Isearch

honshu 4 maart 2012, 10:31

blijf last van isearch houden als ik een zoekopdracht geef, redelijk irritant.
vriendelijk verzoek om het logje van hijack this te bekijken en aan te geven wat ik veilig kan verwijderen.
dank alvast
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:36, on 4-3-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\anysee\Driver\CNO.exe
C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\PROGRA~2\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Spotnet\Spotnet.exe
C:\Program Files (x86)\Spotnet\SABnzbd.exe
F:\Newsleecher Downloads\Advanced Uninstaller PROv1057(2012)-banDulu\crck\Monitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={1EFD50B3-2E9B-46E0-80B2-6D099AB91773}&mid=3166752f6b8047d19e719128c0e116f6-86d575b5e754d087a77665dfbc778dde796ffc3c&lang=en&ds=ft011&pr=sa&d=2012-03-04 10:26:35&v=10.0.0.7&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [anysee CNO] C:\Program Files (x86)\anysee\Driver\CNO.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13821 bytes

Antwoord niet gevonden? Stel hier je vraag:

honshu 4 maart 2012, 10:59

ondertussen wel de AVG Security toolbar uit de programma's verwijders, had zich weer geinstalleerd tijdens het installeren van een ander programma.
maar isearch blijft komen,

Abraham54 4 maart 2012, 13:57

Hallo, in je log wordt isearch maar eenmaal opgevoerd: AVG-safesearch!
Verder blijkt uit je log dat er wel wat aan de hand is.
Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:
[color=#0000FF:67f51124c7][list:67f51124c7][*:67f51124c7]Lees telkens elke instruktie eerst goed door.
[*:67f51124c7]De gegeven instrukties gelden alleen jouw Windows.
[*:67f51124c7]Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken.
[*:67f51124c7]Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn.
[*:67f51124c7]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef.

[*:67f51124c7] Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post.
[*:67f51124c7]Gebruik altijd één scanner per keer, nooit meerdere tegelijk gebruiken.
[*:67f51124c7]Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
[*:67f51124c7]Ook indien je iets niet begrijpt, meldt dat dan.
[*:67f51124c7]De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.[/list:u:67f51124c7][/color:67f51124c7]
[color=#FF0000:67f51124c7]Stap •1•[/color:67f51124c7]
Download de [color=#FF0000:67f51124c7]Emsisoft Emergency Kit[/color:67f51124c7] naar het bureaublad en pak het ZIP bestand uit.
[list:67f51124c7]
[*:67f51124c7] Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
[*:67f51124c7] Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"

[*:67f51124c7] Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
[*:67f51124c7] Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
[*:67f51124c7] Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
[*:67f51124c7] Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
[*:67f51124c7] Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"

[*:67f51124c7] Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
[*:67f51124c7] Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
[*:67f51124c7] Herstart nu de computer.[/list:u:67f51124c7]
[color=#FF0000:67f51124c7]Stap •2•[/color:67f51124c7]
Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.
Download Malwarebytes MBAM via één van deze locaties:
[list:67f51124c7][*:67f51124c7]Softpedia.com[*:67f51124c7]Majorgeeks.com[/list:u:67f51124c7]
Allereerst:[list:67f51124c7][*:67f51124c7] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
[*:67f51124c7] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
[/list:u:67f51124c7]
Malwarebytes MBAM opstarten:
[list:67f51124c7][*:67f51124c7] [color=#0000FF:67f51124c7]Sluit nu eerst alle nog openstaande programmavensters![/color:67f51124c7]
[list:67f51124c7][*:67f51124c7][color=#0000FF:67f51124c7]Windows 2000[/color:67f51124c7] en [color=#0000FF:67f51124c7]Windows XP[/color:67f51124c7]: start MBAM middels dubbelklik op de snelkoppeling.
[*:67f51124c7][color=#0000FF:67f51124c7]Windows Vista[/color:67f51124c7] en [color=#0000FF:67f51124c7]Windows 7[/color:67f51124c7]: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:67f51124c7][/list:u:67f51124c7]
[list:67f51124c7][*:67f51124c7]Let op:
[list:67f51124c7][*:67f51124c7]Malwarebytes verstrekt nu de volledige versie van MBAM.
[*:67f51124c7]Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
[*:67f51124c7]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
[*:67f51124c7]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:67f51124c7][/list:u:67f51124c7]

[list:67f51124c7][*:67f51124c7]Doe ook nog het volgende:
[list:67f51124c7][*:67f51124c7]Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
[*:67f51124c7]Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".[/list:u:67f51124c7][/list:u:67f51124c7]
Scannen:
[list:67f51124c7][*:67f51124c7] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
[*:67f51124c7]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
[*:67f51124c7]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:67f51124c7]
Infecties gevonden:
[list:67f51124c7][*:67f51124c7]Klik nu eerst op OK om de melding weg te klikken
[*:67f51124c7]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
[*:67f51124c7]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
[*:67f51124c7]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[*:67f51124c7]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
[*:67f51124c7]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:67f51124c7]
MBAM-Log:
[list:67f51124c7][*:67f51124c7] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:67f51124c7]
Post aansluitend in je volgende bericht de inhoud van het MBAM-log.
[color=#FF0000:67f51124c7]Stap •3•[/color:67f51124c7]
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
[list:67f51124c7][*:67f51124c7] EmsisoftEmergencyKit-logfile
[*:67f51124c7] MBAM scanlog[/list:u:67f51124c7]

honshu 4 maart 2012, 21:57

dank voor de reactie:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Databaseversie: v2012.03.04.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nico :: NICO-PC [administrator]
4-3-2012 21:49:06
mbam-log-2012-03-04 (21-49-06).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 188114
Verstreken tijd: 1 minuut/minuten, 40 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 4-3-2012 14:53:06
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\, E:\, F:\, I:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 4-3-2012 14:54:01
F:\Newsleecher Downloads\==HaroDeyv==Winzip 11\==HaroDeyv==Winzip 11\Winzip 11 Keygen.exe Ontdekt: Riskware.Keygen.WinZip11!IK
F:\Newsleecher Downloads\Nero 7.10.1.0 NL Premium\Nero 7.10.1.0 NL Premium\keygen.exe Ontdekt: Riskware.Hacktool.Keygen.Nero7!IK
F:\schoonmaak programma's\Uniblue Registry Booster 2.0\UBVarRB.dll Ontdekt: Virus.Win32.Sality!IK
I:\arie d schijf\Danmark-Faroe Isl-Sweden 2004\dragcopy.dll Ontdekt: Trojan.Win32.Sirefef!IK
Gescand
Bestanden: 715787
Sporen: 405133
Cookies: 8
Processen: 60
Gevonden
Bestanden: 4
Sporen: 0
Cookies: 0
Processen: 0
Registersleutels: 0
Scan Geëindigd: 4-3-2012 21:29:08
Scantijd: 6:35:07
I:\arie d schijf\Danmark-Faroe Isl-Sweden 2004\dragcopy.dll Verwijderd Trojan.Win32.Sirefef!IK
F:\schoonmaak programma's\Uniblue Registry Booster 2.0\UBVarRB.dll Verwijderd Virus.Win32.Sality!IK
F:\Newsleecher Downloads\Nero 7.10.1.0 NL Premium\Nero 7.10.1.0 NL Premium\keygen.exe Verwijderd Riskware.Hacktool.Keygen.Nero7!IK
F:\Newsleecher Downloads\==HaroDeyv==Winzip 11\==HaroDeyv==Winzip 11\Winzip 11 Keygen.exe Verwijderd Riskware.Keygen.WinZip11!IK
Verwijderd
Bestanden: 4
Sporen: 0
Cookies: 0

Abraham54 4 maart 2012, 22:44

Hoi, indien je keygens en dergelijke gebruikt om software gratis te kunnen gebruiken, kan je onheil in Windows verwachten!
[color=#FF0000:2f8edd9307]Stap •1•[/color:2f8edd9307]
Welk programma: TDSSStarter.exe
Waarvoor/waarom: Rootkitscanner
Moeilijkheidsgraad: geen
Download TDSSStarter naar het bureaublad.
"TDSSSStarter.exe" gebruiken:
[list:2f8edd9307][*:2f8edd9307] [color=#0000FF:2f8edd9307]Sluit nu eerst alle nog openstaande programmavensters![/color:2f8edd9307]
[list:2f8edd9307][*:2f8edd9307][color=#0000FF:2f8edd9307]Windows 2000[/color:2f8edd9307] en [color=#0000FF:2f8edd9307]Windows XP[/color:2f8edd9307]: start het tool middels dubbelklik op " TDSSStarter .exe".
[*:2f8edd9307][color=#0000FF:2f8edd9307]Windows Vista[/color:2f8edd9307] en [color=#0000FF:2f8edd9307]Windows 7[/color:2f8edd9307]: start het tool middels rechtsklik op "TDSSStarter.exe" en dan kiezen voor Als Administrator uitvoeren.[/list:u:2f8edd9307]
[*:2f8edd9307]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
[*:2f8edd9307]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:2f8edd9307]
[color=#FF0000:2f8edd9307]Stap •2•[/color:2f8edd9307]
Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken
en zo mogelijk op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via één van deze locaties:
[list:2f8edd9307][*:2f8edd9307]Bleepingcomputer
[*:2f8edd9307]ForoSpyware
[*:2f8edd9307]Geekstogo[/list:u:2f8edd9307]
Hier zie je hoe je ComboFix moet gebruiken.
Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
Voor alle duidelijkheid nogmaals: ComboFix dient vanaf het bureaublad gestart te worden.
Opmerkingen:
[list:2f8edd9307][*:2f8edd9307] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).[/list:u:2f8edd9307]
ComboFix opstarten:
[list:2f8edd9307][*:2f8edd9307] [color=#0000FF:2f8edd9307]Sluit nu eerst alle nog openstaande programmavensters![/color:2f8edd9307]
[list:2f8edd9307][*:2f8edd9307][color=#0000FF:2f8edd9307]Windows 2000[/color:2f8edd9307] en [color=#0000FF:2f8edd9307]Windows XP[/color:2f8edd9307]: start ComboFix.exe middels dubbelklik op ComboFix.exe.
[*:2f8edd9307][color=#0000FF:2f8edd9307]Windows Vista[/color:2f8edd9307] en [color=#0000FF:2f8edd9307]Windows 7[/color:2f8edd9307]: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor Als Administrator uitvoeren.[/list:u:2f8edd9307][/list:u:2f8edd9307]
ComboFix is opgestart:
[list:2f8edd9307][*:2f8edd9307]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
[*:2f8edd9307]Combofix sluit tijdens de scan de internet verbinding; probeer deze tussentijds niet te herstellen!
[*:2f8edd9307]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
[*:2f8edd9307]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
[*:2f8edd9307]Post de inhoud van dit logbestand in je volgende bericht.
[*:2f8edd9307]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:2f8edd9307]
Belangrijke opmerking:
[list:2f8edd9307][*:2f8edd9307][color=Red:2f8edd9307]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:2f8edd9307]
[*:2f8edd9307]Illegal operation attempted on a registery key that has been marked for deletion.
[*:2f8edd9307][color=Red:2f8edd9307]Start dan de computer opnieuw op.[/color:2f8edd9307][/list:u:2f8edd9307]
[color=#FF0000:2f8edd9307]Stap •3•[/color:2f8edd9307]
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
[list:2f8edd9307][*:2f8edd9307] TDSSKStarter-log
[*:2f8edd9307] ComboFix.txt-log
[/list:u:2f8edd9307]

honshu 4 maart 2012, 22:50

dank voor je belerende reactie.

