Ukash Politievirus

Gesloten onderwerpen. Stuur een privé bericht naar een Moderator of de Administrator om het topic weer te laten openen.
Gebruikersavatar
Countrygirl
PC Web Plus - Member
PC Web Plus - Member
Berichten: 14
Lid geworden op: 28 jun 2012 22:05
Kennisniveau: (1) Beginner
AV: McAfee

#1

28 jun 2012 22:22

Hoi Maxstar,

Hierbij een nieuw forum bericht, ik doe hierbij alvast het MBAM-logje er bij.

Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Databaseversie: v2012.06.28.09

Windows Vista x86 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 8.0.6001.18904
RAMON :: PC_VAN_RAMON [administrator]

28-6-2012 19:34:32
mbam-log-2012-06-28 (19-34-32).txt

Scantype: Volledige scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 478332
Verstreken tijd: 1 uur/uren, 38 minuut/minuten, 50 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 44
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Typelib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\Software\ndo8thb2ikwe (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Spyware-Secure (Rogue.SpywareSecure) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.SpywareSecure) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware-Secure (Rogue.SpywareSecure) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»
äG\Ê -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Local Page (Hijack.SearchPage) -> Slecht: (http://www.iesearch.com/" onclick="window.open(this.href);return false;) Goed: (http://www.Google.com/" onclick="window.open(this.href);return false;) -> Succesvol in quarantaine geplaatst en gerepareerd.

Mappen gedetecteerd: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.SpywareSecure) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 4
C:\Users\RAMON\Downloads\installer_hamachi.exe (PUP.Adbundler) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk (Rogue.SpywareSecure) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Windows\Temp\explorer.dat (Heuristics.Reserved.Word.Exploit) -> Zal worden verwijderd tijdens het herstarten.

(einde)
Gebruikersavatar
Countrygirl
PC Web Plus - Member
PC Web Plus - Member
Berichten: 14
Lid geworden op: 28 jun 2012 22:05
Kennisniveau: (1) Beginner
AV: McAfee

#2

28 jun 2012 22:45

Hierbij ook alvast het OTL-logje

OTL logfile created on: 26-6-2012 19:21:53 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\RAMON\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1,99 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 72,02% Memory free
4,21 Gb Paging File | 3,81 Gb Available in Paging File | 90,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291,02 Gb Total Space | 169,61 Gb Free Space | 58,28% Space Free | Partition Type: NTFS
Drive D: | 7,07 Gb Total Space | 1,45 Gb Free Space | 20,57% Space Free | Partition Type: NTFS
Drive E: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC_VAN_RAMON | User Name: RAMON | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-26 19:18:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\RAMON\Desktop\OTL.com
PRC - [2012-03-21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012-03-20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012-03-20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012-02-28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2012-06-19 23:45:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-06-14 19:25:46 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012-03-20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012-03-20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012-03-20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-01-18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011-01-27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011-01-02 21:18:47 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009-04-30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007-10-31 02:20:21 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-09-26 12:47:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007-09-26 12:47:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Planner voor Automatische LiveUpdate)
SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012-02-22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012-02-22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012-02-22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012-02-22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012-02-22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012-02-22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012-02-22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012-02-22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012-02-22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2009-05-01 01:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009-05-01 01:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009-05-01 01:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009-04-30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007-03-05 23:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005-12-12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005-01-31 11:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv561av.sys -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004-04-27 00:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2004-04-27 00:28:30 | 000,012,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvusbsta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop" onclick="window.open(this.href);return false;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com" onclick="window.open(this.href);return false;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/" onclick="window.open(this.href);return false;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q=" onclick="window.open(this.href);return false;{searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A0B271A9-D8AA-8E74-7392-2164D6A1C03C}: "URL" = http://www.iesearch.com/s/?q=" onclick="window.open(this.href);return false;{searchTerms}
IE - HKLM\..\SearchScopes\{BC975B47-6DFE-43E6-BF5A-D2C890136DC2}: "URL" = http://nl.search.yahoo.com/search?p=" onclick="window.open(this.href);return false;{searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q=" onclick="window.open(this.href);return false;{searchTerms}
IE - HKLM\..\SearchScopes\{EF52213B-12F0-4CFD-9282-C1DE8FEDFD58}: "URL" = http://nl.kelkoopartners.net/ctl/do/sea ... archQuery=" onclick="window.open(this.href);return false;{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl" onclick="window.open(this.href);return false;
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.hyves.nl/browsers/IE8/" onclick="window.open(this.href);return false; [binary data]
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/" onclick="window.open(this.href);return false;
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp" onclick="window.open(this.href);return false;
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 F3 5B 6D FF F8 C9 01 [binary data]
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.startpagina.nl/" onclick="window.open(this.href);return false;
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - No CLSID value found
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Pivot Stickfigure DB Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\InprocServer32 File not found
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q=" onclick="window.open(this.href);return false;{searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/" onclick="window.open(this.href);return false;{searchTerms}?babsrc=SP_ss&affID=101240&mntrId=fc6c362b000000000000001bb9df623c
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{11447FEF-A978-40FB-AAE0-E105E0A4B22D}: "URL" = http://www.fastbrowsersearch.com/result ... ts.aspx?q=" onclick="window.open(this.href);return false;{searchTerms}&c=web&s=DSP&v=18&tid={857C07A3-444C-4439-A0A2-B420B4002F6B}
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEA_nl
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{8B94F312-9F38-4967-B058-A42AC1520437}: "URL" = http://search.yahoo.com/search?fr=mcafee&p=" onclick="window.open(this.href);return false;{SearchTerms}
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browse ... ickfigure/" onclick="window.open(this.href);return false;{A91A6A36-C9C6-46C7-9748-E37D86AA00D0}?q={searchTerms}
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q=" onclick="window.open(this.href);return false;{searchTerms}
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{F7A7EE2C-3B92-47F1-9721-706E46736AE0}: "URL" = http://nl.search.yahoo.com/search?p=" onclick="window.open(this.href);return false;{searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,17273,0,8,0
IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RAMON\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RAMON\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RAMON\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2011-01-02 21:18:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012-02-25 08:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012-06-26 17:49:11 | 000,000,000 | ---D | M]

