Pure Networks Platform Service foutmelding

groentje · 20 mei 2013 09:57

OTL logfile created on: 20-5-2013 9:01:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jels\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1023,48 Mb Total Physical Memory | 569,23 Mb Available Physical Memory | 55,62% Memory free
2,41 Gb Paging File | 1,98 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77,55 Gb Total Space | 34,89 Gb Free Space | 44,99% Space Free | Partition Type: NTFS
Drive E: | 306,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 108,75 Gb Total Space | 101,70 Gb Free Space | 93,51% Space Free | Partition Type: NTFS
Drive G: | 596,02 Gb Total Space | 540,36 Gb Free Space | 90,66% Space Free | Partition Type: FAT32

Computer Name: JELS-9WIWUZEM4Z | User Name: Jels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-05-18 20:52:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jels\Bureaublad\OTL.exe
PRC - [2013-05-04 22:49:05 | 001,008,816 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe
PRC - [2013-04-29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013-04-25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013-04-10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013-04-04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013-03-28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013-03-18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013-02-19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2010-02-09 17:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009-07-09 07:19:21 | 001,366,064 | R--- | M] (Cisco Systems, Inc.) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2009-06-18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009-05-04 18:22:30 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Sitecom\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2009-04-03 17:32:10 | 000,110,592 | ---- | M] () -- C:\Program Files\Sitecom\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2009-02-27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007-07-12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\Sitecom\11n USB Wireless LAN Utility\acAuth.dll

========== Services (SafeList) ==========

SRV - [2013-05-15 15:26:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-04 22:49:05 | 001,008,816 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe -- (vToolbarUpdater15.1.0)
SRV - [2013-04-25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-04-10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009-06-18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jels\LOCALS~1\Temp\Amsmpu4p.sys -- (Amsmpu4p)
DRV - [2013-05-04 22:49:06 | 000,034,592 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013-03-29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013-03-01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-02-08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-02-08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-02-08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-02-08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-02-08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012-01-12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012-01-12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010-02-11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009-08-02 13:57:38 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009-05-26 15:35:12 | 000,583,552 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009-05-13 15:47:44 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009-05-13 15:47:44 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008-10-12 12:42:47 | 001,275,584 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004-03-17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002-09-16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001-08-17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 AE 34 9A 37 34 CE 01 [binary data]
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes,DefaultScope = {07078455-77CB-43CA-9910-643EF5D90359}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes\{07078455-77CB-43CA-9910-643EF5D90359}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com