honshu 4 maart 2012, 23:36

23:35:44.0458 5580 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
23:35:44.0458 5580 ============================================================
23:35:44.0458 5580 Current date / time: 2012/03/04 23:35:44.0458
23:35:44.0458 5580 SystemInfo:
23:35:44.0458 5580
23:35:44.0458 5580 OS Version: 6.1.7601 ServicePack: 1.0
23:35:44.0458 5580 Product type: Workstation
23:35:44.0458 5580 ComputerName: NICO-PC
23:35:44.0458 5580 UserName: Nico
23:35:44.0458 5580 Windows directory: C:\Windows
23:35:44.0458 5580 System windows directory: C:\Windows
23:35:44.0458 5580 Running under WOW64
23:35:44.0458 5580 Processor architecture: Intel x64
23:35:44.0458 5580 Number of processors: 8
23:35:44.0458 5580 Page size: 0x1000
23:35:44.0458 5580 Boot type: Normal boot
23:35:44.0458 5580 ============================================================
23:35:44.0646 5580 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:35:44.0646 5580 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:35:44.0662 5580 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:35:44.0662 5580 \Device\Harddisk0\DR0:
23:35:44.0662 5580 MBR used
23:35:44.0662 5580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:35:44.0662 5580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
23:35:44.0662 5580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x683B6000
23:35:44.0662 5580 \Device\Harddisk1\DR1:
23:35:44.0662 5580 MBR used
23:35:44.0662 5580 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
23:35:44.0662 5580 \Device\Harddisk2\DR2:
23:35:44.0662 5580 MBR used
23:35:44.0662 5580 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
23:35:44.0708 5580 Initialize success
23:35:44.0708 5580 ============================================================
23:35:44.0740 5716 ============================================================
23:35:44.0740 5716 Scan started
23:35:44.0740 5716 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
23:35:44.0740 5716 ============================================================
23:35:45.0021 5716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:35:45.0052 5716 1394ohci - ok
23:35:45.0068 5716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:35:45.0083 5716 ACPI - ok
23:35:45.0099 5716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:35:45.0099 5716 AcpiPmi - ok
23:35:45.0130 5716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:35:45.0146 5716 adp94xx - ok
23:35:45.0162 5716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:35:45.0177 5716 adpahci - ok
23:35:45.0193 5716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:35:45.0193 5716 adpu320 - ok
23:35:45.0208 5716 afcdp (769b6f7dee0e943712a6316129d4bb0e) C:\Windows\system32\DRIVERS\afcdp.sys
23:35:45.0240 5716 afcdp - ok
23:35:45.0255 5716 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:35:45.0271 5716 AFD - ok
23:35:45.0271 5716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:35:45.0287 5716 agp440 - ok
23:35:45.0302 5716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:35:45.0302 5716 aliide - ok
23:35:45.0318 5716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:35:45.0318 5716 amdide - ok
23:35:45.0333 5716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:35:45.0349 5716 AmdK8 - ok
23:35:45.0349 5716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:35:45.0365 5716 AmdPPM - ok
23:35:45.0365 5716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:35:45.0380 5716 amdsata - ok
23:35:45.0396 5716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:35:45.0396 5716 amdsbs - ok
23:35:45.0412 5716 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:35:45.0427 5716 amdxata - ok
23:35:45.0443 5716 AMTBDA_P861F (8d1730e518132a28e6c6a7e7b94cdf0b) C:\Windows\system32\DRIVERS\anyseeTU.SYS
23:35:45.0458 5716 AMTBDA_P861F - ok
23:35:45.0474 5716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:35:45.0505 5716 AppID - ok
23:35:45.0521 5716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:35:45.0521 5716 arc - ok
23:35:45.0537 5716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:35:45.0537 5716 arcsas - ok
23:35:45.0552 5716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:35:45.0583 5716 AsyncMac - ok
23:35:45.0599 5716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:35:45.0599 5716 atapi - ok
23:35:45.0693 5716 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
23:35:45.0755 5716 atikmdag - ok
23:35:45.0771 5716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:35:45.0787 5716 b06bdrv - ok
23:35:45.0802 5716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:35:45.0818 5716 b57nd60a - ok
23:35:45.0818 5716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:35:45.0849 5716 Beep - ok
23:35:45.0865 5716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:35:45.0880 5716 blbdrive - ok
23:35:45.0896 5716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:35:45.0896 5716 bowser - ok
23:35:45.0912 5716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:35:45.0927 5716 BrFiltLo - ok
23:35:45.0927 5716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:35:45.0943 5716 BrFiltUp - ok
23:35:45.0958 5716 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:35:45.0990 5716 BridgeMP - ok
23:35:46.0005 5716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:35:46.0021 5716 Brserid - ok
23:35:46.0037 5716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:35:46.0052 5716 BrSerWdm - ok
23:35:46.0068 5716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:35:46.0083 5716 BrUsbMdm - ok
23:35:46.0083 5716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:35:46.0099 5716 BrUsbSer - ok
23:35:46.0115 5716 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
23:35:46.0115 5716 BthEnum - ok
23:35:46.0130 5716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:35:46.0146 5716 BTHMODEM - ok
23:35:46.0162 5716 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:35:46.0177 5716 BthPan - ok
23:35:46.0193 5716 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
23:35:46.0208 5716 BTHPORT - ok
23:35:46.0224 5716 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
23:35:46.0224 5716 BTHUSB - ok
23:35:46.0240 5716 catchme - ok
23:35:46.0240 5716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:35:46.0271 5716 cdfs - ok
23:35:46.0287 5716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:35:46.0302 5716 cdrom - ok
23:35:46.0318 5716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:35:46.0318 5716 circlass - ok
23:35:46.0333 5716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:35:46.0349 5716 CLFS - ok
23:35:46.0365 5716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:35:46.0380 5716 CmBatt - ok
23:35:46.0380 5716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:35:46.0396 5716 cmdide - ok
23:35:46.0412 5716 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:35:46.0427 5716 CNG - ok
23:35:46.0443 5716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:35:46.0443 5716 Compbatt - ok
23:35:46.0458 5716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:35:46.0474 5716 CompositeBus - ok
23:35:46.0490 5716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:35:46.0490 5716 crcdisk - ok
23:35:46.0521 5716 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:35:46.0537 5716 CSC - ok
23:35:46.0552 5716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:35:46.0583 5716 DfsC - ok
23:35:46.0599 5716 DgiVecp - ok
23:35:46.0599 5716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:35:46.0630 5716 discache - ok
23:35:46.0646 5716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:35:46.0646 5716 Disk - ok
23:35:46.0662 5716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:35:46.0677 5716 drmkaud - ok
23:35:46.0693 5716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:35:46.0724 5716 DXGKrnl - ok
23:35:46.0740 5716 e.dentifier2 (a0d5450b3d4689dce4cbbc8268141c37) C:\Windows\system32\DRIVERS\aabed2.sys
23:35:46.0740 5716 e.dentifier2 - ok
23:35:46.0802 5716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:35:46.0833 5716 ebdrv - ok
23:35:46.0865 5716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:35:46.0880 5716 elxstor - ok
23:35:46.0896 5716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:35:46.0896 5716 ErrDev - ok
23:35:46.0912 5716 ewusbnet (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys
23:35:46.0927 5716 ewusbnet - ok
23:35:46.0943 5716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:35:46.0974 5716 exfat - ok
23:35:46.0990 5716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:35:47.0005 5716 fastfat - ok
23:35:47.0021 5716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:35:47.0037 5716 fdc - ok
23:35:47.0052 5716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:35:47.0052 5716 FileInfo - ok
23:35:47.0068 5716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:35:47.0099 5716 Filetrace - ok
23:35:47.0099 5716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:35:47.0115 5716 flpydisk - ok
23:35:47.0130 5716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:35:47.0146 5716 FltMgr - ok
23:35:47.0162 5716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:35:47.0162 5716 FsDepends - ok
23:35:47.0177 5716 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:35:47.0177 5716 Fs_Rec - ok
23:35:47.0193 5716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:35:47.0208 5716 fvevol - ok
23:35:47.0224 5716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:35:47.0224 5716 gagp30kx - ok
23:35:47.0240 5716 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:35:47.0240 5716 GEARAspiWDM - ok
23:35:47.0271 5716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:35:47.0271 5716 hcw85cir - ok
23:35:47.0287 5716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:35:47.0302 5716 HdAudAddService - ok
23:35:47.0318 5716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:35:47.0333 5716 HDAudBus - ok
23:35:47.0333 5716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:35:47.0349 5716 HidBatt - ok
23:35:47.0365 5716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:35:47.0365 5716 HidBth - ok
23:35:47.0380 5716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:35:47.0396 5716 HidIr - ok
23:35:47.0412 5716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:35:47.0412 5716 HidUsb - ok
23:35:47.0427 5716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:35:47.0443 5716 HpSAMD - ok
23:35:47.0458 5716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:35:47.0490 5716 HTTP - ok
23:35:47.0505 5716 hwdatacard (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:35:47.0521 5716 hwdatacard - ok
23:35:47.0521 5716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:35:47.0537 5716 hwpolicy - ok
23:35:47.0552 5716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:35:47.0568 5716 i8042prt - ok
23:35:47.0583 5716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:35:47.0583 5716 iaStorV - ok
23:35:47.0599 5716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:35:47.0615 5716 iirsp - ok
23:35:47.0630 5716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:35:47.0630 5716 intelide - ok
23:35:47.0646 5716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:35:47.0662 5716 intelppm - ok
23:35:47.0677 5716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:35:47.0693 5716 IpFilterDriver - ok
23:35:47.0708 5716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:35:47.0724 5716 IPMIDRV - ok
23:35:47.0740 5716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:35:47.0755 5716 IPNAT - ok
23:35:47.0771 5716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:35:47.0787 5716 IRENUM - ok
23:35:47.0802 5716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:35:47.0802 5716 isapnp - ok
23:35:47.0818 5716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:35:47.0833 5716 iScsiPrt - ok
23:35:47.0849 5716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:35:47.0849 5716 kbdclass - ok
23:35:47.0865 5716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:35:47.0880 5716 kbdhid - ok
23:35:47.0896 5716 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:35:47.0896 5716 KSecDD - ok
23:35:47.0912 5716 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:35:47.0927 5716 KSecPkg - ok
23:35:47.0927 5716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:35:47.0958 5716 ksthunk - ok
23:35:47.0974 5716 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
23:35:47.0990 5716 LEqdUsb - ok
23:35:48.0005 5716 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
23:35:48.0005 5716 LHidEqd - ok
23:35:48.0021 5716 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:35:48.0021 5716 LHidFilt - ok
23:35:48.0037 5716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:35:48.0069 5716 lltdio - ok
23:35:48.0084 5716 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:35:48.0084 5716 LMouFilt - ok
23:35:48.0100 5716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:35:48.0116 5716 LSI_FC - ok
23:35:48.0116 5716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:35:48.0131 5716 LSI_SAS - ok
23:35:48.0147 5716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:35:48.0147 5716 LSI_SAS2 - ok
23:35:48.0163 5716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:35:48.0178 5716 LSI_SCSI - ok
23:35:48.0194 5716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:35:48.0225 5716 luafv - ok
23:35:48.0225 5716 LUsbFilt (29c733e1de824670dc9315cfc9bdbcd3) C:\Windows\system32\Drivers\LUsbFilt.Sys
23:35:48.0241 5716 LUsbFilt - ok
23:35:48.0241 5716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:35:48.0256 5716 megasas - ok
23:35:48.0272 5716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:35:48.0288 5716 MegaSR - ok
23:35:48.0288 5716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:35:48.0319 5716 Modem - ok
23:35:48.0334 5716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:35:48.0350 5716 monitor - ok
23:35:48.0350 5716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:35:48.0366 5716 mouclass - ok
23:35:48.0381 5716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:35:48.0381 5716 mouhid - ok
23:35:48.0397 5716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:35:48.0397 5716 mountmgr - ok
23:35:48.0413 5716 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
23:35:48.0428 5716 MpFilter - ok
23:35:48.0444 5716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:35:48.0459 5716 mpio - ok
23:35:48.0459 5716 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:35:48.0475 5716 MpNWMon - ok
23:35:48.0475 5716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:35:48.0506 5716 mpsdrv - ok
23:35:48.0538 5716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:35:48.0553 5716 MRxDAV - ok
23:35:48.0584 5716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:35:48.0584 5716 mrxsmb - ok
23:35:48.0616 5716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:35:48.0616 5716 mrxsmb10 - ok
23:35:48.0647 5716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:35:48.0663 5716 mrxsmb20 - ok
23:35:48.0678 5716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:35:48.0678 5716 msahci - ok
23:35:48.0694 5716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:35:48.0694 5716 msdsm - ok
23:35:48.0709 5716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:35:48.0741 5716 Msfs - ok
23:35:48.0756 5716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:35:48.0788 5716 mshidkmdf - ok
23:35:48.0788 5716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:35:48.0803 5716 msisadrv - ok
23:35:48.0819 5716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:35:48.0834 5716 MSKSSRV - ok
23:35:48.0850 5716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:35:48.0881 5716 MSPCLOCK - ok