[2009-08-17 18:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAMON\AppData\Roaming\mozilla\Extensions
[2009-08-17 18:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAMON\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/web/" onclick="window.open(this.href);return false;{searchTerms}?babsrc=SP_ss&affID=101240&mntrId=fc6c362b000000000000001bb9df623c
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Browser Companion Helper = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\
CHR - Extension: Google Zoeken = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found.
O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (TBSB00081 Class) - {32B279E3-5023-4CD8-A295-70C79EDBB294} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625180636.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll File not found
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Hyves Toolbar) - {AB8DC1E0-22BE-4181-B77E-02C495E031F8} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (Hyves Toolbar) - {AB8DC1E0-22BE-4181-B77E-02C495E031F8} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup File not found
O4 - HKLM..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WMBoot] C:\Program Files\Logitech\WingMan Profiler\ChekList.exe -L:E:\WS\NLD\Setup.exe -CD -CL4 -LP:" reboot" File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000..\Run: [ekgeyyy] "c:\users\ramon\appdata\local\ekgeyyy.exe" ekgeyyy File not found
O4 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000..\Run: [eycxkolrskeotxn] C:\ProgramData\eycxkolr.exe ()
O4 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx" onclick="window.open(this.href);return false; File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\RAMON\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\RAMON\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C" onclick="window.open(this.href);return false;:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Translate with &Babylon - res://C" onclick="window.open(this.href);return false;:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm File not found
O9 - Extra Button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab" onclick="window.open(this.href);return false; (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab" onclick="window.open(this.href);return false; (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab" onclick="window.open(this.href);return false; (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab" onclick="window.open(this.href);return false; (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false; (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DA6A4E2-141E-42CD-B831-956198C3693F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\RAMON\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\RAMON\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-10-30 18:19:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-07 03:02:07 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005-09-07 02:25:48 | 000,733,184 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005-09-07 02:56:14 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005-08-27 08:16:57 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{45fad0a9-e8cf-11e0-b882-001bb9df623c}\Shell - "" = AutoRun
O33 - MountPoints2\{45fad0a9-e8cf-11e0-b882-001bb9df623c}\Shell\AutoRun\command - "" = M:\Startme.exe
O33 - MountPoints2\{68f6e475-4991-11e0-aee4-001bb9df623c}\Shell - "" = AutoRun
O33 - MountPoints2\{68f6e475-4991-11e0-aee4-001bb9df623c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \novaka.exe
O33 - MountPoints2\{68f6e4d5-4991-11e0-aee4-001bb9df623c}\Shell - "" = AutoRun
O33 - MountPoints2\{68f6e4d5-4991-11e0-aee4-001bb9df623c}\Shell\AutoRun\command - "" = K:\iStudio.exe
O33 - MountPoints2\{78781e82-7245-11dd-bf81-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{78781e82-7245-11dd-bf81-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005-09-07 02:25:48 | 000,733,184 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-06-26 19:18:27 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\RAMON\Desktop\OTL.com
[2012-06-26 19:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012-06-26 01:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\lbujusuwnfbvdcj
[2012-06-22 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\RAMON\AppData\Roaming\Unity
[2012-06-22 21:26:02 | 000,000,000 | ---D | C] -- C:\Users\RAMON\AppData\Local\Unity
[2012-05-31 19:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[1 C:\Users\RAMON\Documents\*.tmp files -> C:\Users\RAMON\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-06-26 19:18:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\RAMON\Desktop\OTL.com
[2012-06-26 19:05:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-26 19:03:32 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{21347408-B5D9-48AD-B703-3A59352D1537}.job
[2012-06-26 19:00:57 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-26 19:00:55 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-26 19:00:55 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-26 17:57:50 | 000,698,290 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012-06-26 17:57:50 | 000,617,860 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-06-26 17:57:50 | 000,126,832 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012-06-26 17:57:50 | 000,107,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-06-26 17:57:28 | 000,066,048 | ---- | M] () -- C:\Users\RAMON\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-26 17:55:44 | 000,002,635 | ---- | M] () -- C:\Users\RAMON\Desktop\Microsoft Office Word 2003.lnk
[2012-06-26 17:47:17 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-26 08:23:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-26 01:15:13 | 000,000,052 | ---- | M] () -- C:\ProgramData\rryqvwrnzpnepmb
[2012-06-26 01:15:03 | 000,095,232 | ---- | M] () -- C:\ProgramData\xvrlfzjb.exe
[2012-06-26 01:15:03 | 000,095,232 | ---- | M] () -- C:\ProgramData\eycxkolr.exe
[2012-06-26 00:58:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2312588587-4001045258-779525297-1000UA.job
[2012-06-25 17:58:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2312588587-4001045258-779525297-1000Core.job
[2012-06-24 21:54:05 | 000,002,701 | ---- | M] () -- C:\Users\RAMON\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2012-06-24 11:46:13 | 000,111,455 | ---- | M] () -- C:\Users\RAMON\Desktop\roombig.jpg
[2012-06-24 11:32:15 | 000,050,489 | ---- | M] () -- C:\Users\RAMON\Desktop\titanic.jpg
[2012-06-22 08:57:21 | 000,013,895 | -HS- | M] () -- C:\Users\RAMON\Desktop\Folder.jpg
[2012-06-22 08:57:21 | 000,013,895 | -HS- | M] () -- C:\Users\RAMON\Desktop\AlbumArt_{05C7665A-2CE8-4DE6-9843-EF5100686C50}_Large.jpg
[2012-06-22 08:57:15 | 000,003,183 | -HS- | M] () -- C:\Users\RAMON\Desktop\AlbumArtSmall.jpg
[2012-06-22 08:57:15 | 000,003,183 | -HS- | M] () -- C:\Users\RAMON\Desktop\AlbumArt_{05C7665A-2CE8-4DE6-9843-EF5100686C50}_Small.jpg
[2012-06-10 11:48:13 | 000,039,543 | ---- | M] () -- C:\Users\RAMON\Desktop\holland op de zaan.jpg
[2012-06-07 23:00:24 | 000,005,216 | ---- | M] () -- C:\Users\RAMON\AppData\Local\d3d9caps.dat
