Mededeling

Collapse
No announcement yet.

Delta-homes en meer

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Delta-homes en meer

    goedemiddag,

    Een tijdje terug heb ik een laptop gekregen van een kennis. Ze gaf aan dat de laptop traag is en er een hoop narigheid op zit. Ze vroeg mij om er naar te kijken. Ze heeft er alleen maar een gratis versie van AVG op en verder niets, ik heb haar al vaker geadviseerd een goede anti-virus te kopen.

    Ik heb inmiddels een hoop schoon gemaakt op de laptop (o.a. Yontoo verwijderd) maar er zit ook nog het een en ander in.
    Onder andere de browser hijacker Delta-homes, welke ik niet krijg verwijderd. Ik heb het idee dat er nog wel wat meer narigheid in zit maar de diverse anti-malware scanners en anti-virus scanners geven dat niet aan.

    Ik hoop dat jullie mij verder kunnen helpen.

    Ik heb jullie stappenplan gevolgd. Hier zijn de logjes:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.08.12.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    kim :: PC_VAN_KIM [administrator]

    13-8-2013 10:50:26
    mbam-log-2013-08-13 (10-50-26).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 232813
    Verstreken tijd: 12 minuut/minuten, 31 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    ----------------------------------------

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 10.25.2
    Run by kim at 11:15:00 on 2013-08-13
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.1976.567 [GMT 2:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\PLFSetI.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Windows\PixArt\Pac207\Monitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\kim\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uSearch Bar = hxxp://www.google.com
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    mSearch Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
    mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
    mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Skytel] Skytel.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{CD54D1C7-7B66-4288-B527-91A00FF911FC} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{EF2A9FCC-3244-44C7-89B6-BD11F31A5BD0} : DHCPNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-16 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
    R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-14 24576]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-28 210432]
    S2 avgfws;AVG Firewall;c:\program files\avg\avg2013\avgfws.exe [2012-10-2 1314720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-14 81296]
    S3 netr73;Sitecom RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-8-10 256000]
    S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
    .
    =============== Created Last 30 ================
    .
    2013-08-13 08:24:36 -------- d-----w- c:\users\kim\appdata\roaming\SUPERAntiSpyware.com
    2013-08-13 08:24:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-08-13 08:24:18 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-08-12 17:23:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-08-12 17:22:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-08-12 16:30:08 -------- d-----w- c:\program files\VS Revo Group
    2013-08-12 14:09:19 -------- d-----w- c:\users\kim\Option
    2013-08-11 19:15:49 -------- d-----w- c:\programdata\HitmanPro
    2013-08-11 19:08:22 -------- d-----w- c:\program files\trend micro
    2013-08-11 13:49:20 -------- d-----w- c:\users\kim\appdata\roaming\Malwarebytes
    2013-08-11 13:49:00 -------- d-----w- c:\programdata\Malwarebytes
    2013-08-11 13:48:59 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-08-11 13:48:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-08-11 12:11:14 -------- d-----w- c:\program files\Defraggler
    2013-08-11 11:36:40 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2013-08-11 11:36:39 683008 ----a-w- c:\windows\system32\d2d1.dll
    2013-08-11 11:36:39 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2013-08-11 11:36:38 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2013-08-11 11:36:37 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-08-11 11:36:36 798208 ----a-w- c:\windows\system32\FntCache.dll
    2013-08-11 11:36:36 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-08-11 11:36:36 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2013-08-11 11:36:36 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-08-11 11:36:36 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2013-08-11 11:06:39 -------- d-----w- c:\program files\Windows Portable Devices
    2013-08-11 10:21:14 -------- d-----w- c:\windows\nl
    2013-08-11 10:16:05 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2013-08-11 10:16:05 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2013-08-11 10:16:04 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2013-08-11 09:47:02 469256 ----a-w- c:\program files\common files\windows live\.cache\b95928041ce96772b\InstallManager_WLE_WLE.exe
    2013-08-11 09:46:11 15712 ----a-w- c:\program files\common files\windows live\.cache\9ccd43b41ce96771f\MeshBetaRemover.exe
    2013-08-11 09:45:26 94040 ----a-w- c:\program files\common files\windows live\.cache\815f04641ce967718\DSETUP.dll
    2013-08-11 09:45:26 525656 ----a-w- c:\program files\common files\windows live\.cache\815f04641ce967718\DXSETUP.exe
    2013-08-11 09:45:26 1691480 ----a-w- c:\program files\common files\windows live\.cache\815f04641ce967718\dsetup32.dll
    2013-08-11 09:45:20 94040 ----a-w- c:\program files\common files\windows live\.cache\7d4083441ce967717\DSETUP.dll
    2013-08-11 09:45:20 525656 ----a-w- c:\program files\common files\windows live\.cache\7d4083441ce967717\DXSETUP.exe
    2013-08-11 09:45:20 1691480 ----a-w- c:\program files\common files\windows live\.cache\7d4083441ce967717\dsetup32.dll
    2013-08-11 09:43:01 -------- d-----w- c:\users\kim\appdata\local\Windows Live
    2013-08-11 09:40:57 754688 ----a-w- c:\windows\system32\webservices.dll
    2013-08-11 09:32:21 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2013-08-11 09:32:20 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2013-08-11 09:32:20 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2013-08-11 09:16:19 5120 ----a-w- c:\windows\system32\wmi.dll
    2013-08-11 09:16:19 157696 ----a-w- c:\windows\system32\imagehlp.dll
    2013-08-11 09:16:19 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2013-08-11 08:56:01 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2013-08-11 08:56:00 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2013-08-11 08:54:17 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-08-11 08:54:16 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2013-08-11 08:54:16 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2013-08-11 08:54:13 519680 ----a-w- c:\windows\system32\d3d11.dll
    2013-08-11 08:54:10 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2013-08-11 08:54:09 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2013-08-11 08:54:09 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2013-08-11 08:15:45 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-08-11 08:15:38 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2013-08-11 08:15:38 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2013-08-11 08:15:37 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2013-08-11 08:15:37 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-08-11 08:15:37 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2013-08-11 08:15:37 16896 ----a-w- c:\windows\system32\winusb.dll
    2013-08-11 08:15:36 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-08-11 08:15:35 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2013-08-11 08:15:35 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2013-08-11 08:15:35 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2013-08-11 08:01:48 34304 ----a-w- c:\windows\system32\atmlib.dll
    2013-08-11 08:01:48 293376 ----a-w- c:\windows\system32\atmfd.dll
    2013-08-11 08:00:35 623616 ----a-w- c:\windows\system32\localspl.dll
    2013-08-11 08:00:10 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-08-11 07:59:46 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2013-08-11 07:58:50 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-08-11 07:58:50 37376 ----a-w- c:\windows\system32\cdd.dll
    2013-08-11 07:58:29 985600 ----a-w- c:\windows\system32\crypt32.dll
    2013-08-11 07:58:29 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2013-08-11 07:58:29 812544 ----a-w- c:\windows\system32\certutil.exe
    2013-08-11 07:58:29 41984 ----a-w- c:\windows\system32\certenc.dll
    2013-08-11 07:58:29 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-08-11 07:58:00 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-08-11 07:56:56 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2013-08-11 07:55:44 376320 ----a-w- c:\windows\system32\winsrv.dll
    2013-08-11 07:52:28 231424 ----a-w- c:\windows\system32\msshsq.dll
    2013-08-11 07:39:31 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2013-08-11 07:17:29 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2013-08-11 07:16:53 88576 ----a-w- c:\windows\system32\wudriver.dll
    2013-08-11 07:16:46 33792 ----a-w- c:\windows\system32\wuapp.exe
    2013-08-11 07:16:46 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2013-08-11 07:02:47 -------- d-----w- c:\windows\system32\MRT
    2013-08-11 07:01:14 675152 ----a-w- c:\windows\system32\gpprefcl.dll
    2013-08-11 06:41:13 -------- d-----w- c:\windows\system32\eu-ES
    2013-08-11 06:41:13 -------- d-----w- c:\windows\system32\ca-ES
    2013-08-11 06:41:12 -------- d-----w- c:\windows\system32\vi-VN
    2013-08-11 06:11:28 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-08-11 06:11:27 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-08-11 06:11:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-08-10 18:51:06 -------- d-----w- c:\program files\CCleaner
    .
    ==================== Find3M ====================
    .
    2013-08-11 08:55:59 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2013-08-11 08:55:59 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2013-08-11 08:55:58 98816 ----a-w- c:\windows\system32\mfps.dll
    2013-08-11 08:55:58 2873344 ----a-w- c:\windows\system32\mf.dll
    2013-08-11 08:55:56 209920 ----a-w- c:\windows\system32\mfplat.dll
    2013-08-11 08:55:54 586240 ----a-w- c:\windows\system32\stobject.dll
    2013-08-11 08:55:51 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2013-08-11 08:55:43 478720 ----a-w- c:\windows\system32\dxgi.dll
    2013-08-11 08:55:41 258048 ----a-w- c:\windows\system32\winspool.drv
    2013-08-11 08:55:40 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2013-08-11 08:55:39 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2013-08-11 08:55:38 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2013-08-11 08:55:37 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2013-08-11 08:54:22 4096 ----a-w- c:\windows\system32\drivers\nl-nl\dxgkrnl.sys.mui
    2013-06-12 18:53:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-06-12 18:53:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-06-04 04:17:26 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
    2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
    2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
    .
    ============= FINISH: 11:20:09,22 ===============