23:35:48.0881 5716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:35:48.0913 5716 MSPQM - ok
23:35:48.0928 5716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:35:48.0944 5716 MsRPC - ok
23:35:48.0959 5716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:35:48.0959 5716 mssmbios - ok
23:35:48.0975 5716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:35:48.0991 5716 MSTEE - ok
23:35:49.0006 5716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:35:49.0022 5716 MTConfig - ok
23:35:49.0022 5716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:35:49.0038 5716 Mup - ok
23:35:49.0053 5716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:35:49.0069 5716 NativeWifiP - ok
23:35:49.0100 5716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:35:49.0116 5716 NDIS - ok
23:35:49.0131 5716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:35:49.0147 5716 NdisCap - ok
23:35:49.0163 5716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:35:49.0194 5716 NdisTapi - ok
23:35:49.0194 5716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:35:49.0225 5716 Ndisuio - ok
23:35:49.0241 5716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:35:49.0256 5716 NdisWan - ok
23:35:49.0272 5716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:35:49.0303 5716 NDProxy - ok
23:35:49.0303 5716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:35:49.0334 5716 NetBIOS - ok
23:35:49.0350 5716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:35:49.0366 5716 NetBT - ok
23:35:49.0381 5716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:35:49.0397 5716 nfrd960 - ok
23:35:49.0413 5716 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:35:49.0413 5716 NisDrv - ok
23:35:49.0428 5716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:35:49.0459 5716 Npfs - ok
23:35:49.0459 5716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:35:49.0491 5716 nsiproxy - ok
23:35:49.0538 5716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:35:49.0584 5716 Ntfs - ok
23:35:49.0584 5716 ntk_PowerDVD (7420b2e1f65642129b6e23bd42f752aa) C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
23:35:49.0600 5716 ntk_PowerDVD - ok
23:35:49.0616 5716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:35:49.0647 5716 Null - ok
23:35:49.0647 5716 nusb3hub (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:35:49.0663 5716 nusb3hub - ok
23:35:49.0678 5716 nusb3xhc (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:35:49.0678 5716 nusb3xhc - ok
23:35:49.0694 5716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:35:49.0694 5716 nvraid - ok
23:35:49.0709 5716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:35:49.0725 5716 nvstor - ok
23:35:49.0725 5716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:35:49.0741 5716 nv_agp - ok
23:35:49.0756 5716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:35:49.0756 5716 ohci1394 - ok
23:35:49.0788 5716 P17 (634347adebc790b8f07654a3ea8034fd) C:\Windows\system32\drivers\P17.sys
23:35:49.0803 5716 P17 - ok
23:35:49.0819 5716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:35:49.0819 5716 Parport - ok
23:35:49.0834 5716 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:35:49.0850 5716 partmgr - ok
23:35:49.0866 5716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:35:49.0881 5716 pci - ok
23:35:49.0897 5716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:35:49.0913 5716 pciide - ok
23:35:49.0928 5716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:35:49.0944 5716 pcmcia - ok
23:35:49.0959 5716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:35:49.0975 5716 pcw - ok
23:35:50.0006 5716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:35:50.0038 5716 PEAUTH - ok
23:35:50.0069 5716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:35:50.0100 5716 PptpMiniport - ok
23:35:50.0100 5716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:35:50.0116 5716 Processor - ok
23:35:50.0131 5716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:35:50.0147 5716 Psched - ok
23:35:50.0178 5716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:35:50.0209 5716 ql2300 - ok
23:35:50.0225 5716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:35:50.0225 5716 ql40xx - ok
23:35:50.0241 5716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:35:50.0256 5716 QWAVEdrv - ok
23:35:50.0272 5716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:35:50.0303 5716 RasAcd - ok
23:35:50.0319 5716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:35:50.0334 5716 RasAgileVpn - ok
23:35:50.0350 5716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:35:50.0381 5716 Rasl2tp - ok
23:35:50.0397 5716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:35:50.0413 5716 RasPppoe - ok
23:35:50.0428 5716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:35:50.0459 5716 RasSstp - ok
23:35:50.0475 5716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:35:50.0491 5716 rdbss - ok
23:35:50.0506 5716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:35:50.0522 5716 rdpbus - ok
23:35:50.0538 5716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:35:50.0569 5716 RDPCDD - ok
23:35:50.0584 5716 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:35:50.0600 5716 RDPDR - ok
23:35:50.0616 5716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:35:50.0631 5716 RDPENCDD - ok
23:35:50.0647 5716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:35:50.0678 5716 RDPREFMP - ok
23:35:50.0694 5716 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:35:50.0709 5716 RDPWD - ok
23:35:50.0725 5716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:35:50.0741 5716 rdyboost - ok
23:35:50.0756 5716 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:35:50.0772 5716 RFCOMM - ok
23:35:50.0788 5716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:35:50.0803 5716 rspndr - ok
23:35:50.0834 5716 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:35:50.0834 5716 RTL8167 - ok
23:35:50.0850 5716 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:35:50.0850 5716 s3cap - ok
23:35:50.0881 5716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:35:50.0897 5716 sbp2port - ok
23:35:50.0913 5716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:35:50.0928 5716 scfilter - ok
23:35:50.0944 5716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:35:50.0975 5716 secdrv - ok
23:35:50.0991 5716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:35:51.0006 5716 Serenum - ok
23:35:51.0006 5716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:35:51.0022 5716 Serial - ok
23:35:51.0022 5716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:35:51.0038 5716 sermouse - ok
23:35:51.0053 5716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:35:51.0069 5716 sffdisk - ok
23:35:51.0069 5716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:35:51.0084 5716 sffp_mmc - ok
23:35:51.0100 5716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:35:51.0100 5716 sffp_sd - ok
23:35:51.0131 5716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:35:51.0131 5716 sfloppy - ok
23:35:51.0147 5716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:35:51.0163 5716 SiSRaid2 - ok
23:35:51.0178 5716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:35:51.0178 5716 SiSRaid4 - ok
23:35:51.0194 5716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:35:51.0225 5716 Smb - ok
23:35:51.0241 5716 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
23:35:51.0241 5716 snapman - ok
23:35:51.0256 5716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:35:51.0272 5716 spldr - ok
23:35:51.0288 5716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:35:51.0288 5716 srv - ok
23:35:51.0303 5716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:35:51.0319 5716 srv2 - ok
23:35:51.0334 5716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:35:51.0350 5716 srvnet - ok
23:35:51.0350 5716 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
23:35:51.0366 5716 SSPORT - ok
23:35:51.0366 5716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:35:51.0381 5716 stexstor - ok
23:35:51.0397 5716 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:35:51.0397 5716 storflt - ok
23:35:51.0413 5716 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:35:51.0413 5716 storvsc - ok
23:35:51.0428 5716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:35:51.0428 5716 swenum - ok
23:35:51.0459 5716 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:35:51.0491 5716 Tcpip - ok
23:35:51.0522 5716 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:35:51.0553 5716 TCPIP6 - ok
23:35:51.0569 5716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:35:51.0600 5716 tcpipreg - ok
23:35:51.0616 5716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:35:51.0631 5716 TDPIPE - ok
23:35:51.0678 5716 tdrpman255 (5a1ce027712f76ad4c485e803db7d08c) C:\Windows\system32\DRIVERS\tdrpm255.sys
23:35:51.0709 5716 tdrpman255 - ok
23:35:51.0725 5716 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:35:51.0756 5716 TDTCP - ok
23:35:51.0772 5716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:35:51.0803 5716 tdx - ok
23:35:51.0819 5716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:35:51.0819 5716 TermDD - ok
23:35:51.0850 5716 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
23:35:51.0866 5716 timounter - ok
23:35:51.0881 5716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:35:51.0913 5716 tssecsrv - ok
23:35:51.0913 5716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:35:51.0928 5716 TsUsbFlt - ok
23:35:51.0944 5716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:35:51.0959 5716 tunnel - ok
23:35:51.0975 5716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:35:51.0991 5716 uagp35 - ok
23:35:51.0991 5716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:35:52.0022 5716 udfs - ok
23:35:52.0038 5716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:35:52.0038 5716 uliagpkx - ok
23:35:52.0053 5716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:35:52.0069 5716 umbus - ok
23:35:52.0069 5716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:35:52.0084 5716 UmPass - ok
23:35:52.0100 5716 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:35:52.0100 5716 USBAAPL64 - ok
23:35:52.0116 5716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:35:52.0131 5716 usbccgp - ok
23:35:52.0131 5716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:35:52.0147 5716 usbcir - ok
23:35:52.0163 5716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:35:52.0178 5716 usbehci - ok
23:35:52.0194 5716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:35:52.0194 5716 usbhub - ok
23:35:52.0209 5716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:35:52.0225 5716 usbohci - ok
23:35:52.0241 5716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:35:52.0256 5716 usbprint - ok
23:35:52.0272 5716 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:35:52.0288 5716 usbscan - ok
23:35:52.0288 5716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:35:52.0303 5716 USBSTOR - ok
23:35:52.0319 5716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:35:52.0319 5716 usbuhci - ok
23:35:52.0334 5716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:35:52.0350 5716 vdrvroot - ok
23:35:52.0366 5716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:35:52.0381 5716 vga - ok
23:35:52.0397 5716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:35:52.0428 5716 VgaSave - ok
23:35:52.0428 5716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:35:52.0444 5716 vhdmp - ok
23:35:52.0459 5716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:35:52.0459 5716 viaide - ok
23:35:52.0491 5716 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:35:52.0506 5716 vmbus - ok
23:35:52.0522 5716 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:35:52.0569 5716 VMBusHID - ok
23:35:52.0584 5716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:35:52.0600 5716 volmgr - ok
23:35:52.0616 5716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:35:52.0616 5716 volmgrx - ok
23:35:52.0631 5716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:35:52.0647 5716 volsnap - ok
23:35:52.0663 5716 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
23:35:52.0663 5716 vpcbus - ok
23:35:52.0678 5716 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:35:52.0694 5716 vpcnfltr - ok
23:35:52.0709 5716 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
23:35:52.0709 5716 vpcusb - ok
23:35:52.0725 5716 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
23:35:52.0741 5716 vpcuxd - ok
23:35:52.0756 5716 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
23:35:52.0772 5716 vpcvmm - ok
23:35:52.0788 5716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:35:52.0788 5716 vsmraid - ok
23:35:52.0803 5716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:35:52.0819 5716 vwifibus - ok
23:35:52.0834 5716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:35:52.0834 5716 WacomPen - ok
23:35:52.0850 5716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:35:52.0881 5716 WANARP - ok
23:35:52.0881 5716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:35:52.0897 5716 Wanarpv6 - ok
23:35:52.0928 5716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:35:52.0928 5716 Wd - ok
23:35:52.0944 5716 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:35:52.0944 5716 WDC_SAM - ok
23:35:52.0959 5716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:35:52.0975 5716 Wdf01000 - ok
23:35:53.0006 5716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:35:53.0022 5716 WfpLwf - ok
23:35:53.0038 5716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:35:53.0038 5716 WIMMount - ok
23:35:53.0069 5716 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:35:53.0084 5716 WinUsb - ok
23:35:53.0084 5716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:35:53.0100 5716 WmiAcpi - ok
23:35:53.0116 5716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:35:53.0147 5716 ws2ifsl - ok
23:35:53.0163 5716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:35:53.0194 5716 WudfPf - ok
23:35:53.0194 5716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:35:53.0225 5716 WUDFRd - ok
23:35:53.0241 5716 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (1870a74ee2901ca09ffbfe79a5ee0e94) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
23:35:53.0241 5716 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
23:35:53.0350 5716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:35:53.0850 5716 \Device\Harddisk0\DR0 - ok
23:35:53.0850 5716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:35:53.0866 5716 \Device\Harddisk1\DR1 - ok
23:35:53.0866 5716 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
23:35:53.0897 5716 \Device\Harddisk2\DR2 - ok
23:35:53.0897 5716 Boot (0x1200) (f69857d7f3642abf55f6fd184713e3df) \Device\Harddisk0\DR0\Partition0
23:35:53.0897 5716 \Device\Harddisk0\DR0\Partition0 - ok
23:35:53.0897 5716 Boot (0x1200) (680a4bb76e237684b92ae6593dc546e0) \Device\Harddisk0\DR0\Partition1
23:35:53.0897 5716 \Device\Harddisk0\DR0\Partition1 - ok
23:35:53.0897 5716 Boot (0x1200) (66c67a03c135113bdf3016fa97c7d11c) \Device\Harddisk0\DR0\Partition2
23:35:53.0897 5716 \Device\Harddisk0\DR0\Partition2 - ok
23:35:53.0897 5716 Boot (0x1200) (34b720c963a42fa1e50e36df239d8bdd) \Device\Harddisk1\DR1\Partition0
23:35:53.0897 5716 \Device\Harddisk1\DR1\Partition0 - ok
23:35:53.0897 5716 Boot (0x1200) (738560f7b9ff8f74bb2e827fb2b1702d) \Device\Harddisk2\DR2\Partition0
23:35:53.0897 5716 \Device\Harddisk2\DR2\Partition0 - ok
23:35:53.0897 5716 ============================================================
23:35:53.0897 5716 Scan finished
23:35:53.0897 5716 ============================================================
23:35:54.0413 3644 Deinitialize success