[2013-05-05 19:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jels\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001-09-07 14:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Sitecom 11n USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O15 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microso ... 0573884765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{316229CA-602B-4B8A-9ED7-6981DBC1937F}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{869FFAB9-EFD1-41CA-BBBF-76AE0C9350AB}: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Jels/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-01 23:26:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-08-01 01:00:00 | 000,000,148 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013-02-10 16:12:36 | 000,000,095 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2002-10-17 09:56:50 | 000,000,036 | RH-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003-03-21 12:00:56 | 000,000,000 | RH-D | M] - G:\AUTORUN -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013-05-19 18:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2013-05-19 18:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-05-19 18:18:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013-05-19 18:15:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013-05-18 21:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\Nieuwe map hijack this uitslagen en logjes
[2013-05-18 20:52:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jels\Bureaublad\OTL.exe
[2013-05-18 19:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\SeniorWeb cd-rom 2009-2010
[2013-05-16 17:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\Fam Bouma foto's
[2013-05-10 09:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Menu Start\Programma's\HHE
[2013-05-10 09:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\HHE
[2013-05-10 08:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG
[2013-05-09 20:56:21 | 000,188,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGDE.DLL
[2013-05-09 20:56:21 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WING.DLL
[2013-05-09 20:56:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WING32.DLL
[2013-05-09 20:56:21 | 000,006,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGDIB.DRV
[2013-05-09 20:56:21 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGPAL.WND
[2013-05-09 20:56:19 | 000,000,000 | ---D | C] -- C:\MSSETUP
[2013-05-05 19:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\Downloads
[2013-05-05 19:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013-05-05 10:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013-05-05 10:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\AVG
[2013-05-05 10:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013-05-05 10:52:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013-05-04 22:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\AVG2013
[2013-05-04 22:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\TuneUp Software
[2013-05-04 22:49:21 | 000,034,592 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013-05-04 22:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013-05-04 22:47:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013-05-04 22:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013-05-04 22:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013-05-04 22:43:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013-05-04 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Local Settings\Application Data\MFAData
[2013-05-04 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013-05-04 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Local Settings\Application Data\Avg2013
[2013-05-04 11:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Bureaublad\Slot57
[2013-05-04 10:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\save game schizm 2
[2013-05-03 20:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Bureaublad\Slot29
[2010-08-29 18:12:15 | 000,778,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpSvc.dll
[2010-08-29 18:12:15 | 000,704,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\LegitLib.dll
[2010-08-29 18:12:15 | 000,451,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpClient.dll
[2010-08-29 18:12:15 | 000,232,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpCommu.dll
[2010-08-29 18:12:15 | 000,064,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MsMpCom.dll
[2010-08-29 18:12:15 | 000,063,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpOAv.dll
[2010-08-29 18:12:15 | 000,053,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpAsDesc.dll
[2010-08-29 18:12:15 | 000,029,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mpevmsg.dll
[2010-08-29 18:12:15 | 000,009,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MsMpLics.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-05-20 08:40:55 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013-05-20 08:26:15 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-05-20 07:39:56 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\bnnohswrc.job
[2013-05-20 07:39:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-05-19 20:35:30 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D14933F9-8EE6-44E9-AF8A-1BFC65F8F892}.job
[2013-05-19 18:41:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
[2013-05-19 09:07:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-05-18 20:52:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jels\Bureaublad\OTL.exe
[2013-05-16 08:07:31 | 000,116,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-05-15 23:40:23 | 000,499,340 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2013-05-15 23:40:23 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-05-15 23:40:23 | 000,086,450 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2013-05-15 23:40:23 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-05-15 23:36:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-05-15 15:26:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-05-15 15:26:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-05-10 08:38:18 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2013.lnk
[2013-05-09 21:26:53 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Jels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-08 22:03:36 | 000,034,880 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\begin time lapse.tl
[2013-05-07 06:22:15 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013-05-06 12:55:19 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Outlook Express.lnk
[2013-05-06 12:54:42 | 000,000,508 | ---- | M] () -- C:\Program Files\Snelkoppeling naar Outlook Express.lnk
[2013-05-05 09:57:22 | 000,001,115 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Readme_Slot14doc.rtf.lnk