[2012-06-04 19:12:24 | 000,000,237 | ---- | M] () -- C:\Users\RAMON\Desktop\Google Maps.url
[2012-06-03 14:32:50 | 001,589,718 | ---- | M] () -- C:\Users\RAMON\Desktop\Minecraft_Server.exe
[2012-05-31 19:20:56 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Flight Simulator 98.lnk
[1 C:\Users\RAMON\Documents\*.tmp files -> C:\Users\RAMON\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-06-26 01:15:13 | 000,095,232 | ---- | C] () -- C:\ProgramData\xvrlfzjb.exe
[2012-06-26 01:15:12 | 000,095,232 | ---- | C] () -- C:\ProgramData\eycxkolr.exe
[2012-06-26 01:15:04 | 000,000,052 | ---- | C] () -- C:\ProgramData\rryqvwrnzpnepmb
[2012-06-24 11:46:16 | 000,111,455 | ---- | C] () -- C:\Users\RAMON\Desktop\roombig.jpg
[2012-06-24 11:32:19 | 000,050,489 | ---- | C] () -- C:\Users\RAMON\Desktop\titanic.jpg
[2012-06-22 08:57:34 | 000,013,895 | -HS- | C] () -- C:\Users\RAMON\Desktop\AlbumArt_{05C7665A-2CE8-4DE6-9843-EF5100686C50}_Large.jpg
[2012-06-22 08:57:34 | 000,003,183 | -HS- | C] () -- C:\Users\RAMON\Desktop\AlbumArt_{05C7665A-2CE8-4DE6-9843-EF5100686C50}_Small.jpg
[2012-06-10 11:52:18 | 000,039,543 | ---- | C] () -- C:\Users\RAMON\Desktop\holland op de zaan.jpg
[2012-06-03 14:32:41 | 001,589,718 | ---- | C] () -- C:\Users\RAMON\Desktop\Minecraft_Server.exe
[2012-05-31 19:20:56 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Flight Simulator 98.lnk
[2012-01-26 00:51:40 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011-09-20 18:05:59 | 299,085,824 | ---- | C] () -- C:\Users\RAMON\YouPorn - Hardcore Anal Gaping Lesson.mpeg
[2011-09-20 18:05:45 | 100,171,776 | ---- | C] () -- C:\Users\RAMON\YouPorn - Assfucked Creampie d No Job.mpeg
[2011-09-20 17:57:12 | 048,631,266 | ---- | C] () -- C:\Users\RAMON\YouPorn - ooooo ahhh oh yeah ummm ahhh ooo oh yeah.mp4
[2011-09-20 17:55:39 | 019,298,304 | ---- | C] () -- C:\Users\RAMON\YouPorn - hot blond anal.mpeg
[2011-09-20 17:49:50 | 032,239,616 | ---- | C] () -- C:\Users\RAMON\YouPorn - Exotic girl takes the fucking machine from behind.mpeg
[2011-09-20 17:43:20 | 044,431,360 | ---- | C] () -- C:\Users\RAMON\YouPorn - Young ladies first lesbian experience.mpeg
[2011-09-20 17:41:18 | 034,439,168 | ---- | C] () -- C:\Users\RAMON\YouPorn - Cute young lesbians double headed dildo sex.mpeg
[2011-09-20 00:20:16 | 038,946,816 | ---- | C] () -- C:\Users\RAMON\YouPorn - young skinny babes first anal.mpeg
[2011-09-19 00:10:55 | 052,027,392 | ---- | C] () -- C:\Users\RAMON\YouPorn - Hot Victoria gets her virgin ass fucked.mpeg
[2011-09-19 00:01:30 | 064,010,240 | ---- | C] () -- C:\Users\RAMON\YouPorn - Fucking schoolgirl in her tight ass part4.mpeg
[2011-09-18 23:56:20 | 029,145,088 | ---- | C] () -- C:\Users\RAMON\YouPorn - New porn from Ann and Eric.mpeg
[2011-09-18 23:20:05 | 034,414,592 | ---- | C] () -- C:\Users\RAMON\YouPorn - Asian girl s anal orgasmatron machine fuck.mpeg
[2011-09-18 23:17:15 | 037,545,984 | ---- | C] () -- C:\Users\RAMON\YouPorn - Ass fucked by the machine.mpeg
[2011-09-18 23:13:12 | 048,044,032 | ---- | C] () -- C:\Users\RAMON\YouPorn - Kinky Sasha Grey spreads her legs.mpeg
[2011-09-18 22:49:35 | 052,480,000 | ---- | C] () -- C:\Users\RAMON\YouPorn - Stephanie Cane.mpeg
[2011-09-18 22:43:44 | 063,725,568 | ---- | C] () -- C:\Users\RAMON\YouPorn - Pantyhose ripping foot fetish and anal sex.mpeg
[2011-09-18 22:34:45 | 171,868,160 | ---- | C] () -- C:\Users\RAMON\YouPorn - Linda Chelsea licking and playing.mpeg
[2011-09-15 07:47:47 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011-07-12 17:54:25 | 000,000,129 | ---- | C] () -- C:\Users\RAMON\jagex_runescape_preferences2.dat
[2011-07-12 17:53:29 | 000,000,034 | ---- | C] () -- C:\Users\RAMON\jagex_runescape_preferences.dat
[2011-04-30 18:30:19 | 000,057,344 | ---- | C] () -- C:\Windows\System32\IFORCE2.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-03-11 14:16:18 | 000,000,093 | ---- | C] () -- C:\Users\RAMON\AppData\Local\fusioncache.dat
[2010-03-21 14:40:06 | 000,004,096 | -H-- | C] () -- C:\Users\RAMON\AppData\Local\keyfile3.drm
[2009-10-25 15:37:30 | 000,005,216 | ---- | C] () -- C:\Users\RAMON\AppData\Local\d3d9caps.dat
[2009-02-09 15:35:27 | 000,149,936 | ---- | C] () -- C:\Users\RAMON\afbeeldingen.PSF
[2008-12-21 16:32:30 | 000,000,511 | ---- | C] () -- C:\Users\RAMON\AppData\Local\ekgeyyy_navps.dat
[2008-12-21 16:32:29 | 000,124,141 | ---- | C] () -- C:\Users\RAMON\AppData\Local\ekgeyyy_nav.dat
[2008-12-21 16:32:29 | 000,004,024 | ---- | C] () -- C:\Users\RAMON\AppData\Local\ekgeyyy.dat
[2008-09-24 23:31:39 | 000,000,012 | ---- | C] () -- C:\Users\RAMON\intlname.ols
[2008-09-22 17:24:00 | 000,007,951 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008-06-01 15:24:55 | 000,000,000 | ---- | C] () -- C:\Users\RAMON\AppData\Local\rx_image.Cache
[2008-01-20 23:42:40 | 000,066,048 | ---- | C] () -- C:\Users\RAMON\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012-06-03 14:41:34 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\.minecraft
[2008-08-12 11:11:33 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\ACD Systems
[2009-08-26 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Ace
[2008-11-20 20:17:52 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Babylon
[2012-03-30 10:51:19 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Belastingdienst
[2010-02-27 11:30:37 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Disney Interactive Studios
[2011-07-26 14:44:36 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\DVDVideoSoft
[2011-04-03 18:51:48 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\DVDVideoSoftIEHelpers
[2010-02-13 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Eurotalk
[2011-04-11 21:48:56 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\FrostWire
[2011-02-26 12:01:00 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\HandBrake
[2008-12-02 23:04:33 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\HiYo
[2010-02-15 16:53:47 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Leadertech
[2008-01-23 18:45:10 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\LimeWirePlus
[2009-07-06 06:51:01 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\PlayFirst
[2011-09-27 20:59:18 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Sony
[2012-03-14 14:30:31 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Sports Interactive
[2011-03-02 08:40:53 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\TeamViewer
[2012-06-22 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Unity
[2008-04-04 23:15:01 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\WinBatch
[2008-01-25 02:43:14 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
[2012-06-26 08:49:17 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012-06-26 19:03:32 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{21347408-B5D9-48AD-B703-3A59352D1537}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto'slimo paars.eml:OECustomProperty
@Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto'slimo paars 2.eml:OECustomProperty
@Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto's limo paars 3.eml:OECustomProperty
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: 03 dec 2010 18:00