==============================================
System Restore Point Check:
TDSSKiller Starter Restore Point Created Succesfully
==============================================

Older logs
==============================================
C:\TDSSStarter\Report_04-03-2012_2319_.log
==============================================
EOF
ComboFix 12-03-04.01 - Nico 04-03-2012 23:29:44.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.6135.4390 [GMT 1:00]
Gestart vanuit: c:\users\Nico\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-04 to 2012-03-04 ))))))))))))))))))))))))))))))
.
.
2012-03-04 22:32 . 2012-03-04 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 22:19 . 2012-03-04 22:19 -------- d-----w- C:\TDSSStarter
2012-03-04 14:36 . 2012-03-04 14:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-04 14:36 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 09:26 . 2012-03-04 09:26 388096 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-04 09:26 . 2012-03-04 09:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-04 09:24 . 2012-03-04 09:24 484664 ----a-w- c:\program files\hijackthis-s32-downloader.exe
2012-03-04 08:58 . 2012-03-04 08:58 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2012-03-04 08:58 . 2009-11-05 15:36 47984 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl
2012-03-04 08:57 . 2012-03-04 08:58 -------- d-----w- c:\programdata\Innovative Solutions
2012-03-04 08:41 . 2012-03-04 08:41 -------- d-----w- c:\programdata\PC Tools
2012-03-04 08:41 . 2012-03-04 08:41 -------- d-----w- c:\users\Nico\AppData\Roaming\TestApp
2012-03-04 08:20 . 2012-03-04 08:20 -------- d-----w- c:\programdata\Binarysense
2012-03-04 08:18 . 2012-03-04 08:18 -------- d-----w- c:\program files (x86)\BinarySense
2012-03-04 08:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB4B815E-872A-4D17-A182-3BF4DB650E45}\mpengine.dll
2012-02-26 15:22 . 2009-12-07 18:53 117504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-02-26 15:22 . 2009-12-07 18:36 246224 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-02-26 15:22 . 2009-10-12 14:23 114304 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2012-02-26 15:22 . 2007-08-09 03:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-02-26 15:22 . 2012-02-26 15:23 -------- d-----w- c:\program files (x86)\Mobile Partner
2012-02-26 15:11 . 2012-02-26 15:11 -------- d-----w- c:\program files (x86)\Xirrus
2012-02-26 07:18 . 2012-02-26 07:18 -------- d-----w- c:\users\Nico\AppData\Local\MetaGeek,_LLC
2012-02-25 21:33 . 2012-02-25 21:33 -------- d-----w- c:\program files (x86)\MetaGeek
2012-02-24 21:55 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-02-24 21:55 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-02-24 21:55 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-02-24 21:55 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-02-24 21:55 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-02-24 21:55 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-02-24 21:55 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-02-24 21:55 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-02-24 21:55 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-02-24 21:55 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-02-20 19:56 . 2012-02-20 19:56 -------- d-----w- c:\users\Nico\AppData\Roaming\CyberLink
2012-02-20 19:55 . 2012-02-20 19:55 -------- d-----w- c:\programdata\PDVD
2012-02-20 19:54 . 2012-02-20 19:57 -------- d-----w- c:\programdata\CyberLink
2012-02-20 19:54 . 2012-02-20 19:54 -------- d-----w- c:\users\Nico\AppData\Local\MediaServer
2012-02-20 19:54 . 2012-02-20 19:54 -------- d-----w- c:\program files (x86)\CyberLink
2012-02-20 19:53 . 2012-02-20 19:54 -------- d-----w- c:\programdata\install_clap
2012-02-19 20:50 . 2012-02-19 20:54 -------- d-----w- c:\users\Nico\AppData\Roaming\TeamViewer
2012-02-19 07:21 . 2012-02-19 07:21 -------- d-----w- c:\users\Nico\AppData\Roaming\Downloaded Installations
2012-02-15 21:04 . 2012-02-15 21:04 -------- d-----w- c:\programdata\4Videosoft Studio
2012-02-15 21:03 . 2012-02-15 21:03 -------- d-----w- c:\program files (x86)\4Videosoft Studio
2012-02-15 20:58 . 2012-02-15 20:58 -------- d-----w- c:\users\Nico\AppData\Roaming\WinAVI
2012-02-15 20:58 . 2012-02-15 20:58 -------- d-----w- c:\users\Nico\AppData\Local\WinAVI
2012-02-15 20:58 . 2012-02-15 21:08 -------- d-----w- c:\program files (x86)\WinAVI
2012-02-15 20:43 . 2012-02-15 20:43 -------- d-----w- c:\programdata\Nero
2012-02-15 20:43 . 2012-02-15 20:43 -------- d-----w- c:\program files (x86)\Nero
2012-02-15 20:43 . 2012-02-15 20:43 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2012-02-15 07:01 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 07:01 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:01 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 07:01 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 07:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 16:23 . 2012-02-14 16:23 -------- d-----w- C:\Need4Video files
2012-02-14 16:20 . 2012-02-14 16:20 -------- d-----w- c:\program files (x86)\Need4 Video Converter 9
2012-02-14 15:50 . 2012-02-14 15:50 -------- d-----w- c:\users\Nico\AppData\Local\Western Digital
2012-02-14 11:36 . 2012-02-14 11:36 -------- d-----w- c:\users\Nico\AppData\Roaming\AVS4YOU
2012-02-14 11:32 . 2012-02-14 11:37 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-02-14 11:32 . 2012-02-14 11:37 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-02-14 11:32 . 2012-02-14 11:36 -------- d-----w- c:\programdata\AVS4YOU
2012-02-14 11:32 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-02-14 11:32 . 2011-08-22 15:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-02-14 11:20 . 2012-02-14 11:22 -------- d-----w- c:\users\Nico\AppData\Local\Ahead
2012-02-14 11:19 . 2012-02-15 21:22 -------- d-----w- c:\users\Nico\AppData\Roaming\Ahead
2012-02-14 11:19 . 2012-02-14 11:19 -------- d-----w- c:\programdata\Ahead
2012-02-11 10:50 . 2012-02-11 10:50 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D14A808-BD25-41E3-94DF-A603DD648E24}\gapaengine.dll
2012-02-11 10:50 . 2011-12-31 17:55 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-09 19:37 . 2012-02-09 19:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-09 19:37 . 2012-02-09 19:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-09 11:10 . 2012-02-09 11:11 -------- d-----w- c:\users\Nico\AppData\Roaming\tiger-k
2012-02-09 11:10 . 2012-02-09 11:10 -------- d-----w- c:\users\Nico\AppData\Roaming\Leawo
2012-02-09 11:08 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-02-09 11:08 . 2012-02-09 11:08 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-02-09 11:08 . 2008-10-28 09:10 139264 ----a-w- c:\windows\SysWow64\xvid.ax
2012-02-09 11:08 . 2008-10-08 08:45 606208 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-02-09 08:41 . 2012-02-09 08:41 -------- d-----w- c:\program files (x86)\Productivity_3.1
2012-02-05 18:59 . 2012-02-05 18:59 -------- d-----w- c:\programdata\InstallShield
2012-02-05 18:59 . 2012-02-05 18:59 -------- d-----w- c:\program files (x86)\Common Files\InstallShield Shared
2012-02-04 11:42 . 2012-02-04 11:42 -------- d-----w- c:\program files (x86)\Alex
2012-02-04 11:35 . 2012-02-04 11:35 -------- d-----w- c:\windows\system32\appmgmt
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 06:36 . 2011-12-31 19:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 07:13 . 2012-01-01 14:25 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-12-31 16:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-02 07:56 . 2012-01-02 07:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-01 15:36 . 2011-12-31 17:53 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-01-01 15:20 . 2012-01-01 15:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-01 15:20 . 2012-01-01 15:20 882512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-01 09:37 . 2012-01-01 09:37 250464 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-01-01 09:37 . 2012-01-01 09:37 1477152 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
2012-01-01 09:37 . 2012-01-01 09:37 929312 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-01-01 09:37 . 2012-01-01 09:37 254496 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-31 18:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-31 18:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-31 17:54 . 2011-12-31 17:54 53248 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-31 16:39 . 2011-12-31 16:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-31 16:39 . 2011-12-31 16:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-31 16:39 . 2011-12-31 16:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-31 16:39 . 2011-12-31 16:39 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-31 16:39 . 2011-12-31 16:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-31 16:39 . 2011-12-31 16:39 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-31 16:39 . 2011-12-31 16:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-31 16:39 . 2011-12-31 16:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-31 16:39 . 2011-12-31 16:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-31 16:39 . 2011-12-31 16:39 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-31 16:39 . 2011-12-31 16:39 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-31 16:39 . 2011-12-31 16:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-31 16:39 . 2011-12-31 16:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-31 16:39 . 2011-12-31 16:39 448512 ----a-w- c:\windows\system32\html.iec
2011-12-31 16:39 . 2011-12-31 16:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-31 16:39 . 2011-12-31 16:39 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-31 16:39 . 2011-12-31 16:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-31 16:39 . 2011-12-31 16:39 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-31 16:39 . 2011-12-31 16:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-31 16:39 . 2011-12-31 16:39 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-31 16:39 . 2011-12-31 16:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-31 16:39 . 2011-12-31 16:39 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-31 16:39 . 2011-12-31 16:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-31 16:39 . 2011-12-31 16:39 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-31 16:39 . 2011-12-31 16:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-31 16:39 . 2011-12-31 16:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-31 16:39 . 2011-12-31 16:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-31 16:39 . 2011-12-31 16:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-31 16:39 . 2011-12-31 16:39 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-31 16:39 . 2011-12-31 16:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-31 16:39 . 2011-12-31 16:39 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-31 16:39 . 2011-12-31 16:39 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-31 16:39 . 2011-12-31 16:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-31 16:39 . 2011-12-31 16:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-31 15:59 . 2011-12-31 15:59 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-31 15:59 . 2011-12-31 15:59 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-31 15:59 . 2011-12-31 15:59 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-31 15:59 . 2011-12-31 15:59 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 14:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-31 39408]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-03-02 8557464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"anysee CNO"="c:\program files (x86)\anysee\Driver\CNO.EXE" [2010-12-08 1273856]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-05-19 234792]
.
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2011-12-9 350208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-31 79360]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;Stubservice voor USB-virtualisatie;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [x]
S1 AMTBDA_P861F;anysee Capture Service;c:\windows\system32\DRIVERS\anyseeTU.SYS [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/02/20 20:55];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-20 14:31 148976]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-01 2475952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 92553294
*Deregistered* - 92553294
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 16:06]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 16:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HK

Abraham54 5 maart 2012, 10:48

Er zit een map PCTools in jouw Windows.
Heb je ooit deze beveiligingssoftware gebruikt.
Doe nu ook het volgende: de ESET online scan (Klik).
[list:c354a7ee2a]
[*:c354a7ee2a]Klik op de knop ESET Online Scanner
[*:c354a7ee2a]Zet een vinkje bij YES, I accept the Terms of Use
[*:c354a7ee2a]Klik op Start
[*:c354a7ee2a]Sta het ActiveX control toe om te installeren.
[*:c354a7ee2a]Zet een vinkje bij de volgende opties:
[list:c354a7ee2a][*:c354a7ee2a]Remove found threats
[*:c354a7ee2a]Scan archives[/list:u:c354a7ee2a]
[*:c354a7ee2a]Klik vervolgens op [color=#0000FF:c354a7ee2a]"Advanced Settings"[/color:c354a7ee2a]
[list:c354a7ee2a][*:c354a7ee2a]Scan for potentially unwanted applications
[*:c354a7ee2a]Scan for potentially unsafe applications
[*:c354a7ee2a]Enable Anti-Stealth technology [/list:u:c354a7ee2a]
[*:c354a7ee2a]Klik op Start
[*:c354a7ee2a]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
[*:c354a7ee2a]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
[*:c354a7ee2a]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt
[*:c354a7ee2a]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:c354a7ee2a]
[color=#0000FF:c354a7ee2a]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/color:c354a7ee2a]

honshu 5 maart 2012, 18:04

kan die pctools niet vinden hoor.
en nee die gebruik ik niet, staat waarschijnlijk ergens op een externe schijf.
is in ieder geval niet geinstalleerd voor zover ik kan nagaan.,

Abraham54 5 maart 2012, 19:18

We gaan dan maar eens zoeken:
Welk programma: Zoek.exe
Waarvoor/waarom: multifunktioneel tool
Moeilijkheidsgraad: geen.
Download: zoek.exe
"Zoek.exe" gebruiken:
[list:2fac3ab996][*:2fac3ab996] [color=#0000FF:2fac3ab996]Sluit nu eerst alle nog openstaande programmavensters![/color:2fac3ab996]
[list:2fac3ab996][*:2fac3ab996][color=#0000FF:2fac3ab996]Windows 2000[/color:2fac3ab996] en [color=#0000FF:2fac3ab996]Windows XP[/color:2fac3ab996]: start het tool middels dubbelklik op "Zoek.exe".
[*:2fac3ab996][color=#0000FF:2fac3ab996]Windows Vista[/color:2fac3ab996] en [color=#0000FF:2fac3ab996]Windows 7[/color:2fac3ab996]: start het tool middels rechtsklik op "Zoek.exe" en dan kiezen voor Als Administrator uitvoeren.[/list:u:2fac3ab996][/list:u:2fac3ab996]
Er start nu een zwart CMD/Opdrachtpromptvenster op.
[list:2fac3ab996][*:2fac3ab996]Typ nu in dat venster B gevolgd door Enter om "Custom search" te starten.
[*:2fac3ab996]Een kladblokdocument met de naam "input.txt" zal nu openen.
[*:2fac3ab996]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster[/list:u:2fac3ab996]
[color=#0000FF:2fac3ab996]
PC Tools;
[/color:2fac3ab996]

[list:2fac3ab996][*:2fac3ab996]Wanneer je de blauwe gekleurde tekst in het lege kladblokvenster geplakt hebt, mag je input.txt sluiten, laat de wijzigingen opslaan.[/list:u:2fac3ab996]

[list:2fac3ab996][*:2fac3ab996]Hierna begint de scan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.[/list:u:2fac3ab996]

honshu 5 maart 2012, 19:47

ja gevonden, zal ik het maar verwijderen?
staat bij programdata

Abraham54 5 maart 2012, 19:58

Post nu eerst het log van Zoek.exe!

honshu 5 maart 2012, 20:03

Zoek.exe Version 2.0.0.9 Updated 04-March-2012
Tool run by Nico on ma 05-03-2012 at 19:44:16,72.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5575LC1\zoek.exe
==== Folders Found ======================
2012-03-04 08:41:03 2012-03-04 08:41:03 -------- d-----w- C:\ProgramData\PC Tools
2012-03-04 08:41:03 2012-03-04 08:41:03 -------- d-----w- C:\Users\All Users\PC Tools
==== Files Found ======================

honshu 5 maart 2012, 20:23

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5aa199a374dafc498c151a7377bece71
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-05 06:47:31
# local_time=2012-03-05 07:47:31 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 117785 117785 0 0
# compatibility_mode=5893 16776574 100 94 70318 82597237 0 0
# compatibility_mode=8192 67108863 100 0 3794 3794 0 0
# scanned=181772
# found=1
# cleaned=1
# scan_time=5864
F:\Newsleecher Downloads\Advanced Uninstaller PROv1057(2012)-banDulu\Advanced_Uninstaller10.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C