[2013-05-04 22:49:06 | 000,034,592 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013-05-03 21:54:37 | 000,518,160 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Slot57.sav
[2013-05-03 21:54:37 | 000,262,308 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\thumb_57.dtx
[2013-05-03 19:27:01 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Knipsel.lnk
[2013-05-03 18:28:55 | 000,001,075 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar thumb_29.dtx.lnk
[2013-05-03 18:26:45 | 000,001,063 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Slot29.sav.lnk
[2013-05-03 18:17:38 | 000,160,251 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterFogMaze.zip
[2013-05-03 17:41:48 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Knipsel.shs
[2013-05-02 16:59:35 | 000,001,106 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\url.htm
[2013-04-30 22:28:39 | 000,262,308 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_ 29 dtx
[2013-04-30 22:28:39 | 000,216,839 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Slot29.sav
[2013-04-30 18:46:21 | 000,194,587 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterLaserFlowPuzzle.zip
[2013-04-30 09:47:08 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar MJ2.exe.lnk
[2013-04-28 12:18:24 | 000,262,308 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_5.dtx
[2013-04-28 12:18:24 | 000,201,189 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Slot05.sav
[2013-04-24 13:19:05 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\spider.sav
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-05-19 18:41:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
[2013-05-15 23:33:47 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013-05-09 19:58:47 | 000,034,880 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\begin time lapse.tl
[2013-05-07 19:34:17 | 000,375,808 | ---- | C] () -- C:\WINDOWS\System\binkw32.dll
[2013-05-07 14:56:04 | 000,201,189 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Slot05.sav
[2013-05-07 14:55:39 | 000,262,308 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_5.dtx
[2013-05-06 18:20:16 | 001,206,030 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Save Game - 2012-10-02 - 19-57-41 - Computer, New York Meat Packing Getting to secret office, 02-19-44.BS4
[2013-05-06 12:55:19 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Outlook Express.lnk
[2013-05-06 12:54:42 | 000,000,508 | ---- | C] () -- C:\Program Files\Snelkoppeling naar Outlook Express.lnk
[2013-05-04 22:49:33 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2013.lnk
[2013-05-04 11:26:04 | 000,262,308 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\thumb_57.dtx
[2013-05-04 11:18:21 | 000,518,160 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Slot57.sav
[2013-05-03 19:27:01 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Knipsel.lnk
[2013-05-03 18:28:55 | 000,001,075 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar thumb_29.dtx.lnk
[2013-05-03 18:26:45 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Slot29.sav.lnk
[2013-05-03 18:21:35 | 000,262,308 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_ 29 dtx
[2013-05-03 18:21:15 | 000,216,839 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Slot29.sav
[2013-05-03 18:17:38 | 000,160,251 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterFogMaze.zip
[2013-05-03 17:41:47 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Knipsel.shs
[2013-05-03 12:14:42 | 000,001,106 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\url.htm
[2013-05-01 10:00:03 | 000,001,115 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Readme_Slot14doc.rtf.lnk
[2013-04-30 18:46:21 | 000,194,587 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterLaserFlowPuzzle.zip
[2013-04-30 09:47:08 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar MJ2.exe.lnk
[2013-03-23 23:30:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2013-02-10 17:00:28 | 000,000,434 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013-02-10 17:00:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2013-02-03 14:27:41 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2013-02-03 14:27:41 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2013-01-02 14:59:29 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012-12-11 16:37:10 | 000,375,808 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2012-02-16 11:42:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-01-30 11:48:49 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012-01-27 17:07:30 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012-01-27 17:05:15 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011-12-15 18:31:44 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011-09-05 15:08:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\versaill.ini
[2008-09-03 14:25:53 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Jels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012-09-25 20:51:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008-04-14 19:02:39 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008-04-14 19:02:44 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-05-05 10:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013-05-04 22:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013-05-04 22:43:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013-05-20 08:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008-11-19 21:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2009-08-21 23:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartFix
[2009-11-03 21:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013-05-05 10:52:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013-05-10 08:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013-04-08 14:46:40 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\groentje.1\Application Data\CrystalSpace
[2013-04-06 20:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\groentje.1\Application Data\Systweak
[2013-05-05 10:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\AVG
[2013-05-04 22:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\AVG2013
[2012-06-14 00:02:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jels\Application Data\CrystalSpace
[2009-11-03 22:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\NewsBin
[2012-01-09 20:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\Onpo
[2011-01-11 11:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\ScummVM
[2013-05-18 19:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\SeniorWeb cd-rom 2009-2010
[2009-08-21 23:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\SmartFix
[2013-05-04 22:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\TuneUp Software
[2012-01-30 11:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\Tuwage
[2013-05-05 10:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG

========== Purity Check ==========

========== Custom Scans ==========

< Code: >
[2008-09-01 23:24:55 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008-09-01 23:26:23 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011-01-21 14:52:04 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\Tasks\bnnohswrc.job
[2011-02-19 23:16:41 | 000,000,452 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D14933F9-8EE6-44E9-AF8A-1BFC65F8F892}.job
[2012-04-29 11:46:17 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< services.* >

< explorer.exe >

< winlogon.exe >

< Userinit.exe >

< svchost.exe >

========== Base Services ==========
SRV - [2008-04-14 19:02:48 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008-04-14 19:02:47 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008-04-14 19:02:38 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012-07-06 15:58:53 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008-04-14 19:02:23 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008-04-14 19:02:24 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009-04-20 19:22:17 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009-02-09 13:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008-04-14 19:02:25 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008-04-14 19:02:44 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008-04-14 19:02:27 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008-04-14 19:03:01 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008-04-14 19:02:24 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008-04-14 19:02:54 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008-04-14 19:02:54 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008-04-14 19:02:33 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008-06-20 18:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009-02-09 13:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008-04-14 19:02:39 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008-04-14 19:02:39 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009-02-09 12:56:07 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008-04-14 19:02:34 | 000,437,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008-04-14 19:02:39 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008-04-14 19:02:45 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010-08-27 07:55:04 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008-04-14 19:02:44 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008-04-14 19:02:39 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008-04-14 19:02:29 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008-04-14 19:02:44 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008-04-14 19:02:44 | 000,297,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008-04-14 19:03:17 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008-04-14 19:02:22 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008-04-14 19:02:28 | 000,332,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008-04-14 19:02:44 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008-04-14 19:03:06 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008-04-14 19:02:45 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009-02-09 12:56:07 | 000,684,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008-04-14 19:02:24 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008-04-14 19:02:47 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009-06-10 08:16:47 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3200822AS
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Medion Flash XL CF USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Medion Flash XL MS USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Medion Flash XL MMC/SD USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Medion Flash XL SM USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: WD 6400AAK External USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 78,00GB
Starting Offset: 116782557696
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 109,00GB
Starting Offset: 8225280
Hidden sectors: 0

DeviceID: Disk #5, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 596,00GB
Starting Offset: 32256
Hidden sectors: 0

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2013-05-20 07:39:56 | 000,000,308 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\bnnohswrc.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %PROGRAMFILES%\* >
[2010-01-04 11:48:52 | 000,704,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\LegitLib.dll
[2010-03-25 21:51:40 | 000,053,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpAsDesc.dll
[2010-03-25 21:39:02 | 000,451,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpClient.dll
[2010-03-25 21:39:02 | 000,232,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpCommu.dll
[2010-03-25 21:55:10 | 000,029,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mpevmsg.dll
[2010-03-25 21:39:02 | 000,063,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpOAv.dll
[2010-03-25 21:39:02 | 000,778,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpSvc.dll
[2010-03-25 21:39:02 | 000,064,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MsMpCom.dll
[2010-03-25 21:39:02 | 000,009,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MsMpLics.dll
[2013-05-06 12:54:42 | 000,000,508 | ---- | M] () -- C:\Program Files\Snelkoppeling naar Outlook Express.lnk

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

20 mei 2013 10:38

Sluit voordat OTL de fix gaat doen, eerst alle andere openstaande vensters!

Windows 2000 en Windows XP: dubbelklik op OTL.exe.
Windows Vista, Windows 7 en Windows 8: via rechtsklik op OTL.exe en kies voor "Als Administrator uitvoeren".
Kopieer onderstaande in de Code-kader staande tekst en plak deze in het venster onder

Code: Selecteer alles

:OTL 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSo ... type=ds&q={searchTerms}&installDate=04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSo ... type=ds&q={searchTerms}&installDate=04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoSo ... type=ds&q={searchTerms}&installDate=04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoSo ... type=ds&q={searchTerms}&installDate=04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSo ... type=ds&q={searchTerms}&installDate=04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSo ... type=ds&q={searchTerms}&installDate=04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoSo ... type=ds&q={searchTerms}&installDate=04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoSo ... type=ds&q={searchTerms}&installDate=04/04/2013
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2


:Services


:Reg


:Files
ipconfig /flushdns /c
C:\Program Files\Common Files\Pure Networks Shared

:Commands
[purity]
[emptytemp]
[resethosts]
[emptyjava]
[emptyflash]
[createrestorepoint]
[reboot]