#3

28 jun 2012 23:16

Start OTL
  • Plak het volgende onder Custom Scans/Fixes
    :OTL
    SRV - [2011-01-02 21:18:47 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com" onclick="window.open(this.href);return false;
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.iesearch.com/" onclick="window.open(this.href);return false;
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =
    IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{A0B271A9-D8AA-8E74-7392-2164D6A1C03C}: "URL" = http://www.iesearch.com/s/?q=" onclick="window.open(this.href);return false;{searchTerms}
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q=" onclick="window.open(this.href);return false;{searchTerms}
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - No CLSID value found
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Pivot Stickfigure DB Toolbar\tbhelper.dll ()
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\InprocServer32 File not found
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/" onclick="window.open(this.href);return false;{searchTerms}?babsrc=SP_ss&affID=101240&mntrId=fc6c362b000000000000001bb9df623c
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{11447FEF-A978-40FB-AAE0-E105E0A4B22D}: "URL" = http://www.fastbrowsersearch.com/result" onclick="window.open(this.href);return false; ... ts.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={857C07A3-444C-4439-A0A2-B420B4002F6B}
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browse" onclick="window.open(this.href);return false; ... ickfigure/{A91A6A36-C9C6-46C7-9748-E37D86AA00D0}?q={searchTerms}
    IE - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q=" onclick="window.open(this.href);return false;{searchTerms}
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2011-01-02 21:18:47 | 000,000,000 | ---D | M]
    CHR - default_search_provider: Search the web (Babylon) (Enabled)
    CHR - default_search_provider: search_url = http://search.babylon.com/web/" onclick="window.open(this.href);return false;{searchTerms}?babsrc=SP_ss&affID=101240&mntrId=fc6c362b000000000000001bb9df623c
    CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
    CHR - Extension: Browser Companion Helper = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\
    O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - No CLSID value found.
    O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
    O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
    O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll File not found
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
    O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
    O4 - HKLM..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
    O4 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000..\Run: [ekgeyyy] "c:\users\ramon\appdata\local\ekgeyyy.exe" ekgeyyy File not found
    O4 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000..\Run: [eycxkolrskeotxn] C:\ProgramData\eycxkolr.exe ()
    O4 - HKU\S-1-5-21-2312588587-4001045258-779525297-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O8 - Extra context menu item: Translate with &Babylon - res://C" onclick="window.open(this.href);return false;:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm File not found
    O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
    O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
    O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
    [2012-06-26 01:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\lbujusuwnfbvdcj
    1 C:\Users\RAMON\Documents\*.tmp files -> C:\Users\RAMON\Documents\*.tmp -> ]
    [2012-06-26 01:15:13 | 000,000,052 | ---- | M] () -- C:\ProgramData\rryqvwrnzpnepmb
    [2012-06-26 01:15:03 | 000,095,232 | ---- | M] () -- C:\ProgramData\xvrlfzjb.exe
    [2012-06-26 01:15:03 | 000,095,232 | ---- | M] () -- C:\ProgramData\eycxkolr.exe
    [2008-11-20 20:17:52 | 000,000,000 | ---D | M] -- C:\Users\RAMON\AppData\Roaming\Babylon
    @Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto'slimo paars.eml:OECustomProperty
    @Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto'slimo paars 2.eml:OECustomProperty
    @Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto's limo paars 3.eml:OECustomProperty
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2


    :Services

    :Reg

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Klik daarna bovenaan op de knop Run Fix
  • Laat het programma ongestoord zijn werk doen. De pc zal na afloop opnieuw opgestart worden.
Gebruikersavatar
Countrygirl
PC Web Plus - Member
PC Web Plus - Member
Berichten: 14
Lid geworden op: 28 jun 2012 22:05
Kennisniveau: (1) Beginner
AV: McAfee

#4

29 jun 2012 00:38

Het is gelukt!!!
Ben onwijs blij.
Heb er 3 dagen stress van gehad.
Heel erg bedankt :goed:
Echt top.