Abraham54 5 maart 2012, 20:41

Het begint er inmiddels goed uit te zien.
"Zoek.exe van Smeenk" gebruiken:
[list:4561a38ae4][*:4561a38ae4] [color=#0000FF:4561a38ae4]Sluit nu eerst alle nog openstaande programmavensters![/color:4561a38ae4]
[list:4561a38ae4][*:4561a38ae4][color=#0000FF:4561a38ae4]Windows 2000[/color:4561a38ae4] en [color=#0000FF:4561a38ae4]Windows XP[/color:4561a38ae4]: start het tool middels dubbelklik op "Zoek.exe van Smeenk".
[*:4561a38ae4][color=#0000FF:4561a38ae4]Windows Vista[/color:4561a38ae4] en [color=#0000FF:4561a38ae4]Windows 7[/color:4561a38ae4]: start het tool middels rechtsklik op "Zoek.exe van Smeenk" en dan kiezen voor Als Administrator uitvoeren.[/list:u:4561a38ae4][/list:u:4561a38ae4]
Er start nu een zwart CMD/Opdrachtpromptvenster op.
[list:4561a38ae4][*:4561a38ae4]Typ nu in dat venster C gevolgd door Enter om "Delete files/folders" te starten.
[*:4561a38ae4]Een kladblokdocument met de naam "input.txt" zal nu openen.
[*:4561a38ae4]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster[/list:u:4561a38ae4]
[color=#0000FF:4561a38ae4]
C:\ProgramData\PC Tools;
C:\Users\All Users\PC Tools;
[/color:4561a38ae4]

[list:4561a38ae4][*:4561a38ae4]Wanneer je de blauwe gekleurde tekst in het lege kladblokvenster geplakt hebt, mag je input.txt sluiten, laat de wijzigingen opslaan.[/list:u:4561a38ae4]
[indent][indent][/indent][/indent]
[list:4561a38ae4][*:4561a38ae4]Hierna begint de scan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.
[*:4561a38ae4]Het kan gebeuren dat de computer rebooten moet.[/list:u:4561a38ae4]

honshu 5 maart 2012, 21:19

Zoek.exe Version 2.0.0.9 Updated 04-March-2012
Tool run by Nico on ma 05-03-2012 at 21:17:06,40.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\388BECAG\zoek.exe
==== Deleting Files \ Folders ======================
"C:\Users\All Users\PC Tools" deleted
"C:\Users\All Users\PC Tools\DownloadManager" deleted
"C:\Users\All Users\PC Tools\DownloadManager\Security" deleted
"C:\Users\All Users\PC Tools\DownloadManager\Security\7.0.0.0" deleted
"C:\Users\All Users\PC Tools\DownloadManager\Security\7.0.0.0\SD" deleted
"C:\Users\All Users\PC Tools\DownloadManager\Security\7.0.0.0\SD\NRM" deleted
"C:\Users\All Users\PC Tools\DownloadManager\Security\7.0.0.0\SD\NRMA" deleted
"C:\Users\All Users\PC Tools\DownloadManager\Security\7.0.0.0\SD\NRM\1" deleted
"C:\Users\All Users\PC Tools\DownloadManager\Security\7.0.0.0\SD\NRMA\17" delete

Abraham54 6 maart 2012, 10:02

Hmm PCTools is dus nog niet helemaal verwijdert.
Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)". .
Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster
[color=#0000FF:d43c7beefb]ClearJavaCache::
Folder::
C:\ProgramData\PC Tools[/color:d43c7beefb]

Sla dit kladblokbestand op je bureaublad op als CFScript.txt.
[color=#FF0000:d43c7beefb]Nu eerst de antivirus deaktiveren![/color:d43c7beefb]
Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
Post het Combofix log dat na het opnieuw starten wordt getoond!
Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in C:\Combofix.txt
Belangrijke opmerking:
[list:d43c7beefb][*:d43c7beefb][color=Red:d43c7beefb]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:d43c7beefb]
[*:d43c7beefb]Illegal operation attempted on a registery key that has been marked for deletion.
[*:d43c7beefb][color=Red:d43c7beefb]Start dan de computer opnieuw op.[/color:d43c7beefb][/list:u:d43c7beefb]

honshu 6 maart 2012, 16:36

ComboFix 12-03-04.01 - Nico 06-03-2012 16:30:31.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.6135.4477 [GMT 1:00]
Gestart vanuit: c:\users\Nico\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Nico\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-06 to 2012-03-06 ))))))))))))))))))))))))))))))
.
.
2012-03-06 15:33 . 2012-03-06 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 20:33 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{38F93891-5235-468D-A92A-53D48EF295AE}\mpengine.dll
2012-03-05 18:44 . 2012-03-05 18:44 -------- d-----w- c:\users\Nico\AppData\Roaming\Gena01
2012-03-05 18:11 . 2012-03-05 18:11 -------- d-----w- c:\users\Nico\AppData\Local\CyberLink
2012-03-05 17:06 . 2012-03-05 17:06 -------- d-----w- c:\program files (x86)\ESET
2012-03-04 22:19 . 2012-03-04 22:35 -------- d-----w- C:\TDSSStarter
2012-03-04 14:36 . 2012-03-04 14:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-04 14:36 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 09:26 . 2012-03-04 09:26 388096 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-04 09:26 . 2012-03-04 09:26 -------- d-----w- c:\program files (x86)\Trend Micro
2012-03-04 09:24 . 2012-03-04 09:24 484664 ----a-w- c:\program files\hijackthis-s32-downloader.exe
2012-03-04 08:58 . 2012-03-04 08:58 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions
2012-03-04 08:58 . 2009-11-05 15:36 47984 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl
2012-03-04 08:57 . 2012-03-04 08:58 -------- d-----w- c:\programdata\Innovative Solutions
2012-03-04 08:41 . 2012-03-04 08:41 -------- d-----w- c:\users\Nico\AppData\Roaming\TestApp
2012-03-04 08:20 . 2012-03-04 08:20 -------- d-----w- c:\programdata\Binarysense
2012-03-04 08:18 . 2012-03-04 08:18 -------- d-----w- c:\program files (x86)\BinarySense
2012-02-26 15:22 . 2009-12-07 18:53 117504 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-02-26 15:22 . 2009-12-07 18:36 246224 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-02-26 15:22 . 2009-10-12 14:23 114304 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2012-02-26 15:22 . 2007-08-09 03:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-02-26 15:22 . 2012-02-26 15:23 -------- d-----w- c:\program files (x86)\Mobile Partner
2012-02-26 15:11 . 2012-02-26 15:11 -------- d-----w- c:\program files (x86)\Xirrus
2012-02-26 07:18 . 2012-02-26 07:18 -------- d-----w- c:\users\Nico\AppData\Local\MetaGeek,_LLC
2012-02-25 21:33 . 2012-02-25 21:33 -------- d-----w- c:\program files (x86)\MetaGeek
2012-02-24 21:55 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-02-24 21:55 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-02-24 21:55 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-02-24 21:55 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-02-24 21:55 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-02-24 21:55 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-02-24 21:55 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-02-24 21:55 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-02-24 21:55 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-02-24 21:55 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-02-20 19:56 . 2012-02-20 19:56 -------- d-----w- c:\users\Nico\AppData\Roaming\CyberLink
2012-02-20 19:55 . 2012-02-20 19:55 -------- d-----w- c:\programdata\PDVD
2012-02-20 19:54 . 2012-02-20 19:57 -------- d-----w- c:\programdata\CyberLink
2012-02-20 19:54 . 2012-02-20 19:54 -------- d-----w- c:\users\Nico\AppData\Local\MediaServer
2012-02-20 19:54 . 2012-02-20 19:54 -------- d-----w- c:\program files (x86)\CyberLink
2012-02-20 19:53 . 2012-02-20 19:54 -------- d-----w- c:\programdata\install_clap
2012-02-19 20:50 . 2012-02-19 20:54 -------- d-----w- c:\users\Nico\AppData\Roaming\TeamViewer
2012-02-19 07:21 . 2012-02-19 07:21 -------- d-----w- c:\users\Nico\AppData\Roaming\Downloaded Installations
2012-02-15 21:04 . 2012-02-15 21:04 -------- d-----w- c:\programdata\4Videosoft Studio
2012-02-15 21:03 . 2012-02-15 21:03 -------- d-----w- c:\program files (x86)\4Videosoft Studio
2012-02-15 20:58 . 2012-02-15 20:58 -------- d-----w- c:\users\Nico\AppData\Roaming\WinAVI
2012-02-15 20:58 . 2012-02-15 20:58 -------- d-----w- c:\users\Nico\AppData\Local\WinAVI
2012-02-15 20:58 . 2012-02-15 21:08 -------- d-----w- c:\program files (x86)\WinAVI
2012-02-15 20:43 . 2012-02-15 20:43 -------- d-----w- c:\programdata\Nero
2012-02-15 20:43 . 2012-02-15 20:43 -------- d-----w- c:\program files (x86)\Nero
2012-02-15 20:43 . 2012-02-15 20:43 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2012-02-15 07:01 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:01 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 07:01 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:01 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 07:01 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 07:01 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:01 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-14 16:23 . 2012-02-14 16:23 -------- d-----w- C:\Need4Video files
2012-02-14 16:20 . 2012-02-14 16:20 -------- d-----w- c:\program files (x86)\Need4 Video Converter 9
2012-02-14 15:50 . 2012-02-14 15:50 -------- d-----w- c:\users\Nico\AppData\Local\Western Digital
2012-02-14 11:36 . 2012-02-14 11:36 -------- d-----w- c:\users\Nico\AppData\Roaming\AVS4YOU
2012-02-14 11:32 . 2012-02-14 11:37 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-02-14 11:32 . 2012-02-14 11:37 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-02-14 11:32 . 2012-02-14 11:36 -------- d-----w- c:\programdata\AVS4YOU
2012-02-14 11:32 . 2011-08-22 15:33 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-02-14 11:32 . 2011-08-22 15:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-02-14 11:20 . 2012-02-14 11:22 -------- d-----w- c:\users\Nico\AppData\Local\Ahead