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-08-13 11:53:03
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB2O 149,05GB
    Running: t5kwl6o3.exe; Driver: C:\Users\kim\AppData\Local\Temp\kgldypob.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8D29A14A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8D29A21A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8D299D7C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8D299F6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8D29A000]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x827C5640]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8D299ECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8D29A09C]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!KeSetEvent + 3BD 820BB988 8 Bytes [4A, A1, 29, 8D, 1A, A2, 29, ...]
    .text ntkrnlpa.exe!KeSetEvent + 3F1 820BB9BC 4 Bytes [7C, 9D, 29, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 611 820BBBDC 8 Bytes [6A, 9F, 29, 8D, 00, A0, 29, ...] {PUSH -0x61; SUB [EBP-0x72d66000], ECX}
    .text ntkrnlpa.exe!KeSetEvent + 621 820BBBEC 3 Bytes [40, 56, 7C]
    .text ntkrnlpa.exe!KeSetEvent + 625 820BBBF0 4 Bytes [CE, 9E, 29, 8D]
    .text ...
    ? C:\Users\kim\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!EnableWindow 759ACD8B 5 Bytes JMP 6A109EBC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxParamW 759D10B0 5 Bytes JMP 6A06189B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxIndirectParamW 759D2EF5 5 Bytes JMP 6A2591B6 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxParamA 759E8152 5 Bytes JMP 6A259151 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!DialogBoxIndirectParamA 759E847D 5 Bytes JMP 6A25921B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxIndirectA 759FD4D9 5 Bytes JMP 6A2590D8 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxIndirectW 759FD5D3 5 Bytes JMP 6A25905F C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxExA 759FD639 5 Bytes JMP 6A258FFB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[1168] USER32.dll!MessageBoxExW 759FD65D 5 Bytes JMP 6A258F97 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] kernel32.dll!CreateThread 753ECB0E 5 Bytes JMP 6A0C75E3 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogParamW 759A72A2 3 Bytes JMP 6A259520 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogParamW + 4 759A72A6 1 Byte [F4]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!GetAsyncKeyState 759A863C 5 Bytes JMP 6A0ADEDD C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetWindowsHookExW 759A87AD 5 Bytes JMP 6A1025B4 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CallNextHookEx 759A8E3B 5 Bytes JMP 6A127FF1 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!UnhookWindowsHookEx 759A98DB 5 Bytes JMP 6A14ED14 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!EnableWindow 759ACD8B 5 Bytes JMP 6A109EBC C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DefWindowProcA 759ADB88 7 Bytes JMP 6A0C980D C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateWindowExA 759ADC2A 5 Bytes JMP 6A0D3643 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateWindowExW 759B1305 5 Bytes JMP 6A1303DF C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!GetKeyState 759B8CB1 5 Bytes JMP 6A0ADDB3 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DefWindowProcW 759C03B4 7 Bytes JMP 6A128054 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!IsDialogMessageW 759C0745 5 Bytes JMP 6A259C7A C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogParamA 759C17AA 5 Bytes JMP 6A2594E8 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!IsDialogMessage 759C1847 5 Bytes JMP 6A259C52 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogIndirectParamA 759C26F1 5 Bytes JMP 6A259558 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogIndirectParamW 759C9A62 5 Bytes JMP 6A259590 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetKeyboardState 759D0987 5 Bytes JMP 6A25A571 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxParamW 759D10B0 5 Bytes JMP 6A06189B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxIndirectParamW 759D2EF5 5 Bytes JMP 6A2591B6 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SendInput 759D2F75 5 Bytes JMP 6A25A519 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!EndDialog 759D326E 5 Bytes JMP 6A259F26 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetCursorPos 759E6FB2 5 Bytes JMP 6A25A5F2 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxParamA 759E8152 5 Bytes JMP 6A259151 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxIndirectParamA 759E847D 5 Bytes JMP 6A25921B C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxIndirectA 759FD4D9 5 Bytes JMP 6A2590D8 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxIndirectW 759FD5D3 5 Bytes JMP 6A25905F C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxExA 759FD639 5 Bytes JMP 6A258FFB C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxExW 759FD65D 5 Bytes JMP 6A258F97 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!keybd_event 759FD972 5 Bytes JMP 6A25A4D6 C:\Windows\system32\IEFRAME.dll
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] SHELL32.dll!SHRestricted + D95 761189A8 4 Bytes [CF, 01, 91, 69]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] SHELL32.dll!SHRestricted + D9D 761189B0 8 Bytes [E0, 61, 90, 69, 79, F7, 90, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] ole32.dll!OleLoadFromStream 755F1E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] ole32.dll!OleLoadFromStream 755F1E80 5 Bytes JMP 6A259984 C:\Windows\system32\IEFRAME.dll

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BB7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BFB4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BBBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BAF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BB75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BAE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BE73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73BBDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BAFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BAFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BA71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73C3CB00] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73BDC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BAD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BA6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BA687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll
    IAT C:\Windows\Explorer.EXE[3684] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BB2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a 4\gdiplus.dll

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----

  • #2
    Probeer dit eens.