Is het nog nodig dat ik het log-bestandje plaats van wat OTL gedaan heeft?

Voor de zekerheid ga ik nog een keer een scan doen met de Emergency Kit.

Groetjes Iris
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: 03 dec 2010 18:00

#5

29 jun 2012 06:21

Die scan mag je best doen, verwijder eerst eens deze map:
C:\_OTL <-- rechtsklikken en voor "Verwijderen" kiezen.

Deze staat dus op je C:-schijf ;)

Maak daarna even je prullenbak leeg.

Post ook even een nieuw logje van OTL ter Controle :)
Gebruikersavatar
Countrygirl
PC Web Plus - Member
PC Web Plus - Member
Berichten: 14
Lid geworden op: 28 jun 2012 22:05
Kennisniveau: (1) Beginner
AV: McAfee

#6

29 jun 2012 08:59

Ik heb het mapje OTL verwijderd en de prullenbak geleegd.
Ik ben nu nog Run Scan met OTL aan het doen. Dat is de bedoeling toch?
Alleen onder Custom Scan/Fixes heb ik niets staan. Of moet ik daar eerst iets in zetten?
Gebruikersavatar
Countrygirl
PC Web Plus - Member
PC Web Plus - Member
Berichten: 14
Lid geworden op: 28 jun 2012 22:05
Kennisniveau: (1) Beginner
AV: McAfee

#7

29 jun 2012 09:06

De scan is inmiddels gedaan, hierbij het logje:
Is dit wat je bedoelde? :)

OTL logfile created on: 29-6-2012 8:35:42 - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\RAMON\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,42% Memory free
4,21 Gb Paging File | 2,74 Gb Available in Paging File | 65,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291,02 Gb Total Space | 174,94 Gb Free Space | 60,11% Space Free | Partition Type: NTFS
Drive D: | 7,07 Gb Total Space | 1,45 Gb Free Space | 20,57% Space Free | Partition Type: NTFS
Drive E: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC_VAN_RAMON | User Name: RAMON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-26 19:18:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\RAMON\Desktop\OTL.com
PRC - [2012-06-19 23:45:24 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012-06-14 19:25:45 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012-04-19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2012-04-12 10:56:46 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012-04-11 15:47:44 | 000,072,192 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012-03-21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012-03-20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012-03-20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012-03-20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012-03-14 13:46:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe
PRC - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012-02-18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2011-01-27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009-05-08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009-05-08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009-04-30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-10-23 19:27:10 | 000,300,336 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\HiYo.exe
PRC - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008-01-15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-10-30 20:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007-09-26 12:47:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007-04-18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007-02-15 13:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006-11-02 11:45:53 | 001,137,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2006-11-02 11:45:39 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2006-11-02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe


========== Modules (No Company Name) ==========

MOD - [2012-06-19 23:45:22 | 020,313,384 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012-06-19 23:45:20 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012-06-19 23:45:20 | 000,895,312 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012-06-19 23:45:20 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012-06-19 23:45:20 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012-04-11 15:47:44 | 000,072,192 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012-04-03 12:30:52 | 000,047,616 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011-11-23 18:38:58 | 000,205,824 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2009-08-16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009-05-08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009-05-08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2008-10-23 19:27:16 | 000,107,832 | ---- | M] () -- C:\Program Files\HiYo\Bin\HiYoUtils.dll
MOD - [2008-10-23 19:27:16 | 000,031,544 | ---- | M] () -- C:\Program Files\HiYo\Bin\IMHttpComm.dll
MOD - [2008-10-23 19:27:06 | 000,222,544 | ---- | M] () -- C:\Program Files\HiYo\Bin\AppServerCommunication.dll
MOD - [2007-10-30 20:52:34 | 000,016,200 | ---- | M] () -- C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MOD - [2007-08-24 20:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - [2012-06-19 23:45:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-06-14 19:25:46 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012-03-20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012-03-20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012-03-20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012-02-28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012-01-18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011-01-27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011-01-27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2009-04-30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008-01-29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007-10-31 02:20:21 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-09-26 12:47:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007-09-26 12:47:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Planner voor Automatische LiveUpdate)
SRV - [2007-06-05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Running] -- C:\Users\RAMON\AppData\Local\Temp\Rar$EX01.461\Run\a2ddax86.sys -- (A2DDA)
DRV - [2012-02-22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012-02-22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012-02-22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012-02-22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012-02-22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012-02-22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012-02-22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012-02-22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012-02-22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2009-05-01 01:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009-05-01 01:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009-05-01 01:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009-04-30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007-03-05 23:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005-12-12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005-01-31 11:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv561av.sys -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004-04-27 00:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2004-04-27 00:28:30 | 000,012,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvusbsta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop" onclick="window.open(this.href);return false;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/" onclick="window.open(this.href);return false;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q=" onclick="window.open(this.href);return false;{searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BC975B47-6DFE-43E6-BF5A-D2C890136DC2}: "URL" = http://nl.search.yahoo.com/search?p=" onclick="window.open(this.href);return false;{searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie7chrome
IE - HKLM\..\SearchScopes\{EF52213B-12F0-4CFD-9282-C1DE8FEDFD58}: "URL" = http://nl.kelkoopartners.net/ctl/do/sea ... archQuery=" onclick="window.open(this.href);return false;{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hyves.nl" onclick="window.open(this.href);return false;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.hyves.nl/browsers/IE8/" onclick="window.open(this.href);return false; [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/" onclick="window.open(this.href);return false;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp" onclick="window.open(this.href);return false;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 F3 5B 6D FF F8 C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.startpagina.nl/" onclick="window.open(this.href);return false;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Pivot Stickfigure DB Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q=" onclick="window.open(this.href);return false;{searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEA_nl
IE - HKCU\..\SearchScopes\{8B94F312-9F38-4967-B058-A42AC1520437}: "URL" = http://search.yahoo.com/search?fr=mcafee&p=" onclick="window.open(this.href);return false;{SearchTerms}
IE - HKCU\..\SearchScopes\{F7A7EE2C-3B92-47F1-9721-706E46736AE0}: "URL" = http://nl.search.yahoo.com/search?p=" onclick="window.open(this.href);return false;{searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110416,17273,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RAMON\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RAMON\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RAMON\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012-02-25 08:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012-06-29 00:17:38 | 000,000,000 | ---D | M]

