CBF-4A12-AA87-6DC60937699D}: “URL” = http://downloads.phpnuke.org/nl/index.php?rvs=google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: “”
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {65ca59ee-9920-4d7f-8c41-bfa12403261a}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.3.0.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
(No name found) – C:\Users\Gebruiker\AppData\Roaming\mozilla\Extensions
(No name found) – C:\Users\Gebruiker\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
(No name found) – C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\3b8i8jfo.default\extensions
(“DVDVideoSoft Menu”) – C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\3b8i8jfo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
(No name found) – C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\3b8i8jfo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
(No name found) – C:\Program Files (x86)\Mozilla Firefox\extensions
(Skype Click to Call) – C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
(Java Console) – C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
(Java Console) – C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
(Java Console) – C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
(Java Console) – C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
(HP Smart Web Printing) – C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) – C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) – C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) – C:\USERS\GEBRUIKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3B8I8JFO.DEFAULT\EXTENSIONS\{65CA59EE-9920-4D7F-8C41-BFA12403261A}
File not found (No name found) – C:\USERS\GEBRUIKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3B8I8JFO.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) – C:\USERS\GEBRUIKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3B8I8JFO.DEFAULT\EXTENSIONS\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
File not found (No name found) – C:\USERS\GEBRUIKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3B8I8JFO.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) – C:\USERS\GEBRUIKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3B8I8JFO.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
(Zylom) – C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
() – C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
() – C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
() – C:\Program Files (x86)\mozilla firefox\searchplugins\vandale-nl.xml
() – C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml
() – C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-nl.xml
========== Chrome ==========
CHR - homepage: http://www.google.nl/
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3042917
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.nl/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: 20-20 3D Viewer for IKEA (Enabled) = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
CHR - plugin: Intel(R) Threading Building Blocks for Windows (Enabled) = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
CHR - plugin: Intel(R) Threading Building Blocks for Windows (Enabled) = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: NZB Knop = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgefhppekjkhaepenmmfgbagoceiiko\1.0_0\
CHR - Extension: YouTube = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\
CHR - Extension: Gmail = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: () - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: File not found
O4 - HKLM..\Run: C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16:64bit: - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/nl-nl/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EA512CE-0BAA-4267-8710-F26F3E3EBB44}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25470FA-862B-47AD-B8EE-095A299D9299}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck turegopt /AM)
O35:64bit: - HKLM\..comfile – “%1” %*
O35:64bit: - HKLM\..exefile – “%1” %*
O35 - HKLM\..comfile – “%1” %*
O35 - HKLM\..exefile – “%1” %*
O37:64bit: - HKLM\…com – “%1” %*
O37:64bit: - HKLM\…exe – “%1” %*
O37 - HKLM\…com – “%1” %*
O37 - HKLM\…exe – “%1” %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
(OldTimer Tools) – C:\Users\Gebruiker\Desktop\OTL.exe
– C:\Users\Gebruiker\AppData\Local\{AB8B2D01-65EF-43E4-BC70-46686B9BC2E8}
– C:\Program Files (x86)\Microsoft Security Client
– C:\Program Files\Microsoft Security Client
– C:\Windows\Temp
– C:\Users\Gebruiker\AppData\Local\Temp
– C:\$RECYCLE.BIN
– C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint
– C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
– C:\Program Files (x86)\TuneUp Utilities 2013
(Sun Microsystems, Inc.) – C:\Windows\SysWow64\npdeployJava1.dll
(Sun Microsystems, Inc.) – C:\Windows\SysWow64\javaws.exe
(Sun Microsystems, Inc.) – C:\Windows\SysWow64\javaw.exe
(Sun Microsystems, Inc.) – C:\Windows\SysWow64\java.exe
– C:\Program Files (x86)\Java
(Microsoft Corporation) – C:\Windows\SysNative\ntoskrnl.exe
(Microsoft Corporation) – C:\Windows\SysWow64\ntkrnlpa.exe
(Microsoft Corporation) – C:\Windows\SysWow64\ntoskrnl.exe
(Microsoft Corporation) – C:\Windows\SysNative\kernel32.dll
(Microsoft Corporation) – C:\Windows\SysNative\KernelBase.dll
(Microsoft Corporation) – C:\Windows\SysNative\conhost.exe
(Microsoft Corporation) – C:\Windows\SysNative\winsrv.dll
(Microsoft Corporation) – C:\Windows\SysNative\wow64.dll
(Microsoft Corporation) – C:\Windows\SysWow64\setup16.exe
(Microsoft Corporation) – C:\Windows\SysNative\wow64win.dll
(Microsoft Corporation) – C:\Windows\SysNative\ntvdm64.dll
(Microsoft Corporation) – C:\Windows\SysWow64\ntvdm64.dll
(Microsoft Corporation) – C:\Windows\SysNative\wow64cpu.dll
(Microsoft Corporation) – C:\Windows\SysWow64\instnm.exe
(Microsoft Corporation) – C:\Windows\SysWow64\wow32.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
(Microsoft Corporation) – C:\Windows\SysWow64\user.exe
(Microsoft Corporation) – C:\Windows\SysNative\wintrust.dll
(Microsoft Corporation) – C:\Windows\SysNative\crypt32.dll
(Microsoft Corporation) – C:\Windows\SysNative\cryptnet.dll
– C:\Users\Gebruiker\AppData\Roaming\Western Software Technologies
– C:\Users\Public\Documents\TheLostIncaProphecy
– C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playrix Entertainment
– C:\Users\Gebruiker\Documents\default
– C:\Program Files (x86)\TomTom International B.V
– C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
– C:\Program Files (x86)\MyTomTom 3
========== Files - Modified Within 30 Days ==========
(OldTimer Tools) – C:\Users\Gebruiker\Desktop\OTL.exe
() – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
() – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
() – C:\Windows\tasks\Adobe Flash Player Updater.job
() – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
() – C:\Windows\bootstat.dat
() – C:\hiberfil.sys
() – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
() – C:\Windows\epplauncher.mif
() – C:\Windows\SysNative\perfh013.dat
() – C:\Windows\SysNative\perfh009.dat
() – C:\Windows\SysNative\perfc013.dat
() – C:\Windows\SysNative\perfc009.dat
() – C:\Windows\SysWow64\PerfStringBackup.INI
() – C:\Users\Gebruiker\Documents\cc_20121025_225045.reg
() – C:\Users\Gebruiker\Desktop\zoek.exe
() – C:\Users\Public\Desktop\HijackThis backups log.lnk
() – C:\Users\Public\Desktop\Trend Micro HijackThis.lnk
() – C:\Windows\SysNative\drivers\etc\hosts
() – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
() – C:\Users\Public\Desktop\Inpaint.lnk
(Sun Microsystems, Inc.) – C:\Windows\SysWow64\javaws.exe
(Sun Microsystems, Inc.) – C:\Windows\SysWow64\npdeployJava1.dll
(Sun Microsystems, Inc.) – C:\Windows\SysWow64\deployJava1.dll
(Sun Microsystems, Inc.) – C:\Windows\SysWow64\javaw.exe
(Sun Microsystems, Inc.) – C:\Windows\SysWow64\java.exe
(Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerApp.exe
(Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
() – C:\Users\Public\Desktop\The Lost Inca Prophecy.lnk
() – C:\Users\Gebruiker\Desktop\254460_269616249824645_1336795737_n.jpg
(Malwarebytes Corporation) – C:\Windows\SysNative\drivers\mbam.sys
() – C:\Windows\SysNative\PerfStringBackup.INI
() – C:\Windows\SysWow64\_WKERNEL.SYL
========== Files Created - No Company Name ==========
() – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
() – C:\Users\Gebruiker\Documents\cc_20121025_225045.reg
() – C:\Windows\zoek-delete.exe
() – C:\Users\Gebruiker\Desktop\zoek.exe
() – C:\Users\Public\Desktop\HijackThis backups log.lnk
() – C:\Users\Public\Desktop\Trend Micro HijackThis.lnk
() – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
() – C:\Users\Public\Desktop\Inpaint.lnk
() – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
() – C:\Users\Public\Desktop\The Lost Inca Prophecy.lnk
() – C:\Users\Gebruiker\Desktop\254460_269616249824645_1336795737_n.jpg
() – C:\Users\Gebruiker\AppData\Roaming\burnaware.ini
() – C:\Windows\Menu.INI
() – C:\Windows\WORDPAD.INI
() – C:\Windows\SysWow64\drivers\ShieldmNt.sys
() – C:\Windows\SysWow64\nvStreaming.exe
() – C:\Users\Gebruiker\AppData\Local\{7B99F471-0B76-434C-897C-23D38242C97F}
() – C:\Windows\popcinfo.dat
() – C:\Windows\SysWow64\PerfStringBackup.INI
() – C:\Windows\AutoKMS.ini
() – C:\Windows\SysWow64\OGAVerify.exe