    Download zoek.exe naar het bureaublad.
    • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
      (hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.
    • Dubbelklik op Zoek.exe om de tool te starten.
    • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
      Code:
      emptyclsid;
      firefoxlook; 
      Chromelook; 
      autoclean; 
      iedefaults;
    • Klik nu op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
    • Post het geopende logje in het volgende bericht als bijlage.

    Windows 10 opstarten in Veilige Modus

    Comment


    • #3
      Ik heb het uitgevoerd. Hier is het logje:


      Zoek.exe Version 4.0.0.4 Updated 10-August-2013
      Tool run by kim on di 13-08-2013 at 13:05:34,88.
      Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
      Running in: Normal Mode Internet Access Detected
      Launched: C:\Users\kim\Desktop\zoek.exe [Script inserted]

      ==== System Restore Info ======================

      13-8-2013 13:07:45 Zoek.exe System Restore Point Created Succesfully.

      ==== Deleting CLSID Registry Keys ======================

      HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

      ==== Deleting CLSID Registry Values ======================

      HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
      HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

      ==== Deleting Services ======================


      ==== FireFox Fix ======================

      ProfilePath: C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default

      user.js not found
      ---- Lines imesh removed from prefs.js ----


      ---- Lines imesh modified from prefs.js ----


      ---- Lines yontoo removed from prefs.js ----


      ---- Lines yontoo modified from prefs.js ----

      user_pref("extensions.enabledAddons", "{C2C2A16E-2E64-478A-992C-82E136577FCD}:5.0.0.7281,[email protected]:1.20.02,[email protected]:15.4.0.5,{4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1");
      user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1251905532940},\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\Program Files\\\\McAfee\\\\SiteAdvisor\",\"mtime\":1376157534489},\"[email protected]\":{\"descriptor\":\"C:\\\\Pr ogramData\\\\AVG Secure Search\\\\FireFoxExt\\\\15.4.0.5\",\"mtime\":1375221917008},\"[email protected]_4z.com \":{\"descriptor\":\"C:\\\\Program Files\\\\VideoDownloadConverter_4z\\\\bar\\\\1.bin\",\"mtime\":1368896637346}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1353248707931}}},{\"name\":\"app-profile\",\"addons\":{\"[email protected]_4z.com\":{\"descriptor\":\"C:\\\\Users\\\\ki m\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2h3hx9kb.default\\\\extensions\\\\4zffx [email protected]_4z.com\",\"mtime\":1368896618250},\"[email protected]\":{\"descriptor\":\ "C:\\\\Users\\\\kim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\2h3hx9kb.default\\\\e xtensions\\\\[email protected]\",\"mtime\":1368898828063},\"{503e067f-2914-4edd-8432-2d6c52635e23}\":{\"descriptor\":\"C:\\\\Users\\\\kim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\ Profiles\\\\2h3hx9kb.default\\\\extensions\\\\{503e067f-2914-4edd-8432-2d6c52635e23}\",\"mtime\":1368897591130},\"{C2C2A16E-2E64-478A-992C-82E136577FCD}\":{\"descriptor\":\"C:\\\\Users\\\\kim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\ Profiles\\\\2h3hx9kb.default\\\\extensions\\\\{C2C2A16E-2E64-478A-992C-82E136577FCD}\",\"mtime\":1368897527452},\"{d50dcc43-2971-45e3-a12b-b05dd8997be6}\":{\"descriptor\":\"C:\\\\Users\\\\kim\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\ Profiles\\\\2h3hx9kb.default\\\\extensions\\\\{d50dcc43-2971-45e3-a12b-b05dd8997be6}\",\"mtime\":1368898873203}}}]");

      ---- Lines browser.startup.page removed from prefs.js ----

      user_pref("browser.startup.page", 1);

      ---- Lines browser.startup.page modified from prefs.js ----


      ---- FireFox user.js and prefs.js backups ----

      prefs_13-08-2013_1313_.backup

      ==== Deleting Files \ Folders ======================

      "C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default\extensions\[email protected] " not found
      "C:\Windows\system32\tasks\Desk 365 RunAsStdUser" deleted
      "C:\Windows\System32\Tasks\Browser Updater" deleted
      "C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default\imeshtoolbar" deleted
      "C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default\imeshtoolbar" deleted

      ==== Firefox Extensions ======================

      ProfilePath: C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default
      - Undetermined - C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
      - Undetermined - C:\Program Files\McAfee\SiteAdvisor
      - New Tab - %ProfilePath%\extensions\{C2C2A16E-2E64-478A-992C-82E136577FCD}

      ==== Firefox Plugins ======================

      Profilepath: C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default
      F045DF7AF127DC4BCC53421850114E15 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
      0132218093298D7F72A40222F4FBF04F - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.2
      A7DA4A3F6E86E55E25F60D2BA46B24D0 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.2
      CE1411064661AFB6DC4E18BACB50BF61 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.2
      052575195474BA9646272680BF993D64 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.2
      A8CD2D78D83C1466BB81BBC94A6C96A3 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.2
      136ECFCBEA4FBFF8918D3B4AE2729C7F - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.2
      1E17EB861D4EAD9CAC51C246B5E3426A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.2
      D28AD1CB902AC6D228532812D3850C7D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
      BCA175A4D68910B97C9391F2B5F02A4D - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
      CF46E0E1398B382CE0CE738C67A38DD1 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
      7ABA2EAB736F7E9EB0E03ACAA42CCB51 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
      AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
      AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
      7D28153B7D586330678AD522B71D89CB - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight


      ==== Deleting Files \ Folders ======================

      "C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\2h3hx9kb.default\extensions\{C2C2A16E-2E64-478A-992C-82E136577FCD}" deleted

      ==== Chrome Look ======================

      Docs - kim - Default\Extensions\aohghmighlieiainnegkcijnfilokake
      Google Drive - kim - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
      YouTube - kim - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
      Google Search - kim - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
      Norton Identity Protection - kim - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
      Gmail - kim - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

      ==== Set IE to Default ======================

      Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Search Page"="http://www.google.com"
      "Default_Page_URL"="http://www.google.com"
      "Search Bar"="http://www.google.com"
      "Default_Search_URL"="http://www.google.com"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
      "Default_Search_URL"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
      "Search Bar"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
      "Search Page"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://www.google.com"
      "Default_Page_URL"="http://www.google.com"
      "Default_Search_URL"="http://www.google.com"
      "Search Page"="http://www.google.com"
      "Search Bar"="http://www.google.com"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
      "(Default)"="http://search.certified-toolbar.com?si=44958&st=bs&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&q=%s"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
      "(Default)"="http://search.certified-toolbar.com?si=44958&st=bs&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&q=%s"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
      "(Default)"="http://search.certified-toolbar.com?si=44958&st=bs&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&q=%s"
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
      "(Default)"="http://www.google.com"
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
      "(Default)"=""
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
      @="http://www.google.com/search/?q=%s"
      "(Default)"=""
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
      "Default_Search_URL"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
      "Search Bar"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
      "Search Page"="http://search.certified-toolbar.com?si=44958&tid=3816&ver=2.9&ts=1368898808358&tguid=44958-3816-1368898808358-D41D8CD98F00B204E9800998ECF8427E&st=chrome&q="
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
      "Default_Search_URL"="http://www.google.com/"
      "Search Bar"="http://www.google.com"
      "Search Page"="http://www.google.com"
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
      "Default_Search_URL"="http://www.google.com/"
      "Search Bar"="http://www.google.com"
      "Search Page"="http://www.google.com"