[2009-08-17 18:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAMON\AppData\Roaming\mozilla\Extensions
[2009-08-17 18:25:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAMON\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/web/" onclick="window.open(this.href);return false;{searchTerms}?babsrc=SP_ss&affID=101240&mntrId=fc6c362b000000000000001bb9df623c
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Users\RAMON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-06-28 23:54:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB00081 Class) - {32B279E3-5023-4CD8-A295-70C79EDBB294} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625180636.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Hyves Toolbar) - {AB8DC1E0-22BE-4181-B77E-02C495E031F8} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Hyves Toolbar) - {AB8DC1E0-22BE-4181-B77E-02C495E031F8} - C:\Program Files\HyvesToolbar\Hyves Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup File not found
O4 - HKLM..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WMBoot] C:\Program Files\Logitech\WingMan Profiler\ChekList.exe -L:E:\WS\NLD\Setup.exe -CD -CL4 -LP:" reboot" File not found
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx" onclick="window.open(this.href);return false; File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\RAMON\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\RAMON\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C" onclick="window.open(this.href);return false;:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: HP Clipboek - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Slim selecteren - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab" onclick="window.open(this.href);return false; (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab" onclick="window.open(this.href);return false; (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab" onclick="window.open(this.href);return false; (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab" onclick="window.open(this.href);return false; (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false; (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DA6A4E2-141E-42CD-B831-956198C3693F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\RAMON\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\RAMON\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-10-30 18:19:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-07 03:02:07 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2005-09-07 02:25:48 | 000,733,184 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2005-09-07 02:56:14 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2005-08-27 08:16:57 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{45fad0a9-e8cf-11e0-b882-001bb9df623c}\Shell - "" = AutoRun
O33 - MountPoints2\{45fad0a9-e8cf-11e0-b882-001bb9df623c}\Shell\AutoRun\command - "" = M:\Startme.exe
O33 - MountPoints2\{68f6e475-4991-11e0-aee4-001bb9df623c}\Shell - "" = AutoRun
O33 - MountPoints2\{68f6e475-4991-11e0-aee4-001bb9df623c}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \novaka.exe
O33 - MountPoints2\{68f6e4d5-4991-11e0-aee4-001bb9df623c}\Shell - "" = AutoRun
O33 - MountPoints2\{68f6e4d5-4991-11e0-aee4-001bb9df623c}\Shell\AutoRun\command - "" = K:\iStudio.exe
O33 - MountPoints2\{78781e82-7245-11dd-bf81-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{78781e82-7245-11dd-bf81-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005-09-07 02:25:48 | 000,733,184 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-06-29 04:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012-06-28 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\RAMON\AppData\Roaming\Malwarebytes
[2012-06-28 19:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-06-28 19:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-06-28 19:33:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-06-28 19:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-06-28 19:32:40 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\RAMON\Desktop\mbam-setup-1.61.0.1400.exe
[2012-06-26 19:18:27 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\RAMON\Desktop\OTL.com
[2012-06-26 17:55:32 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2012-06-22 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\RAMON\AppData\Roaming\Unity
[2012-06-22 21:26:02 | 000,000,000 | ---D | C] -- C:\Users\RAMON\AppData\Local\Unity
[2012-05-31 19:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[1 C:\Users\RAMON\Documents\*.tmp files -> C:\Users\RAMON\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-06-29 08:58:02 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2312588587-4001045258-779525297-1000UA.job
[2012-06-29 08:47:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-29 08:23:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-29 08:13:29 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-29 08:13:29 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-29 08:03:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-29 00:29:31 | 002,016,891 | ---- | M] () -- C:\Users\RAMON\Documents\foto's limo paars 3.eml
[2012-06-29 00:29:29 | 002,016,891 | ---- | M] () -- C:\Users\RAMON\Documents\foto'slimo paars 2.eml
[2012-06-29 00:29:27 | 002,016,891 | ---- | M] () -- C:\Users\RAMON\Documents\foto'slimo paars.eml