() – C:\Windows\SysWow64\OGAAddin.dll
() – C:\Windows\d3dx.dat
() – C:\Windows\nsreg.dat
() – C:\Windows\NeroDigital.ini
() – C:\Windows\SysWow64\WgaTray.exe
() – C:\Windows\SysWow64\srvany.exe
() – C:\Windows\hpoins38.dat
() – C:\Users\Gebruiker\AppData\Roaming\brun_nbeta12.dat
========== ZeroAccess Check ==========
() – C:\Windows\assembly\Desktop.ini
/64
/64
/64
“” = C:\Windows\SysNative\shell32.dll – (Microsoft Corporation)
“ThreadingModel” = Apartment
“” = %SystemRoot%\system32\shell32.dll – (Microsoft Corporation)
“ThreadingModel” = Apartment
/64
“” = C:\Windows\SysNative\wbem\fastprox.dll – (Microsoft Corporation)
“ThreadingModel” = Free
“” = %systemroot%\system32\wbem\fastprox.dll – (Microsoft Corporation)
“ThreadingModel” = Free
/64
“” = C:\Windows\SysNative\wbem\wbemess.dll – (Microsoft Corporation)
“ThreadingModel” = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:C78DADEA
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:87A3A233
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:B4258C5D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B2112128
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:512336B9
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5080697C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A1460B2A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:7B49C9C0
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E2CFA9CD
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:38D2EA83
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:94B46CA2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:517EFA90
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:71612023
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C86E2AD
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E5496666
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:AE8FDB48
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5B4686D7
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4B244549
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:65C4D44A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4C31986D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3D922890
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:12383CAE
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:99B20AD0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BE6B5FC3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:183A9046
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:9603033A
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E5BA9ADD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:58E38390
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:ED2D63E4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:834DD57E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4C3D5A8B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:B36361EE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:5EF72D85
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2652902F
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F142DBA9
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EF38B79C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:E6708F08
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D47B19A6
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3D36932D
< End of report >
Hoi
Maar helaas de melding komt nog steeds.
gr mar
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: ffxtlbr@babylon.com:1.2.0 removed from extensions.enabledItems
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
ADS C:\ProgramData\TEMP:E51234A9 deleted successfully.
ADS C:\ProgramData\TEMP:40D8F125 deleted successfully.
ADS C:\ProgramData\TEMP:C78DADEA deleted successfully.
ADS C:\ProgramData\TEMP:87A3A233 deleted successfully.
ADS C:\ProgramData\TEMP:587F3582 deleted successfully.
ADS C:\ProgramData\TEMP:B4258C5D deleted successfully.
ADS C:\ProgramData\TEMP:C2F24DB5 deleted successfully.
ADS C:\ProgramData\TEMP:B38BEEEE deleted successfully.
ADS C:\ProgramData\TEMP:D6D084A5 deleted successfully.
ADS C:\ProgramData\TEMP:B2112128 deleted successfully.
ADS C:\ProgramData\TEMP:700B9342 deleted successfully.
ADS C:\ProgramData\TEMP:512336B9 deleted successfully.
ADS C:\ProgramData\TEMP:5080697C deleted successfully.
ADS C:\ProgramData\TEMP:A1460B2A deleted successfully.
ADS C:\ProgramData\TEMP:7BFAAE70 deleted successfully.
ADS C:\ProgramData\TEMP:7B49C9C0 deleted successfully.
ADS C:\ProgramData\TEMP:E2CFA9CD deleted successfully.
ADS C:\ProgramData\TEMP:38D2EA83 deleted successfully.
ADS C:\ProgramData\TEMP:94B46CA2 deleted successfully.
ADS C:\ProgramData\TEMP:689AB7E9 deleted successfully.
ADS C:\ProgramData\TEMP:2AE74FF9 deleted successfully.