      New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]
      "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
      "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
      "(Default)"="http://search.msn.com/results.asp?q=%s"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
      "(Default)"="http://search.msn.com/results.asp?q=%s"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
      "(Default)"="http://search.msn.com/results.asp?q=%s"
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
      "(Default)"="http://search.msn.com/results.asp?q=%s"
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
      "(Default)"="http://search.msn.com/results.asp?q=%s"
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
      "(Default)"="http://search.msn.com/results.asp?q=%s"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
      "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
      "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
      "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
      "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

      ==== All HKCU SearchScopes ======================

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
      {67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown Url="Not_Found"
      {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"
      {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} Unknown Url="Not_Found"
      {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} Unknown Url="Not_Found"

      ==== Deleting CLSID Registry Keys ======================

      HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
      HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} deleted successfully
      HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} deleted successfully
      HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} deleted successfully

      ==== Deleting CLSID Registry Values ======================


      ==== Empty IE Cache ======================

      C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
      C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

      ==== Empty FireFox Cache ======================

      No FireFox Cache found

      ==== Empty Chrome Cache ======================

      C:\users\kim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

      ==== Empty All Flash Cache ======================

      Flash Cache Emptied Successfully

      ==== Empty All Java Cache ======================

      Java Cache cleared successfully

      Comment


      • #4
        Delta werd niet gevonden?

        Download AdwCleaner by Xplode naar het bureaublad.
        • Sluit alle openstaande vensters.
        • Dubbelklik op AdwCleaner om hem te starten.
        • Klik vervolgens op Verwijderen.
        • Klik bij AdwCleaner – Informatie op OK
        • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK


        Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.
        Nadat de PC opnieuw is opgestart, opent een logfile.
        Post aansluitend de inhoud van dit log in je volgende bericht als bijlage.

        vertel ook even hoe het nu gaat aub.

        Windows 10 opstarten in Veilige Modus

        Comment


        • #5
          Hallo Juisterr,

          Ik zit inmiddels op mijn werk, dus ik kan tot vanavond 23:00 uur niets doen.
          Ik heb dat programma al op de laptop staan en ook al een aantal keer laten draaien.


          adwCleaner heeft voor mij het probleem Yontoo de nek omgedraaid.
          Ik heb met het programma Revo uninstaller ook al een een deel van Delta verwijderd. Maar ik kan nog steeds de homepage niet wijzigen. Hij blijft Delta-homes als startpagina houden. Dit had ik overigens al gedaan voordat ik dit bericht had geplaatst.

          Ik hoop je zo voorlopig voldoende te hebben geinformeerd.

          Gr.

          Comment


          • #6
            Ik snap het, vandaar dat ik hem niet meer zien kan.
            We gaan hem opzoeken.

            Download OTL naar je Bureaublad
            • Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
            • Zet een vinkje bij Scan All Users.
            • Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
              • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
              • Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

            Windows 10 opstarten in Veilige Modus

            Comment


            • #7
              Hier zijn de 2 logjes:

              1. OTL.txt

              OTL logfile created on: 13-8-2013 23:35:01 - Run 1
              OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kim\Desktop
              Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
              Internet Explorer (Version = 9.0.8112.16421)
              Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

              1,93 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 34,02% Memory free
              4,10 Gb Paging File | 2,43 Gb Available in Paging File | 59,37% Paging File free
              Paging file location(s): ?:\pagefile.sys [binary data]

              %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
              Drive C: | 69,02 Gb Total Space | 4,04 Gb Free Space | 5,86% Space Free | Partition Type: NTFS
              Drive D: | 69,02 Gb Total Space | 68,90 Gb Free Space | 99,82% Space Free | Partition Type: NTFS

              Computer Name: PC_VAN_KIM | User Name: kim | Logged in as Administrator.
              Boot Mode: Normal | Scan Mode: All users | Quick Scan
              Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

              ========== Processes (SafeList) ==========

              PRC - [2013-08-13 23:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.com
              PRC - [2013-08-13 13:18:52 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\kim\AppData\Local\Temp\RtkBtMnt.exe
              PRC - [2013-08-12 21:06:50 | 005,703,408 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              PRC - [2013-05-23 22:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
              PRC - [2013-03-09 20:33:03 | 007,330,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgmfapx.exe
              PRC - [2012-12-11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
              PRC - [2012-11-16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
              PRC - [2012-10-30 05:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
              PRC - [2012-10-22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
              PRC - [2012-10-22 14:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
              PRC - [2012-10-22 14:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
              PRC - [2009-10-28 11:57:22 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
              PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
              PRC - [2008-09-01 03:17:00 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
              PRC - [2008-06-11 10:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
              PRC - [2008-04-28 09:35:36 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
              PRC - [2008-04-15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
              PRC - [2008-04-15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
              PRC - [2008-03-21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
              PRC - [2008-01-16 11:16:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
              PRC - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
              PRC - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
              PRC - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
              PRC - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
              PRC - [2006-11-03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe


              ========== Modules (No Company Name) ==========

              MOD - [2013-08-11 13:20:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59375bfcbdf9a51a963b71c10f6204d4 \System.Runtime.Remoting.ni.dll
              MOD - [2013-08-11 13:19:46 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xm l.ni.dll
              MOD - [2013-08-11 13:19:09 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91 \System.Windows.Forms.ni.dll
              MOD - [2013-08-11 13:18:48 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\Syste m.Drawing.ni.dll
              MOD - [2013-08-11 13:16:20 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll
              MOD - [2013-08-11 13:15:37 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni .dll
              MOD - [2011-11-02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
              MOD - [2011-11-02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
              MOD - [2009-03-31 20:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
              MOD - [2009-01-14 04:53:06 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
              MOD - [2009-01-14 04:53:06 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
              MOD - [2008-06-11 10:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
              MOD - [2008-04-28 10:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
              MOD - [2007-10-23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


              ========== Services (SafeList) ==========

              SRV - [2013-06-12 20:53:58 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
              SRV - [2013-05-23 22:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
              SRV - [2012-11-16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
              SRV - [2012-10-22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
              SRV - [2012-10-02 03:32:56 | 001,314,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
              SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
              SRV - [2009-10-28 11:57:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
              SRV - [2008-04-15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
              SRV - [2008-03-21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
              SRV - [2008-01-21 04:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
              SRV - [2008-01-16 11:16:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
              SRV - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
              SRV - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
              SRV - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


              ========== Driver Services (SafeList) ==========

              DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
              DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
              DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
              DRV - [2012-11-16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
              DRV - [2012-10-22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
              DRV - [2012-10-15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
              DRV - [2012-10-02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
              DRV - [2012-09-21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
              DRV - [2012-09-21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
              DRV - [2012-09-21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
              DRV - [2012-09-14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
              DRV - [2011-07-22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
              DRV - [2011-07-12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
              DRV - [2008-07-28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
              DRV - [2008-07-22 09:46:22 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
              DRV - [2008-06-05 04:01:14 | 000,146,688 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
              DRV - [2008-04-08 03:22:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
              DRV - [2008-03-21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
              DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
              DRV - [2007-01-31 19:01:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
              DRV - [2006-12-05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)


              ========== Standard Registry (SafeList) ==========


              ========== Internet Explorer ==========

              IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
              IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
              IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
              IE - HKLM\..\SearchScopes,DefaultScope =
              IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


              IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
              IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
              IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

              IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
              IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
              IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

              IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

              IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
              IE - HKU\S-1-5-21-84923639-2516154625-2707148456-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

              ========== FireFox ==========

              FF - prefs.js..browser.search.useDBForOrder: false
              FF - prefs.js..browser.startup.homepage:
              FF - prefs.js..extensions.enabledAddons: {C2C2A16E-2E64-478A-992C-82E136577FCD}:5.0.0.7281
              FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.02
              FF - prefs.js..extensions.enabledAddons: [email protected]:15.4.0.5
              FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.2
              FF - prefs.js..network.proxy.no_proxies_on: "*.local"
              FF - prefs.js..network.proxy.type: 0
              FF - user.js - File not found

              FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
              FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
              FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
              FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
              FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
              FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
              FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
              FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
              FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

              FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

              [2011-12-31 20:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\mozilla\Extensions
              [2013-08-13 13:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\mozilla\Firefox\Profiles\2h3hx9kb.default\extensions
              File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
              File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.4.0.5
              File not found (No name found) -- C:\USERS\KIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H3HX9KB.DEFAULT\EXTENSIONS\{C2C2A16E-2E64-478A-992C-82E136577FCD}
              File not found (No name found) -- C:\USERS\KIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2H3HX9KB.DEFAULT\EXTENSIONS\[email protected]
              [2013-07-05 20:11:01 | 000,000,793 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml

              ========== Chrome ==========

              CHR - homepage: http://www.google.com
              CHR - Extension: Docs = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
              CHR - Extension: Google Drive = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
              CHR - Extension: YouTube = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
              CHR - Extension: Google Zoeken = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
              CHR - Extension: Norton Identity Protection = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
              CHR - Extension: Gmail = C:\Users\kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

              O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
              O1 - Hosts: 127.0.0.1 localhost
              O1 - Hosts: ::1 localhost
              O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
              O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
              O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
              O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
              O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
              O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
              O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
              O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
              O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
              O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
              O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
              O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
              O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
              O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
              O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
              O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
              O4 - HKU\S-1-5-21-84923639-2516154625-2707148456-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
              O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
              O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
              O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
              O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
              O13 - gopher Prefix: missing
              O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
              O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (Reg Error: Key error.)
              O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
              O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Reg Error: Key error.)
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD54D1C7-7B66-4288-B527-91A00FF911FC}: DhcpNameServer = 192.168.0.1
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF2A9FCC-3244-44C7-89B6-BD11F31A5BD0}: DhcpNameServer = 192.168.0.1
              O18 - Protocol\Handler\linkscanner - No CLSID value found
              O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
              O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
              O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
              O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
              O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
              O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
              O32 - HKLM CDRom: AutoRun - 1
              O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
              O33 - MountPoints2\{f7ab4cfe-7ed0-11df-bcfa-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
              O33 - MountPoints2\{f7ab4cfe-7ed0-11df-bcfa-806e6f6e6963}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
              O34 - HKLM BootExecute: (autocheck autochk *)
              O35 - HKLM\..comfile [open] -- "%1" %*
              O35 - HKLM\..exefile [open] -- "%1" %*
              O37 - HKLM\...com [@ = comfile] -- "%1" %*
              O37 - HKLM\...exe [@ = exefile] -- "%1" %*
              O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
              O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

              ========== Files/Folders - Created Within 30 Days ==========

              [2013-08-13 23:32:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.com
              [2013-08-13 13:18:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
              [2013-08-13 13:15:57 | 000,000,000 | ---D | C] -- C:\Windows\Temp
              [2013-08-13 13:15:57 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\Temp
              [2013-08-13 13:04:22 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\CrashDumps
              [2013-08-13 11:05:41 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\kim\Desktop\dds.com
              [2013-08-13 10:24:36 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\SUPERAntiSpyware.com
              [2013-08-13 10:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
              [2013-08-13 10:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
              [2013-08-13 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
              [2013-08-12 19:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
              [2013-08-12 19:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
              [2013-08-12 18:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
              [2013-08-12 18:30:08 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
              [2013-08-12 16:09:19 | 000,000,000 | ---D | C] -- C:\Users\kim\Option
              [2013-08-11 21:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
              [2013-08-11 21:10:59 | 009,167,352 | ---- | C] (SurfRight B.V.) -- C:\Users\kim\Desktop\HitmanPro.exe
              [2013-08-11 21:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
              [2013-08-11 15:49:20 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Malwarebytes
              [2013-08-11 15:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
              [2013-08-11 15:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
              [2013-08-11 15:48:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
              [2013-08-11 15:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
              [2013-08-11 15:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
              [2013-08-11 14:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
              [2013-08-11 14:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
              [2013-08-11 13:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
              [2013-08-11 12:21:14 | 000,000,000 | ---D | C] -- C:\Windows\nl
              [2013-08-11 12:20:58 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
              [2013-08-11 11:43:01 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\Windows Live
              [2013-08-11 09:02:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
              [2013-08-11 08:41:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
              [2013-08-11 08:41:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
              [2013-08-11 08:41:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
              [2013-08-11 08:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
              [2013-08-11 08:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
              [2013-08-10 20:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

              ========== Files - Modified Within 30 Days ==========

              [2013-08-13 23:32:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.com
              [2013-08-13 23:31:16 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
              [2013-08-13 23:31:16 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
              [2013-08-13 23:31:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
              [2013-08-13 23:30:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
              [2013-08-13 23:30:52 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
              [2013-08-13 23:30:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
              [2013-08-13 23:30:39 | 2070,831,104 | -HS- | M] () -- C:\hiberfil.sys
              [2013-08-13 13:52:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
              [2013-08-13 13:03:32 | 001,276,904 | ---- | M] () -- C:\Users\kim\Desktop\zoek.exe
              [2013-08-13 11:25:49 | 000,377,856 | ---- | M] () -- C:\Users\kim\Desktop\t5kwl6o3.exe
              [2013-08-13 11:11:25 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9675ccde-b129-4066-bab1-de9d7511e303.job
              [2013-08-13 11:11:25 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 81e92a0d-f2c1-4011-8d3f-0af91e5ee672.job
              [2013-08-13 11:05:41 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\kim\Desktop\dds.com
              [2013-08-13 10:46:29 | 000,000,000 | ---- | M] () -- C:\Users\kim\defogger_reenable
              [2013-08-13 10:46:12 | 000,000,680 | ---- | M] () -- C:\Users\kim\AppData\Local\d3d9caps.dat
              [2013-08-13 10:46:10 | 000,050,477 | ---- | M] () -- C:\Users\kim\Desktop\Defogger.exe
              [2013-08-13 10:39:32 | 000,000,079 | ---- | M] () -- C:\Windows\WININIT.INI
              [2013-08-13 10:30:00 | 000,000,947 | ---- | M] () -- C:\Users\kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
              [2013-08-13 10:24:25 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
              [2013-08-12 18:30:08 | 000,001,061 | ---- | M] () -- C:\Users\kim\Desktop\Revo Uninstaller.lnk
              [2013-08-12 18:06:15 | 000,733,468 | ---- | M] () -- C:\Windows\System32\perfh013.dat
              [2013-08-12 18:06:15 | 000,642,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
              [2013-08-12 18:06:15 | 000,154,704 | ---- | M] () -- C:\Windows\System32\perfc013.dat
              [2013-08-12 18:06:15 | 000,121,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
              [2013-08-11 21:40:57 | 000,000,604 | ---- | M] () -- C:\Windows\System32\.crusader
              [2013-08-11 21:25:05 | 000,666,633 | ---- | M] () -- C:\Users\kim\Desktop\AdwCleaner.exe
              [2013-08-11 21:10:59 | 009,167,352 | ---- | M] (SurfRight B.V.) -- C:\Users\kim\Desktop\HitmanPro.exe
              [2013-08-11 15:49:02 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
              [2013-08-11 13:57:26 | 000,000,497 | ---- | M] () -- C:\Windows\Temp - Snelkoppeling.lnk
              [2013-08-11 13:11:03 | 000,375,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
              [2013-08-11 13:04:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
              [2013-08-11 13:04:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
              [2013-08-11 10:58:09 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
              [2013-08-11 10:58:09 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
              [2013-08-11 10:57:41 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
              [2013-08-10 22:04:20 | 000,274,774 | ---- | M] () -- C:\Users\kim\AppData\Local\census.cache
              [2013-08-10 22:03:50 | 000,180,678 | ---- | M] () -- C:\Users\kim\AppData\Local\ars.cache
              [2013-08-10 21:08:03 | 000,000,036 | ---- | M] () -- C:\Users\kim\AppData\Local\housecall.guid.cache
              [2013-08-10 20:51:07 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