[2012-06-29 00:17:57 | 000,699,038 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012-06-29 00:17:56 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-06-29 00:17:56 | 000,127,210 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012-06-29 00:17:56 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-06-29 00:14:32 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{21347408-B5D9-48AD-B703-3A59352D1537}.job
[2012-06-29 00:12:13 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-29 00:11:54 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys
[2012-06-28 23:54:03 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012-06-28 21:49:22 | 000,069,120 | ---- | M] () -- C:\Users\RAMON\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-28 21:47:44 | 000,005,892 | ---- | M] () -- C:\Users\RAMON\AppData\Local\d3d9caps.dat
[2012-06-28 19:33:21 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-28 19:32:40 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\RAMON\Desktop\mbam-setup-1.61.0.1400.exe
[2012-06-27 07:22:49 | 000,399,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-06-26 19:35:45 | 141,062,594 | ---- | M] () -- C:\Users\RAMON\Desktop\EmsisoftEmergencyKit.zip
[2012-06-26 19:18:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\RAMON\Desktop\OTL.com
[2012-06-26 17:55:44 | 000,002,635 | ---- | M] () -- C:\Users\RAMON\Desktop\Microsoft Office Word 2003.lnk
[2012-06-25 17:58:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2312588587-4001045258-779525297-1000Core.job
[2012-06-24 21:54:05 | 000,002,701 | ---- | M] () -- C:\Users\RAMON\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2003.lnk
[2012-06-24 11:46:13 | 000,111,455 | ---- | M] () -- C:\Users\RAMON\Desktop\roombig.jpg
[2012-06-24 11:32:15 | 000,050,489 | ---- | M] () -- C:\Users\RAMON\Desktop\titanic.jpg
[2012-06-22 08:57:21 | 000,013,895 | -HS- | M] () -- C:\Users\RAMON\Desktop\Folder.jpg
[2012-06-22 08:57:21 | 000,013,895 | -HS- | M] () -- C:\Users\RAMON\Desktop\AlbumArt_{05C7665A-2CE8-4DE6-9843-EF5100686C50}_Large.jpg
[2012-06-22 08:57:15 | 000,003,183 | -HS- | M] () -- C:\Users\RAMON\Desktop\AlbumArtSmall.jpg
[2012-06-22 08:57:15 | 000,003,183 | -HS- | M] () -- C:\Users\RAMON\Desktop\AlbumArt_{05C7665A-2CE8-4DE6-9843-EF5100686C50}_Small.jpg
[2012-06-14 19:25:45 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-06-14 19:25:45 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-06-10 11:48:13 | 000,039,543 | ---- | M] () -- C:\Users\RAMON\Desktop\holland op de zaan.jpg
[2012-06-04 19:12:24 | 000,000,237 | ---- | M] () -- C:\Users\RAMON\Desktop\Google Maps.url
[2012-06-03 14:32:50 | 001,589,718 | ---- | M] () -- C:\Users\RAMON\Desktop\Minecraft_Server.exe
[2012-05-31 19:20:56 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Flight Simulator 98.lnk
[1 C:\Users\RAMON\Documents\*.tmp files -> C:\Users\RAMON\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-06-29 00:11:54 | 2138,431,488 | -HS- | C] () -- C:\hiberfil.sys
[2012-06-28 19:33:21 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-06-26 19:35:36 | 141,062,594 | ---- | C] () -- C:\Users\RAMON\Desktop\EmsisoftEmergencyKit.zip
[2012-06-24 11:46:16 | 000,111,455 | ---- | C] () -- C:\Users\RAMON\Desktop\roombig.jpg
[2012-06-24 11:32:19 | 000,050,489 | ---- | C] () -- C:\Users\RAMON\Desktop\titanic.jpg
[2012-06-22 08:57:34 | 000,013,895 | -HS- | C] () -- C:\Users\RAMON\Desktop\AlbumArt_{05C7665A-2CE8-4DE6-9843-EF5100686C50}_Large.jpg
[2012-06-22 08:57:34 | 000,003,183 | -HS- | C] () -- C:\Users\RAMON\Desktop\AlbumArt_{05C7665A-2CE8-4DE6-9843-EF5100686C50}_Small.jpg
[2012-06-10 11:52:18 | 000,039,543 | ---- | C] () -- C:\Users\RAMON\Desktop\holland op de zaan.jpg
[2012-06-03 14:32:41 | 001,589,718 | ---- | C] () -- C:\Users\RAMON\Desktop\Minecraft_Server.exe
[2012-05-31 19:20:56 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Flight Simulator 98.lnk
[2012-01-26 00:51:40 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011-09-15 07:47:47 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011-04-30 18:30:19 | 000,057,344 | ---- | C] () -- C:\Windows\System32\IFORCE2.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-03-11 14:16:18 | 000,000,093 | ---- | C] () -- C:\Users\RAMON\AppData\Local\fusioncache.dat
[2010-03-21 14:40:06 | 000,004,096 | -H-- | C] () -- C:\Users\RAMON\AppData\Local\keyfile3.drm
[2009-10-25 15:37:30 | 000,005,892 | ---- | C] () -- C:\Users\RAMON\AppData\Local\d3d9caps.dat
[2009-02-09 15:35:27 | 000,149,936 | ---- | C] () -- C:\Users\RAMON\afbeeldingen.PSF
[2008-12-21 16:32:30 | 000,000,511 | ---- | C] () -- C:\Users\RAMON\AppData\Local\ekgeyyy_navps.dat
[2008-12-21 16:32:29 | 000,124,141 | ---- | C] () -- C:\Users\RAMON\AppData\Local\ekgeyyy_nav.dat
[2008-12-21 16:32:29 | 000,004,024 | ---- | C] () -- C:\Users\RAMON\AppData\Local\ekgeyyy.dat
[2008-09-22 17:24:00 | 000,007,951 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008-06-01 15:24:55 | 000,000,000 | ---- | C] () -- C:\Users\RAMON\AppData\Local\rx_image.Cache
[2008-01-20 23:42:40 | 000,069,120 | ---- | C] () -- C:\Users\RAMON\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto'slimo paars.eml:OECustomProperty
@Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto'slimo paars 2.eml:OECustomProperty
@Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto's limo paars 3.eml:OECustomProperty