Klik daarna bovenaan op
Laat het programma ongestoord zijn werk doen.
OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.
Klik op OK
Na het opnieuw opstarten wordt enkel een nieuw log geopend.
Post via kopiëren en plakken de inhoud van dat OTL-scanlog.

groentje · 20 mei 2013 15:09

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com deleted successfully.
File C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-152049171-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-152049171-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Documents and Settings\Jels\Bureaublad\cmd.bat deleted successfully.
C:\Documents and Settings\Jels\Bureaublad\cmd.txt deleted successfully.
C:\Program Files\Common Files\Pure Networks Shared\Platform\Temp folder moved successfully.
C:\Program Files\Common Files\Pure Networks Shared\Platform\Support folder moved successfully.
C:\Program Files\Common Files\Pure Networks Shared\Platform\purendis folder moved successfully.
C:\Program Files\Common Files\Pure Networks Shared\Platform\pnarp folder moved successfully.
C:\Program Files\Common Files\Pure Networks Shared\Platform\.upload folder moved successfully.
C:\Program Files\Common Files\Pure Networks Shared\Platform folder moved successfully.
C:\Program Files\Common Files\Pure Networks Shared folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: groentje.1
->Temp folder emptied: 2751 bytes
->Temporary Internet Files folder emptied: 11290478 bytes
->Flash cache emptied: 492 bytes

User: Jels
->Temp folder emptied: 54130772 bytes
->Temporary Internet Files folder emptied: 340080958 bytes
->Java cache emptied: 138306 bytes
->FireFox cache emptied: 18610037 bytes
->Google Chrome cache emptied: 6611991 bytes
->Flash cache emptied: 13430 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 34784 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139202 bytes
%systemroot%\System32 .tmp files removed: 2833181 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 570250 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 146266392 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 263274 bytes

Total Files Cleaned = 555,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default User

User: groentje.1

User: Jels
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: groentje.1
->Flash cache emptied: 0 bytes

User: Jels
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
Error: Unable to interpret <[reboot> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 05202013_150100

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

20 mei 2013 15:20

Doe de ESET online scan (Klik).

Klik op de blauwe knop Run ESET Online Scanner
Zet een vinkje bij YES, I accept the Terms of Use
Klik op Start
Sta het ActiveX control toe om te installeren.
Zet een vinkje bij de volgende opties:
- Remove found threats
- Scan archives
Klik vervolgens op Advanced Settings
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Klik op Start

De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt
Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.
Notabene: deaktiveer tijdelijk de eigen antivirus tijdens de scan, dan is de onlinescan sneller!

Gebruik je een andere browser dan IE, dan download je een kleine webinstaller, esetsmartinstaller_enu.exe.
De Eset Online scanner zal vervolgens in een kleiner venster opstarten, je markeert dan eerst de instelling zoals hierboven aangegeven.
Klik daarna op de knop "Start" - vervolgens zal eerst de database worden gedownload en is dat gebeurd, start de scan.