              ========== Files Created - No Company Name ==========

              [2013-08-13 13:03:31 | 001,276,904 | ---- | C] () -- C:\Users\kim\Desktop\zoek.exe
              [2013-08-13 11:25:33 | 000,377,856 | ---- | C] () -- C:\Users\kim\Desktop\t5kwl6o3.exe
              [2013-08-13 10:46:29 | 000,000,000 | ---- | C] () -- C:\Users\kim\defogger_reenable
              [2013-08-13 10:46:06 | 000,050,477 | ---- | C] () -- C:\Users\kim\Desktop\Defogger.exe
              [2013-08-13 10:24:54 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9675ccde-b129-4066-bab1-de9d7511e303.job
              [2013-08-13 10:24:54 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 81e92a0d-f2c1-4011-8d3f-0af91e5ee672.job
              [2013-08-13 10:24:25 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
              [2013-08-13 05:09:57 | 000,000,680 | ---- | C] () -- C:\Users\kim\AppData\Local\d3d9caps.dat
              [2013-08-12 19:03:15 | 2070,831,104 | -HS- | C] () -- C:\hiberfil.sys
              [2013-08-12 18:30:08 | 000,001,061 | ---- | C] () -- C:\Users\kim\Desktop\Revo Uninstaller.lnk
              [2013-08-11 21:40:57 | 000,000,604 | ---- | C] () -- C:\Windows\System32\.crusader
              [2013-08-11 21:24:32 | 000,666,633 | ---- | C] () -- C:\Users\kim\Desktop\AdwCleaner.exe
              [2013-08-11 15:49:02 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
              [2013-08-11 15:09:03 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
              [2013-08-11 13:57:26 | 000,000,497 | ---- | C] () -- C:\Windows\Temp - Snelkoppeling.lnk
              [2013-08-11 13:04:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
              [2013-08-11 13:04:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
              [2013-08-11 12:20:54 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
              [2013-08-11 12:20:25 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
              [2013-08-11 12:19:16 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
              [2013-08-11 10:57:41 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
              [2013-08-11 10:15:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
              [2013-08-11 10:15:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
              [2013-08-11 08:52:31 | 000,000,947 | ---- | C] () -- C:\Users\kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
              [2013-08-10 22:04:20 | 000,274,774 | ---- | C] () -- C:\Users\kim\AppData\Local\census.cache
              [2013-08-10 22:03:50 | 000,180,678 | ---- | C] () -- C:\Users\kim\AppData\Local\ars.cache
              [2013-08-10 21:08:03 | 000,000,036 | ---- | C] () -- C:\Users\kim\AppData\Local\housecall.guid.cache
              [2013-08-10 20:51:07 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
              [2013-08-10 20:20:15 | 000,000,079 | ---- | C] () -- C:\Windows\WININIT.INI
              [2011-10-05 20:53:15 | 000,124,912 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
              [2010-03-20 12:51:40 | 000,037,888 | ---- | C] () -- C:\Users\kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
              [2009-12-29 14:50:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

              ========== ZeroAccess Check ==========

              [2006-11-02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

              [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

              [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

              [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
              "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
              "ThreadingModel" = Apartment

              [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
              "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
              "ThreadingModel" = Free

              [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
              "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
              "ThreadingModel" = Both

              ========== LOP Check ==========

              [2012-10-13 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
              [2012-10-13 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
              [2011-08-24 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Amsterdams Poker
              [2012-02-20 19:34:45 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\AVG
              [2012-10-07 03:02:58 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\AVG2013
              [2009-08-16 17:39:00 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\eSobi
              [2013-08-10 20:34:12 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\IObit
              [2013-05-18 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\MusicNet
              [2011-12-31 22:15:05 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\redsn0w
              [2012-10-06 15:58:30 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\TuneUp Software
              [2011-08-24 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\YoyPoker

              ========== Purity Check ==========



              ========== Alternate Data Streams ==========

              @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

              < End of report >

              Comment


              • #8
                2. Extras.txt

                OTL Extras logfile created on: 13-8-2013 23:35:01 - Run 1
                OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kim\Desktop
                Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
                Internet Explorer (Version = 9.0.8112.16421)
                Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

                1,93 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 34,02% Memory free
                4,10 Gb Paging File | 2,43 Gb Available in Paging File | 59,37% Paging File free
                Paging file location(s): ?:\pagefile.sys [binary data]

                %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
                Drive C: | 69,02 Gb Total Space | 4,04 Gb Free Space | 5,86% Space Free | Partition Type: NTFS
                Drive D: | 69,02 Gb Total Space | 68,90 Gb Free Space | 99,82% Space Free | Partition Type: NTFS

                Computer Name: PC_VAN_KIM | User Name: kim | Logged in as Administrator.
                Boot Mode: Normal | Scan Mode: All users | Quick Scan
                Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

                ========== Extra Registry (SafeList) ==========


                ========== File Associations ==========

                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
                .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
                .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

                ========== Shell Spawning ==========

                [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
                batfile [open] -- "%1" %*
                cmdfile [open] -- "%1" %*
                comfile [open] -- "%1" %*
                cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
                exefile [open] -- "%1" %*
                helpfile [open] -- Reg Error: Key error.
                hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
                inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
                piffile [open] -- "%1" %*
                regfile [merge] -- Reg Error: Key error.
                scrfile [config] -- "%1"
                scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
                scrfile [open] -- "%1" /S
                txtfile [edit] -- Reg Error: Key error.
                Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
                Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
                Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
                Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
                Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
                Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

                ========== Security Center Settings ==========

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
                "cval" = 1

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
                "AntiVirusOverride" = 0
                "AntiSpywareOverride" = 0
                "FirewallOverride" = 0
                "VistaSp1" = Reg Error: Unknown registry data type -- File not found
                "VistaSp2" = Reg Error: Unknown registry data type -- File not found

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

                ========== Firewall Settings ==========

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
                "EnableFirewall" = 1
                "DisableNotifications" = 0

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
                "EnableFirewall" = 1
                "DisableNotifications" = 0