< End of report >
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: 03 dec 2010 18:00

#8

29 jun 2012 09:11

Deze log bedoelde ik ja ;)

Had je die EmsiSoft Emergency Kit scan ook al gedaan?
Zo nee doe die eerst dan maar en post het resultaat.

Ik reageer toch niet eerder dan aan het eind van de middag/begin van de avond want ik sta op het punt om van huis te gaan :)
Gebruikersavatar
Countrygirl
PC Web Plus - Member
PC Web Plus - Member
Berichten: 14
Lid geworden op: 28 jun 2012 22:05
Kennisniveau: (1) Beginner
AV: McAfee

#9

29 jun 2012 09:32

Ik had vannacht deze scan al gedaan en er kwamen nog 3 infecties uit.
Zie hieronder het logje.

Vind het fantastisch dat jullie op het forum zo veel problemen oplossen!

Ben echt superblij :smiley_notnormal:


Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 29-6-2012 0:32:11

Scaninstellingen:

Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
Scan archieven: Aan
ADS Scan: Aan

Scan gestart: 29-6-2012 0:40:18

C:\_OTL\MovedFiles\06282012_235246\C_ProgramData\xvrlfzjb.exe Ontdekt: Trojan.Win32.Weelsof!E2
C:\_OTL\MovedFiles\06282012_235246\C_ProgramData\eycxkolr.exe Ontdekt: Trojan.Win32.Weelsof!E2
C:\Users\RAMON\AppData\Local\Temp\f1c191fe-cca1-4047-a194-c373cf48ab3f1238493001457805923.exe Ontdekt: Trojan.Win32.Weelsof!E2

Gescand 697690
Gevonden 3

Scan geëindigd: 29-6-2012 4:40:45
Scantijd: 4:00:27

C:\_OTL\MovedFiles\06282012_235246\C_ProgramData\xvrlfzjb.exe Verwijderd Trojan.Win32.Weelsof!E2
C:\_OTL\MovedFiles\06282012_235246\C_ProgramData\eycxkolr.exe Verwijderd Trojan.Win32.Weelsof!E2
C:\Users\RAMON\AppData\Local\Temp\f1c191fe-cca1-4047-a194-c373cf48ab3f1238493001457805923.exe Verwijderd Trojan.Win32.Weelsof!E2

Verwijderd 3
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: 03 dec 2010 18:00

#10

29 jun 2012 16:56

Start OTL
  • Plak het volgende onder Custom Scans/Fixes
    :OTL
    DRV - File not found [Kernel | System | Running] -- C:\Users\RAMON\AppData\Local\Temp\Rar$EX01.461\Run\a2ddax86.sys -- (A2DDA)
    IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Pivot Stickfigure DB Toolbar\tbhelper.dll ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    CHR - default_search_provider: Search the web (Babylon) (Enabled)
    CHR - default_search_provider: search_url = http://search.babylon.com/web/" onclick="window.open(this.href);return false;{searchTerms}?babsrc=SP_ss&affID=101240&mntrId=fc6c362b000000000000001bb9df623c
    CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
    [1 C:\Users\RAMON\Documents\*.tmp files -> C:\Users\RAMON\Documents\*.tmp -> ]
    @Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto'slimo paars.eml:OECustomProperty
    @Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto'slimo paars 2.eml:OECustomProperty
    @Alternate Data Stream - 649 bytes -> C:\Users\RAMON\Documents\foto's limo paars 3.eml:OECustomProperty

    :Services

    :Reg

    :Files
    C:\Program Files\MyWebSearch
    C:\Program Files\myBabylon_English
    C:\Program Files\Pivot Stickfigure DB Toolbar
    C:\Program Files\SweetIM
    C:\Program Files\BrowserCompanion
    C:\Program Files\BabylonToolbar
    C:\Program Files\Ask.com
    C:\Program Files\Freeze.com
    C:\Program Files\Fast Browser
    C:\Program Files\Babylon
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Klik daarna bovenaan op de knop Run Fix
  • Laat het programma ongestoord zijn werk doen. De pc zal na afloop opnieuw opgestart worden.
Post het resultatenlogje dat je na de herstart krijgt maar even ter controle :)
Gebruikersavatar
Countrygirl
PC Web Plus - Member
PC Web Plus - Member
Berichten: 14
Lid geworden op: 28 jun 2012 22:05
Kennisniveau: (1) Beginner
AV: McAfee

#11

29 jun 2012 18:54

Hierbij het OTL logje.
Ik heb meteen ook C:\_OTL verwijderd en ook uit de prullenbak.
Ziet het er goed uit?


All processes killed
========== OTL ==========
Service A2DDA stopped successfully!
Service A2DDA deleted successfully!
File C:\Users\RAMON\AppData\Local\Temp\Rar$EX01.461\Run\a2ddax86.sys not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ deleted successfully.
C:\Program Files\Pivot Stickfigure DB Toolbar\tbhelper.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
File C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll not found.
C:\Users\RAMON\Documents\~WRL2823.tmp deleted successfully.
ADS C:\Users\RAMON\Documents\foto'slimo paars.eml:OECustomProperty deleted successfully.
ADS C:\Users\RAMON\Documents\foto'slimo paars 2.eml:OECustomProperty deleted successfully.
ADS C:\Users\RAMON\Documents\foto's limo paars 3.eml:OECustomProperty deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\MyWebSearch not found.
C:\Program Files\myBabylon_English folder moved successfully.
C:\Program Files\Pivot Stickfigure DB Toolbar folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\SweetIM\Toolbars folder moved successfully.
C:\Program Files\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files\SweetIM\Messenger folder moved successfully.
C:\Program Files\SweetIM folder moved successfully.
C:\Program Files\BrowserCompanion folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files\BabylonToolbar folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
File\Folder C:\Program Files\Freeze.com not found.
File\Folder C:\Program Files\Fast Browser not found.
C:\Program Files\Babylon\Babylon-Pro folder moved successfully.
C:\Program Files\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Users\RAMON\Desktop\opruimen\iris\cmd.bat deleted successfully.
C:\Users\RAMON\Desktop\opruimen\iris\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: 03 dec 2010 18:00

#12

29 jun 2012 19:02

Het ziet er goed uit :)

Doe dit eens om verder op te schonen:

Download AdwCleaner by Xplode naar je Bureaublad.
  • Sluit alle openstaande vensters
  • Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Klik vervolgens op Delete
  • Klik bij AdwCleaner – Information op OK
  • Klik bij AdwCleaner – Restart Required op OK
Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt ) post de inhoud hier op het Forum.
Gebruikersavatar
Countrygirl
PC Web Plus - Member
PC Web Plus - Member
Berichten: 14
Lid geworden op: 28 jun 2012 22:05
Kennisniveau: (1) Beginner
AV: McAfee

#13

29 jun 2012 19:03

Komen de icoontjes na afloop wel weer terug?
Gebruikersavatar
smeenk
Security Helper
Security Helper
Berichten: 3977
Lid geworden op: 03 dec 2010 18:00

#14

29 jun 2012 19:05

Ja die komen terug, dat is een tijdelijk iets dat nodig is om de tool effectiever te laten werken :)
Gebruikersavatar
Countrygirl
PC Web Plus - Member
PC Web Plus - Member
Berichten: 14
Lid geworden op: 28 jun 2012 22:05
Kennisniveau: (1) Beginner
AV: McAfee

#15

29 jun 2012 19:06

Ik ga het proberen! :)
Gesloten

Terug naar “Opgeloste problemen / logs”