groentje · 20 mei 2013 18:26

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a0b85a393b7d4c48b9f909450d5eb9ff
# engine=13873
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-20 03:52:11
# local_time=2013-05-20 05:52:11 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1040 16777213 100 93 16307 56202715 0 0
# scanned=102579
# found=11
# cleaned=11
# scan_time=5509
sh=EA02CC36C36B9522679E6E6DD2FFCE63DA6CCE41 ft=0 fh=0000000000000000 vn="probably unknown NewHeur_PE virus (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Jels\Bureaublad\Hiren's.BootCD.9.7.iso"
sh=E6051FAC291DD49FF4D1E89440CA68EB41971880 ft=1 fh=b46d2697b7f4f08e vn="Win32/AdInstaller application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Jels\Mijn documenten\save game schizm 2\VideoDownloadConvert.exe"
sh=5FAA4A8FD1C9BF9B21CB6449B1D631E9D4DB320E ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AD application (deleted - quarantined)" ac=C fn="F:\Stick\Rob.Papen.Predator.VSTi.v1.1.1.incl.Keygen-AiR.zip"
sh=0C938EC71A046C93FF9346CC4957320CD36CB5BA ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AD application (deleted - quarantined)" ac=C fn="F:\Stick\Sonnox\Nieuwe map\IZotope.Mastering.Effects.Bundle.DX.v1.0.Incl.Keygen-AiR.zip"
sh=BF4AED97CF45E99D348A4EBE098092D38CD2B0B8 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AD application (deleted - quarantined)" ac=C fn="F:\Stick\Sonnox\Nieuwe map\IZotope.Mastering.Effects.Bundle.DX.v1.0.Incl.Keygen-AiR\IZotope.Mastering.Effects.Bundle.DX.v1.0.Incl.Keygen-AiR\a-imb10.rar"
sh=8078B0B9ED3A77CE693BF6D8ECFDA368C834B315 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AD application (deleted - quarantined)" ac=C fn="F:\Stick\Sonnox\Nieuwe map\IZotope.Mastering.Effects.Bundle.DX.v1.0.Incl.Keygen-AiR\IZotope.Mastering.Effects.Bundle.DX.v1.0.Incl.Keygen-AiR\a-imb10a.zip"
sh=6BE449FD3FA6A675205586CD29424E233142CB86 ft=1 fh=ebeb2ff2b57bb57d vn="a variant of Win32/Keygen.AD application (cleaned by deleting - quarantined)" ac=C fn="F:\Stick\Sonnox\Nieuwe map\IZotope.Mastering.Effects.Bundle.DX.v1.0.Incl.Keygen-AiR\IZotope.Mastering.Effects.Bundle.DX.v1.0.Incl.Keygen-AiR\keygen.exe"
sh=AA2D3E956274F1FF72D7FE323EAA691F8D0B61EC ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)" ac=C fn="G:\Documenten\LimeWire\Saved\gurbe doustra live.snd"
sh=041B185EBEF9B3A0C90EB8CE1200A7CC2CCADE60 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)" ac=C fn="G:\Documenten\LimeWire\Saved\gurbe doustra.mp3"
sh=B9BA198E61842B18014FC6E9AFBD58BFC00A2682 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)" ac=C fn="G:\Documenten\LimeWire\Incomplete\Preview-T-5064857-gurbe doustra live.snd"
sh=B4EA27F7026E3AEC38C9ED77DBE5D3190318AD57 ft=0 fh=0000000000000000 vn="a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)" ac=C fn="G:\Documenten\LimeWire\Incomplete\Preview-T-5190950-gurbe doustra.mp3"

20 mei 2013 18:46

Vertel maar hoe het ondertussen gaat.

groentje · 21 mei 2013 18:48

Spoiler: weergeven

Beste Abraham54

Als ik de computer opstart, dan krijg ik het schermpje niet meer,

Heel hartelijk dank.

Hoe moet ik nu verder?

Moet het volgende apart gepost worden?

Ik had deze computer gepakt,nadat mijn eigen is gecrasht.
een windows xp pro.
Hij startte op tot het welkom scherm en daarna de keuze menu's van de veilige modus.
,maar niets ervan werkte ervan. Omdat deze computer vaak te weinig geheugenheb ik hem aan de kant gezet,maar wil mijn emails of email adres wel terug

En ook een laatste scan waarbij de computer terug gezet wordt naar het laatste moment dat de computer goed draaide.
Dan kwam hij weer in de veilige modus en heb ik de computer aan de kant gezet.
Deze computer heeft mijn e mails en mijn emaile adres.

In ieder geval bedankt
Gea

21 mei 2013 18:51

Heb jij webmail of mail bij een provider?

En weet jij soms de wachtwoorden niet meer?

HijackThis - Forum voor virus en spyware problemen - Partner van de VZW PC Helpforum.be

Welkom op ons forum!

Pure Networks Platform Service foutmelding