2012-02-14 11:19 . 2012-03-05 19:20 -------- d-----w- c:\users\Nico\AppData\Roaming\Ahead
2012-02-14 11:19 . 2012-02-14 11:19 -------- d-----w- c:\programdata\Ahead
2012-02-11 10:50 . 2012-02-11 10:50 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D14A808-BD25-41E3-94DF-A603DD648E24}\gapaengine.dll
2012-02-11 10:50 . 2011-12-31 17:55 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-09 19:37 . 2012-02-09 19:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-09 19:37 . 2012-02-09 19:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-09 11:10 . 2012-02-09 11:11 -------- d-----w- c:\users\Nico\AppData\Roaming\tiger-k
2012-02-09 11:10 . 2012-02-09 11:10 -------- d-----w- c:\users\Nico\AppData\Roaming\Leawo
2012-02-09 11:08 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-02-09 11:08 . 2012-02-09 11:08 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-02-09 11:08 . 2008-10-28 09:10 139264 ----a-w- c:\windows\SysWow64\xvid.ax
2012-02-09 11:08 . 2008-10-08 08:45 606208 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-02-09 08:41 . 2012-02-09 08:41 -------- d-----w- c:\program files (x86)\Productivity_3.1
2012-02-05 18:59 . 2012-02-05 18:59 -------- d-----w- c:\programdata\InstallShield
2012-02-05 18:59 . 2012-02-05 18:59 -------- d-----w- c:\program files (x86)\Common Files\InstallShield Shared
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 06:36 . 2011-12-31 19:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 07:13 . 2012-01-01 14:25 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-12-31 16:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-02 07:56 . 2012-01-02 07:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-01 15:36 . 2011-12-31 17:53 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-01-01 15:20 . 2012-01-01 15:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-01 15:20 . 2012-01-01 15:20 882512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-01 09:37 . 2012-01-01 09:37 250464 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-01-01 09:37 . 2012-01-01 09:37 1477152 ----a-w- c:\windows\system32\drivers\tdrpm255.sys
2012-01-01 09:37 . 2012-01-01 09:37 929312 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-01-01 09:37 . 2012-01-01 09:37 254496 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-31 18:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-31 18:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-31 17:54 . 2011-12-31 17:54 53248 ----a-r- c:\users\Nico\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-31 16:39 . 2011-12-31 16:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-31 16:39 . 2011-12-31 16:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-31 16:39 . 2011-12-31 16:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-31 16:39 . 2011-12-31 16:39 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-31 16:39 . 2011-12-31 16:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-31 16:39 . 2011-12-31 16:39 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-31 16:39 . 2011-12-31 16:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-31 16:39 . 2011-12-31 16:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-31 16:39 . 2011-12-31 16:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-31 16:39 . 2011-12-31 16:39 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-31 16:39 . 2011-12-31 16:39 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-31 16:39 . 2011-12-31 16:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-31 16:39 . 2011-12-31 16:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-31 16:39 . 2011-12-31 16:39 448512 ----a-w- c:\windows\system32\html.iec
2011-12-31 16:39 . 2011-12-31 16:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-31 16:39 . 2011-12-31 16:39 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-31 16:39 . 2011-12-31 16:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-31 16:39 . 2011-12-31 16:39 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-31 16:39 . 2011-12-31 16:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-31 16:39 . 2011-12-31 16:39 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-31 16:39 . 2011-12-31 16:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-31 16:39 . 2011-12-31 16:39 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-31 16:39 . 2011-12-31 16:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-31 16:39 . 2011-12-31 16:39 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-31 16:39 . 2011-12-31 16:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-31 16:39 . 2011-12-31 16:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-31 16:39 . 2011-12-31 16:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-31 16:39 . 2011-12-31 16:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-31 16:39 . 2011-12-31 16:39 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-31 16:39 . 2011-12-31 16:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-31 16:39 . 2011-12-31 16:39 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-31 16:39 . 2011-12-31 16:39 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-31 16:39 . 2011-12-31 16:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-31 16:39 . 2011-12-31 16:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-31 15:59 . 2011-12-31 15:59 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-31 15:59 . 2011-12-31 15:59 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-31 15:59 . 2011-12-31 15:59 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-31 15:59 . 2011-12-31 15:59 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-04_22.27.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-31 16:20 . 2012-03-06 15:04 46158 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-06 15:04 32520 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-31 16:00 . 2012-03-04 20:46 5808 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1109764070-618117929-3508857997-1001_UserData.bin
+ 2011-12-31 16:00 . 2012-03-06 15:04 5808 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1109764070-618117929-3508857997-1001_UserData.bin
- 2012-03-04 20:45 . 2012-03-04 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 15:02 . 2012-03-06 15:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-04 20:45 . 2012-03-04 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-06 15:02 . 2012-03-06 15:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 09:16 . 2012-03-06 15:08 708176 c:\windows\system32\perfh013.dat
- 2009-07-14 09:16 . 2012-03-04 20:52 708176 c:\windows\system32\perfh013.dat
+ 2009-07-14 02:36 . 2012-03-06 15:08 621352 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-04 20:52 621352 c:\windows\system32\perfh009.dat
+ 2009-07-14 09:16 . 2012-03-06 15:08 136066 c:\windows\system32\perfc013.dat
- 2009-07-14 09:16 . 2012-03-04 20:52 136066 c:\windows\system32\perfc013.dat
+ 2009-07-14 02:36 . 2012-03-06 15:08 108572 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-04 20:52 108572 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-03-05 16:55 107952 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-03-04 20:44 392092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-06 09:11 392092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-31 17:57 . 2012-03-06 09:11 32119890 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1109764070-618117929-3508857997-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 14:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-31 39408]
"DriverMax"="c:\program files (x86)\Innovative Solutions\DriverMax\drivermax.exe" [2012-03-02 8557464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"anysee CNO"="c:\program files (x86)\anysee\Driver\CNO.EXE" [2010-12-08 1273856]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-05-19 234792]
.
c:\users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SABnzbd.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2011-12-9 350208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-31 79360]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;Stubservice voor USB-virtualisatie;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [x]
S1 AMTBDA_P861F;anysee Capture Service;c:\windows\system32\DRIVERS\anyseeTU.SYS [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/02/20 20:55];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-20 14:31 148976]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-01 2475952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 16:06]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 16:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.symbaloo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Converteren naar Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaande PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaande PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.178.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-03-06 16:34:55
ComboFix-quarantined-files.txt 2012-03-06 15:34
ComboFix2.txt 2012-03-04 22:33
ComboFix3.txt 2012-03-04 22:28
.
Pre-Run: 77.815.324.672 bytes beschikbaar
Post-Run: 78.439.641.088 bytes beschikbaar
.
- - End Of File - - 39891E75B8F1BA6873B258A1EB84CF67