ADS C:\ProgramData\TEMP:517EFA90 deleted successfully.
ADS C:\ProgramData\TEMP:177313FB deleted successfully.
ADS C:\ProgramData\TEMP:71612023 deleted successfully.
ADS C:\ProgramData\TEMP:2C86E2AD deleted successfully.
ADS C:\ProgramData\TEMP:E5496666 deleted successfully.
ADS C:\ProgramData\TEMP:AE8FDB48 deleted successfully.
ADS C:\ProgramData\TEMP:5B4686D7 deleted successfully.
ADS C:\ProgramData\TEMP:4B244549 deleted successfully.
ADS C:\ProgramData\TEMP:2B9555D8 deleted successfully.
ADS C:\ProgramData\TEMP:65C4D44A deleted successfully.
ADS C:\ProgramData\TEMP:569CEE83 deleted successfully.
ADS C:\ProgramData\TEMP:4C31986D deleted successfully.
ADS C:\ProgramData\TEMP:3D922890 deleted successfully.
ADS C:\ProgramData\TEMP:12383CAE deleted successfully.
ADS C:\ProgramData\TEMP:99B20AD0 deleted successfully.
ADS C:\ProgramData\TEMP:BE6B5FC3 deleted successfully.
ADS C:\ProgramData\TEMP:6EE8565A deleted successfully.
ADS C:\ProgramData\TEMP:183A9046 deleted successfully.
ADS C:\ProgramData\TEMP:8AED9359 deleted successfully.
ADS C:\ProgramData\TEMP:9603033A deleted successfully.
ADS C:\ProgramData\TEMP:5E9B629B deleted successfully.
ADS C:\ProgramData\TEMP:E5BA9ADD deleted successfully.
ADS C:\ProgramData\TEMP:58E38390 deleted successfully.
ADS C:\ProgramData\TEMP:1ECED34B deleted successfully.
ADS C:\ProgramData\TEMP:ED2D63E4 deleted successfully.
ADS C:\ProgramData\TEMP:E8C44CB4 deleted successfully.
ADS C:\ProgramData\TEMP:834DD57E deleted successfully.
ADS C:\ProgramData\TEMP:512E1728 deleted successfully.
ADS C:\ProgramData\TEMP:4C3D5A8B deleted successfully.
ADS C:\ProgramData\TEMP:D999FFD5 deleted successfully.
ADS C:\ProgramData\TEMP:B36361EE deleted successfully.
ADS C:\ProgramData\TEMP:041C0562 deleted successfully.
ADS C:\ProgramData\TEMP:5EF72D85 deleted successfully.
ADS C:\ProgramData\TEMP:2652902F deleted successfully.
ADS C:\ProgramData\TEMP:F142DBA9 deleted successfully.
ADS C:\ProgramData\TEMP:109734F6 deleted successfully.
ADS C:\ProgramData\TEMP:EF38B79C deleted successfully.
ADS C:\ProgramData\TEMP:E6708F08 deleted successfully.
ADS C:\ProgramData\TEMP:1B389835 deleted successfully.
ADS C:\ProgramData\TEMP:4673E9EA deleted successfully.
ADS C:\ProgramData\TEMP:D47B19A6 deleted successfully.
ADS C:\ProgramData\TEMP:3D36932D deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Users\Gebruiker\Desktop\cmd.bat deleted successfully.
C:\Users\Gebruiker\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
User: All Users
User: AppData
->Temp folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gebruiker
->Temp folder emptied: 337022 bytes
->Temporary Internet Files folder emptied: 13704907 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52467163 bytes
->Google Chrome cache emptied: 158483754 bytes
->Flash cache emptied: 829 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74831 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 215,00 mb
User: All Users
User: AppData
User: Default
User: Default User
User: Gebruiker
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 10262012_130325
Files\Folders moved on Reboot…
C:\Users\Gebruiker\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{35D78ABD-F721-4353-8B2A-5116C15130A5}.tmp not found!
File\Folder C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{94B93B04-3AE7-4CD7-834D-9A9F3B72FDA3}.tmp not found!
File\Folder C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E18E9303-7E4B-4B86-96F5-911DE369E5F6}.tmp not found!
C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4A70ML1\Hallo mar.docx moved successfully.
PendingFileRenameOperations files…
Registry entries deleted on Reboot…
Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.