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
                "EnableFirewall" = 1
                "DisableNotifications" = 0

                ========== Authorized Applications List ==========

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]


                ========== Vista Active Open Ports Exception List ==========

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
                "{307D078E-716A-4F5D-A494-DEDFADB0C020}" = lport=138 | protocol=17 | dir=in | app=system |
                "{3277A07D-B1B4-4C04-BF72-2C92210AAB06}" = rport=138 | protocol=17 | dir=out | app=system |
                "{33DF3206-D5ED-4208-8E11-9E83DF02A9C7}" = lport=139 | protocol=6 | dir=in | app=system |
                "{6372E240-4870-4A8A-ADED-BC47F8A217B6}" = lport=445 | protocol=6 | dir=in | app=system |
                "{7A1BBC58-AADF-4E4B-8D4D-8A1C8C250C6E}" = lport=137 | protocol=17 | dir=in | app=system |
                "{7C4DB140-00D0-4021-A38A-7019F1E089C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
                "{A3F27051-571D-4510-8157-5A7C32F9633D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
                "{A670CC42-CA87-407B-A33E-D8E27C205615}" = rport=137 | protocol=17 | dir=out | app=system |
                "{A8777FA2-C979-4E49-8FCA-8C173B984039}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
                "{AB1BBDCE-1680-423A-B47D-A53C4C2A1AE2}" = rport=139 | protocol=6 | dir=out | app=system |
                "{B0AA7D7F-C6B0-41B2-9164-DB338F5DD8F3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
                "{C089CBB9-FB47-4BFD-AF34-473B3529C5F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
                "{E93A8B0D-4F82-4BCF-AA00-CC968E952650}" = rport=445 | protocol=6 | dir=out | app=system |

                ========== Vista Active Application Exception List ==========

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
                "{08C70D27-C1A6-4CBB-B5D6-A980C2D86182}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
                "{11985BF7-AABC-45A0-B26F-1A1802475A11}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
                "{1FB93B7E-E226-46F5-B598-0B0D9A2F8CED}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
                "{27F64EA8-581F-44A3-8DFE-B2ED4553AA51}" = dir=in | app=c:\program files\itunes\itunes.exe |
                "{364D3B8A-7A89-4BCD-8B8C-0781C9E80A5A}" = protocol=58 | dir=out | [email protected],-28546 |
                "{42A7716F-3E4B-426E-8FA1-88B7BB6B9202}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
                "{4401D6C9-9FE2-4674-BDDC-BFE877E8259D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
                "{4403B877-0B86-4BAC-9BE1-B465CFCFC0A1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
                "{569B75CA-DBAC-4BB8-9752-83E9429F82A1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
                "{5B37CF47-DF9C-420A-865B-957F4A489B19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
                "{7D06C567-A4D9-4A2D-B144-AE256CAC38E1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
                "{7FE4161C-F4B1-45E9-8278-52534C9FB67C}" = protocol=58 | dir=in | [email protected],-28545 |
                "{86D82524-D09D-479D-9F8B-503E462C1EAF}" = protocol=1 | dir=in | [email protected],-28543 |
                "{B52D8E0C-08F2-4231-85F8-BFA6A8316FE1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
                "{CC44485B-1989-4AAD-9061-BE00BD6734E4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
                "{D08EF787-0F24-4BD5-BA05-1D0EEA4B2338}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
                "{D452F86F-C188-484D-89D7-F00D9041B949}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
                "{D85E10EE-D7FF-4D99-AF7B-1BBA06EDA4EC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
                "{E67CE904-43E4-4B5E-A74B-CBA88979D0DC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
                "{E7FB8883-3E44-4EA3-9F5D-1025AFCE9C13}" = protocol=1 | dir=out | [email protected],-28544 |
                "{F223100C-83E4-4EE6-BC49-F18C1E6D5F3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
                "{F4333165-4010-44E8-9864-C486068B2955}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
                "{FBC22EFC-44B6-4592-95E3-F35222680570}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

                ========== HKEY_LOCAL_MACHINE Uninstall List ==========

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
                "{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}" = AVG 2013
                "{0680FE0B-DEBA-419F-A0AC-8D990F32DE60}" = AVG 2013
                "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
                "{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
                "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
                "{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
                "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
                "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
                "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
                "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
                "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
                "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
                "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
                "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
                "{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
                "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
                "{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
                "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
                "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
                "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
                "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
                "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
                "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
                "{3FE93ACC-83FB-4FE5-9147-8BAD2D33E2EF}" = AVG 2012
                "{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
                "{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
                "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
                "{4ACBE725-9800-54D0-4B4B-4B1BD3E97E7E}" = FlipShare
                "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
                "{4E0C89A4-4040-47C7-AD0C-0E8226B6AFE2}" = AVG 2012
                "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
                "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
                "{55CCA8B6-977B-4CAC-8762-68394171E4AB}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
                "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
                "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
                "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
                "{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
                "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
                "{6669B6EE-2335-49FA-BDEF-4D3419AAFF68}" = Microsoft SQL Server Native Client
                "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
                "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
                "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
                "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
                "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
                "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
                "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
                "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
                "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
                "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
                "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
                "{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
                "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
                "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
                "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
                "{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
                "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
                "{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
                "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
                "{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
                "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
                "{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
                "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
                "{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
                "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
                "{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
                "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
                "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
                "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
                "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
                "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
                "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
                "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
                "{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
                "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
                "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
                "{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
                "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
                "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
                "{90A40413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
                "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
                "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
                "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
                "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
                "{95140000-007A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
                "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
                "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
                "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
                "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
                "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
                "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
                "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business-verbindingsonderdelen
                "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
                "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
                "{AC76BA86-7AD7-1043-7B44-A95000000001}" = Adobe Reader 9.5.5 - Nederlands
                "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
                "{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
                "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
                "{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
                "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
                "{CBBB226E-2289-4D29-8E5C-1331E7D71ED9}" = AVG 2013
                "{CD19EDD9-1632-4002-9212-7478E4BA0423}" = Windows Live Sync
                "{cd4c80be-63bf-48c0-b95b-b3d8b3d97739}" = Business Contact Manager voor Outlook 2007 SP2
                "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
                "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
                "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
                "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
                "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.59.528
                "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
                "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
                "{D836006A-10F3-4069-B4FF-1A78D2B70234}" = Microsoft SQL Server Setup-ondersteuningsbestanden (Engels)
                "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
                "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
                "{E8E5ED05-E8CE-4313-A18C-49723394E0C9}" = Microsoft SQL Server VSS Writer
                "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
                "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
                "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
                "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
                "{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
                "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
                "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
                "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
                "AVG" = AVG 2013
                "Business Contact Manager" = Business Contact Manager voor Outlook 2007 SP2
                "CCleaner" = CCleaner
                "Defraggler" = Defraggler
                "GridVista" = Acer GridVista
                "HDMI" = Intel(R) Graphics Media Accelerator Driver
                "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
                "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
                "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
                "InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
                "LManager" = Launch Manager
                "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300
                "Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
                "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
                "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
                "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
                "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
                "PartyPoker" = PartyPoker
                "PokerStars" = PokerStars
                "PROHYBRIDR" = 2007 Microsoft Office system
                "Revo Uninstaller" = Revo Uninstaller 1.94
                "SynTPDeinstKey" = Synaptics Pointing Device Driver
                "WinLiveSuite" = Windows Live Essentials