Abraham54 6 maart 2012, 21:41

Ga het volgende doen: de ESET online scan (Klik).
[list:9913b2176d]
[*:9913b2176d]Klik op de knop ESET Online Scanner
[*:9913b2176d]Zet een vinkje bij YES, I accept the Terms of Use
[*:9913b2176d]Klik op Start
[*:9913b2176d]Sta het ActiveX control toe om te installeren.
[*:9913b2176d]Zet een vinkje bij de volgende opties:
[list:9913b2176d][*:9913b2176d]Remove found threats
[*:9913b2176d]Scan archives[/list:u:9913b2176d]
[*:9913b2176d]Klik vervolgens op [color=#0000FF:9913b2176d]"Advanced Settings"[/color:9913b2176d]
[list:9913b2176d][*:9913b2176d]Scan for potentially unwanted applications
[*:9913b2176d]Scan for potentially unsafe applications
[*:9913b2176d]Enable Anti-Stealth technology [/list:u:9913b2176d]
[*:9913b2176d]Klik op Start
[*:9913b2176d]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
[*:9913b2176d]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
[*:9913b2176d]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt
[*:9913b2176d]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:9913b2176d]
[color=#0000FF:9913b2176d]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/color:9913b2176d]

honshu 6 maart 2012, 23:26

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5aa199a374dafc498c151a7377bece71
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-05 06:47:31
# local_time=2012-03-05 07:47:31 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 117785 117785 0 0
# compatibility_mode=5893 16776574 100 94 70318 82597237 0 0
# compatibility_mode=8192 67108863 100 0 3794 3794 0 0
# scanned=181772
# found=1
# cleaned=1
# scan_time=5864
F:\Newsleecher Downloads\Advanced Uninstaller PROv1057(2012)-banDulu\Advanced_Uninstaller10.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5aa199a374dafc498c151a7377bece71
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-06 10:12:17
# local_time=2012-03-06 11:12:17 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 217658 217658 0 0
# compatibility_mode=5893 16776574 100 94 170191 82697110 0 0
# compatibility_mode=8192 67108863 100 0 103667 103667 0 0
# scanned=184523
# found=0
# cleaned=0
# scan_time=4676

Abraham54 7 maart 2012, 11:06

Zo te zien zijn we bijna klaar.
Start daarom MBAM nogmaals op, eerst updaten en dan snelle scan kiezen.
Post aansluitend de inhoud van het MBAM-log in je volgende bericht.

honshu 7 maart 2012, 17:12

dat is dan mooi.
maar waar het omging is nog niet weg: als ik een zoekopdracht in de adresbalk geef krijg ik nog steeds het isearch geval van AVG
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Databaseversie: v2012.03.07.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nico :: NICO-PC [administrator]
7-3-2012 17:06:59
mbam-log-2012-03-07 (17-06-59).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 201382
Verstreken tijd: 2 minuut/minuten, 4 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)

Abraham54 8 maart 2012, 11:20

Hoi, indien jij van de safesearch van AVG af wil, kan je overwegen om over te stappen naar Avast 7 Free.
Avast versie - webreb - laat je gewoon via Google zelf zoeken!
Laat maar weten wat jij wil, want AVG laat zich niet makkelijk verwijderen.

honshu 8 maart 2012, 18:12

mij insteek was idd omdat Isearch eraf te krijgen.
Ik heb inderdaad geprobeerd AVG secure te verwijderen want dat wil ik niet gebruiken en AVG gebruik ik ook al niet.
Heb nu de Google toolbar en gebruik dus Google,
Heb wel in diverse fora gezien dat het nogal omslachtig is om dat Isearch eraf te krijgen, dus ik zie nog wel eens keer.
Bedankt voor je tijd.
Wat hebben we eigenlijk bereikt ? Die 2 keygens eraf en nog een besmet bestandje of is er meer gebeurd wat ik mis.
Wil je in ieder geval bedanken voor je tijd.