                ========== HKEY_USERS Uninstall List ==========

                [HKEY_USERS\S-1-5-21-84923639-2516154625-2707148456-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
                "AmsterdamsPoker_21_0" = Amsterdams Poker
                "YoyPoker_102_0" = YoyPoker

                ========== Last 20 Event Log Errors ==========

                [ Application Events ]
                Error - 10-8-2013 13:48:27 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
                Description = Task Scheduling Error: Continuously busy for more than a second

                Error - 10-8-2013 13:48:27 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
                Description = Task Scheduling Error: m->NextScheduledEvent 106923

                Error - 10-8-2013 13:48:27 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
                Description = Task Scheduling Error: m->NextScheduledSPRetry 106923

                Error - 10-8-2013 13:48:29 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
                Description = Task Scheduling Error: Continuously busy for more than a second

                Error - 10-8-2013 13:48:29 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
                Description = Task Scheduling Error: m->NextScheduledEvent 108171

                Error - 10-8-2013 13:48:29 | Computer Name = PC_van_kim | Source = Bonjour Service | ID = 100
                Description = Task Scheduling Error: m->NextScheduledSPRetry 108171

                Error - 10-8-2013 13:56:53 | Computer Name = PC_van_kim | Source = Application Error | ID = 1000
                Description = Toepassing met fout iexplore.exe, versie 7.0.6001.18639, tijdstempel
                0x4db02c95, module met fout searchresultstb.dll, versie 5.0.8.244, tijdstempel
                0x50b69ae6, uitzonderingscode 0xc0000005, foutmarge 0x00016b3c, proces-id 0x3734,
                starttijd van toepassing 0x01ce95f2d653bf40.

                Error - 10-8-2013 14:03:10 | Computer Name = PC_van_kim | Source = Application Error | ID = 1000
                Description = Toepassing met fout Explorer.EXE, versie 6.0.6001.18164, tijdstempel
                0x4907e242, module met fout edis.dll_unloaded, versie 0.0.0.0, tijdstempel 0x518a04a1,
                uitzonderingscode 0xc0000005, foutmarge 0x6baa32c3, proces-id 0xc18, starttijd van
                toepassing 0x01ce87dc9867960a.

                Error - 10-8-2013 14:07:11 | Computer Name = PC_van_kim | Source = Application Hang | ID = 1002
                Description = Programma iexplore.exe, versie 7.0.6001.18639 reageert niet meer op
                Windows en is afgesloten. Als u wilt zien of meer informatie over het probleem
                beschikbaar is, kunt u de probleemgeschiedenis in onderdeel Probleemrapporten en
                -oplossingen in het Configuratiescherm controleren. Proces-id: 3080 Starttijd: 01ce95f40cf96990
                Eindtijd:
                31

                Error - 10-8-2013 14:31:08 | Computer Name = PC_van_kim | Source = WinMgmt | ID = 10
                Description =

                Error - 10-8-2013 14:40:42 | Computer Name = PC_van_kim | Source = VSS | ID = 8194
                Description =

                [ System Events ]
                Error - 13-8-2013 7:17:49 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7006
                Description =

                Error - 13-8-2013 7:17:49 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7024
                Description =

                Error - 13-8-2013 7:32:43 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
                Description =

                Error - 13-8-2013 7:32:44 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
                Description =

                Error - 13-8-2013 7:32:44 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
                Description =

                Error - 13-8-2013 7:32:45 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
                Description =

                Error - 13-8-2013 7:32:46 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7030
                Description =

                Error - 13-8-2013 17:31:00 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7006
                Description =

                Error - 13-8-2013 17:31:00 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7006
                Description =

                Error - 13-8-2013 17:31:14 | Computer Name = PC_van_kim | Source = Service Control Manager | ID = 7024
                Description =


                < End of report >

                Comment


                • #9
                  Het is een plug-in bij Firefox. Eens kijken of hij zo weg wil.


                  Start OTL opnieuw.
                  • Kopieer en plak In het Custom Scans/Fixes veld de onderstaande code.
                    Code:
                    :Commands
                    [CREATERESTOREPOINT]
                    :OTL
                    [2013-07-05 20:11:01 | 000,000,793 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml
                    :Files
                    ipconfig /flushdns /c
                    :Commands
                    [PURITY]
                    [emptyjava]
                    [EMPTYFLASH]
                    [reboot]
                  • Klik op Run Fix bovenaan.
                  • Laat het programma ongehinderd werken, herstart de computer als het klaar is en sla de log op die verschijnt.
                  • Open OTL weer en klik op Quick Scan bovenaan.
                  • Plaats de log van de "Quick Scan" en van de "Fix" beide als bijlage in het volgende bericht.

                  Windows 10 opstarten in Veilige Modus

                  Comment


                  • #10
                    OTL1.Txt

                    Het fix logje kan ik niet vinden. Er staan wel 2 .ini configuratie bestanden op mijn bureaublad.

                    Voor jou informatie, ik heb eerder al google chrome en mozilla FF verwijderd van de computer. Ik maak gebruik van IE. Daar heb ik nog steeds delta-homes als startpagina en deze is nog steeds niet te wijzigen.
                    Last edited by Mustang; 14-08-13, 12:11.

                    Comment


                    • #11
                      Ok, eens kijken of we die wegkrijgen.


                      Download Shortcut Cleaner (mirror)
                      • Dubbelklik op sc-cleaner.exe om de tool te starten.
                      • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
                      • Wanneer de tool gereed is krijgt u de melding "A log file called sc-cleaner.txt has been created on your desktop and will be shown automatically. This file contains those shortcuts hijacked by this malware." te zien.
                      • Klik op Ok en plaats de inhoud van sc-cleaner.txt in het volgende bericht

                      Windows 10 opstarten in Veilige Modus

                      Comment


                      • #12
                        Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
                        http://www.bleepingcomputer.com/
                        Copyright 2008-2013 BleepingComputer.com
                        More Information about Shortcut Cleaner can be found at this link:
                        http://www.bleepingcomputer.com/down...rtcut-cleaner/

                        Windows Version: Windows Vista (TM) Business Service Pack 2
                        Program started at: 08/14/2013 07:45:23 PM.

                        Scanning for registry hijacks:

                        * No issues found in the Registry.

                        Searching for Hijacked Shortcuts:

                        Searching C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\

                        Searching C:\ProgramData\Microsoft\Windows\Start Menu\

                        Searching C:\Users\kim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

                        Searching C:\Users\Public\Desktop\

                        Searching C:\Users\kim\Desktop


                        0 bad shortcuts found.

                        Program finished at: 08/14/2013 07:45:35 PM
                        Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

                        Comment


                        • #13
                          Download ComboFix van één van deze locaties:

                          Link 1
                          Link 2


                          * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

                          >>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.






                          1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

                          * (hier of hier

                          2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
                          3. Dubbelklik op "Combofix.exe" om de tool te starten.
                          4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

                          * Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

                          5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

                          Windows 10 opstarten in Veilige Modus

                          Comment


                          • #14
                            ComboFix.txt

                            Hierbij het logje van combofix. Het delta-homes probleem is opgelost. ik kan nu weer de startpagina instellen zoals ik dat wil.

                            Comment


                            • #15
                              Kijk eens aan, CF logje ziet er goed uit, verder nog problemen?

                              Windows 10 opstarten in Veilige Modus

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X