Abraham54 8 maart 2012, 22:35

Doe het volgende: download OTL naar je Bureaublad
OTL.com gebruiken:[list:445fff420a][*:445fff420a][color=#008000:445fff420a]Notabene: [/color:445fff420a][color=#0000FF:445fff420a]Sluit nu eerst alle nog openstaande programmavensters![/color:445fff420a]
[*:445fff420a]Het programma opstarten middels dubbelklikken op OTL.com.
[*:445fff420a] Start verder geen andere programma's op en laat het programma ongestoord zijn werk doen.[*:445fff420a]Zet een vinkje bij Scan All Users.[*:445fff420a]Klik op de knop Quick Scan.[*:445fff420a]Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef.[*:445fff420a]De scan zal niet heel erg lang duren.[list:445fff420a][*:445fff420a]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is.[*:445fff420a]OTL.Txt en Extras.Txt. Deze twee tekstbestanden zijn opgeslagen in dezelfde locatie als OTL.
[*:445fff420a]Kopieer en plak de inhoud van het OTL.Txt in je volgende bericht.
[*:445fff420a]Kopieer en plak tevens de inhoud van Extras.Txt in je aansluitende bericht.[/list:u:445fff420a]
[*:445fff420a]OTL produceert een behoorlijk grote logs, dus kan het gebeuren, dat je het log moet splitsen en in twee of meerdere keren moet posten.[/list:u:445fff420a]

honshu 9 maart 2012, 07:49

heb jenog een reactie op mijn vorige posting?
OTL logfile created on: 9-3-2012 7:43:03 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Nico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

5,99 Gb Total Physical Memory | 4,63 Gb Available Physical Memory | 77,25% Memory free
6,38 Gb Paging File | 4,91 Gb Available in Paging File | 76,96% Paging File free
Paging file location(s): c:\pagefile.sys 400 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 72,19 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 61,73 Mb Free Space | 61,73% Space Free | Partition Type: NTFS
Drive E: | 97,56 Gb Total Space | 73,35 Gb Free Space | 75,19% Space Free | Partition Type: NTFS
Drive F: | 833,86 Gb Total Space | 440,41 Gb Free Space | 52,82% Space Free | Partition Type: NTFS
Drive G: | 4,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717:5848d2c379]========== Processes (SafeList) ==========[/color:5848d2c379]

PRC - [2012-03-09 07:42:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.com
PRC - [2012-03-02 13:06:48 | 008,557,464 | ---- | M] (Innovative Solutions) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
PRC - [2012-02-28 17:23:22 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012-01-23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012-01-19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-01-01 10:37:29 | 002,475,952 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011-12-09 20:42:00 | 000,350,208 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
PRC - [2011-05-19 04:00:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011-05-19 04:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011-05-12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011-05-12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010-12-08 13:21:24 | 001,273,856 | ---- | M] () -- C:\Program Files (x86)\anysee\Driver\CNO.exe
PRC - [2009-11-13 18:53:26 | 000,357,304 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009-11-13 18:52:10 | 005,075,776 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-11-18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008-01-22 17:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2006-12-19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


[color=#E56717:5848d2c379]========== Modules (No Company Name) ==========[/color:5848d2c379]

MOD - [2012-02-28 10:55:56 | 000,008,608 | ---- | M] () -- C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll
MOD - [2011-12-09 20:42:00 | 000,350,208 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
MOD - [2010-12-08 13:21:24 | 001,273,856 | ---- | M] () -- C:\Program Files (x86)\anysee\Driver\CNO.exe
MOD - [2010-11-01 17:52:28 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
MOD - [2010-11-01 17:52:28 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
MOD - [2010-11-01 17:52:28 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
MOD - [2010-10-08 03:37:34 | 000,546,205 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
MOD - [2010-09-27 13:04:10 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\anysee\Driver\CNOPlugIns.dll
MOD - [2010-01-31 16:14:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
MOD - [2010-01-31 16:11:56 | 000,671,744 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
MOD - [2010-01-31 16:11:52 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
MOD - [2010-01-31 16:11:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
MOD - [2010-01-31 16:11:52 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
MOD - [2010-01-31 16:11:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
MOD - [2010-01-31 16:11:52 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
MOD - [2010-01-31 16:11:52 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\select.pyd
MOD - [2010-01-31 15:56:20 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
MOD - [2010-01-31 15:56:12 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
MOD - [2010-01-31 15:56:04 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
MOD - [2010-01-31 15:54:18 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
MOD - [2010-01-31 15:54:16 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
MOD - [2010-01-31 15:54:06 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
MOD - [2010-01-31 15:54:04 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
MOD - [2010-01-31 15:54:04 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
MOD - [2009-03-03 18:21:18 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
MOD - [2006-08-12 16:47:52 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd


[color=#E56717:5848d2c379]========== Win32 Services (SafeList) ==========[/color:5848d2c379]

SRV:64bit: - [2011-09-27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011-04-27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011-04-27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009-08-18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-02-05 19:59:56 | 000,085,184 | ---- | M] (Macrovision ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2012-01-23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012-01-19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012-01-01 10:37:29 | 002,475,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011-12-31 16:59:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011-05-19 04:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011-05-12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011-05-12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-11-13 18:55:02 | 000,891,344 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-11-18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008-01-22 17:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006-12-19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


[color=#E56717:5848d2c379]========== Driver Services (SafeList) ==========[/color:5848d2c379]

DRV:64bit: - [2012-01-01 10:37:29 | 000,250,464 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012-01-01 10:37:27 | 001,477,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm255.sys -- (tdrpman255) Acronis Try&Decide and Restore Points filter (build 255)
DRV:64bit: - [2012-01-01 10:37:26 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012-01-01 10:37:25 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011-09-02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011-09-02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011-09-02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011-09-02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011-09-02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011-08-02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-04-27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010-12-02 08:42:02 | 000,834,048 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anyseeTU.SYS -- (AMTBDA_P861F)
DRV:64bit: - [2010-11-20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010-11-20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010-11-20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010-11-20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-07-27 09:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-07-27 09:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009-12-07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009-12-07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009-08-18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-08-03 11:12:00 | 001,289,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008-03-20 12:34:12 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aabed2.sys -- (e.dentifier2)
DRV:64bit: - [2007-08-13 03:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2011-05-20 15:31:06 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/02/20 20:55:00] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011-05-19 04:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717:5848d2c379]========== Standard Registry (SafeList) ==========[/color:5848d2c379]


[color=#E56717:5848d2c379]========== Internet Explorer ==========[/color:5848d2c379]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symbaloo.com/
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A F4 10 C8 D4 C7 CC 01 [binary data]
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_nlNL464
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1EFD50B3-2E9B-46E0-80B2-6D099AB91773}&mid=3166752f6b8047d19e719128c0e116f6-86d575b5e754d087a77665dfbc778dde796ffc3c&lang=en&ds=ft011&pr=sa&d=2012-03-04 10:26:35&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717:5848d2c379]========== FireFox ==========[/color:5848d2c379]

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@ABNAMRO/BECON,version=1.00: C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll (ABN AMRO)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)


[2011-12-31 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Extensions
[2011-12-31 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012-02-01 22:12:01 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

[color=#E56717:5848d2c379]========== Chrome ==========[/color:5848d2c379]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: ABN AMRO e.dentifier2 Plug-in (Enabled) = C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DealPly = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012-03-04 23:27:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [anysee CNO] C:\Program Files (x86)\anysee\Driver\CNO.exe ()
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001..\Run: [DriverMax] C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Selectie converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E9EC2EF-A6E2-4B2E-9D16-C7104CC3BCD8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717:5848d2c379]========== Files/Folders - Created Within 30 Days ==========[/color:5848d2c379]

[2012-03-09 07:42:22 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.com
[2012-03-07 08:26:20 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Belastingdienst
[2012-03-07 08:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst
[2012-03-07 08:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belastingdienst
[2012-03-06 16:47:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-03-05 19:44:35 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Gena01
[2012-03-05 19:11:32 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\CyberLink
[2012-03-05 18:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012-03-04 23:23:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-03-04 23:23:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-03-04 23:23:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-03-04 23:23:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-03-04 23:21:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-04 23:20:56 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\Nico\Desktop\ComboFix.exe
[2012-03-04 23:19:25 | 000,000,000 | ---D | C] -- C:\TDSSStarter
[2012-03-04 15:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-04 15:36:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-03-04 15:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-03-04 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-03-04 10:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012-03-04 09:58:33 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2012-03-04 09:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2012-03-04 09:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2012-03-04 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2012-03-04 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\TestApp
[2012-03-04 09:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Binarysense
[2012-03-04 09:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
[2012-03-04 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BinarySense
[2012-02-26 16:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2012-02-26 16:22:52 | 000,246,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2012-02-26 16:22:52 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012-02-26 16:22:52 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2012-02-26 16:22:52 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012-02-26 16:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2012-02-26 16:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2012-02-26 16:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2012-02-26 08:18:28 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\MetaGeek,_LLC
[2012-02-25 22:33:59 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2012-02-25 22:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek
[2012-02-20 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\CyberLink
[2012-02-20 20:55:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11
[2012-02-20 20:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012-02-20 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012-02-20 20:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012-02-20 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\MediaServer
[2012-02-20 20:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012-02-20 20:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012-02-20 20:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012-02-19 21:50:19 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\TeamViewer
[2012-02-19 08:21:26 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Downloaded Installations
[2012-02-15 22:05:04 | 000,000,000 | ---D | C] -- e:\mijn documenten\4Videosoft Studio
[2012-02-15 22:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\4Videosoft Studio
[2012-02-15 22:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Videosoft
[2012-02-15 22:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4Videosoft Studio
[2012-02-15 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\WinAVI
[2012-02-15 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\WinAVI
[2012-02-15 21:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI
[2012-02-15 21:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
[2012-02-15 21:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012-02-15 21:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012-02-15 21:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2012-02-14 17:23:25 | 000,000,000 | ---D | C] -- C:\Need4Video files
[2012-02-14 17:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need4 Video Converter 9
[2012-02-14 17:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need4 Video Converter 9
[2012-02-14 16:50:25 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\Western Digital
[2012-02-14 12:36:31 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\AVS4YOU
[2012-02-14 12:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012-02-14 12:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012-02-14 12:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012-02-14 12:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012-02-14 12:20:57 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\Ahead
[2012-02-14 12:19:26 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Ahead
[2012-02-14 12:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
[2012-02-09 20:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-02-09 20:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-02-09 20:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012-02-09 12:10:40 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\tiger-k
[2012-02-09 12:10:40 | 000,000,000 | ---D | C] -- e:\mijn documenten\Leawo
[2012-02-09 12:10:40 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Leawo
[2012-02-09 12:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012-02-09 12:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012-02-09 12:08:14 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2012-02-09 12:08:14 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2012-02-09 09:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Productivity_3.1

[color=#E56717:5848d2c379]========== Files - Modified Within 30 Days ==========[/color:5848d2c379]

[2012-03-09 07:42:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.com
[2012-03-09 07:40:57 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-09 07:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-08 22:48:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-08 22:48:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-08 21:21:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-08 20:41:37 | 001,263,787 | ---- | M] () -- e:\mijn documenten\rena stranding.pdf
[2012-03-08 17:57:19 | 001,563,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-03-08 17:57:19 | 000,708,176 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-03-08 17:57:19 | 000,621,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-03-08 17:57:19 | 000,136,066 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-03-08 17:57:19 | 000,108,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-03-07 08:25:17 | 000,001,407 | ---- | M] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2011.lnk
[2012-03-04 23:27:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-03-04 23:21:09 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Nico\Desktop\ComboFix.exe
[2012-03-04 23:18:58 | 000,092,672 | ---- | M] () -- C:\Users\Nico\Desktop\TDSSKStarter.exe
[2012-03-04 15:36:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-04 14:51:53 | 122,738,801 | ---- | M] () -- C:\Users\Nico\Desktop\EmsisoftEmergencyKit.zip
[2012-03-04 10:26:43 | 000,002,971 | ---- | M] () -- C:\Users\Nico\Desktop\HiJackThis.lnk
[2012-03-04 10:24:38 | 000,484,664 | ---- | M] () -- C:\Program Files\hijackthis-s32-downloader.exe
[2012-03-04 09:58:31 | 000,002,435 | ---- | M] () -- C:\Users\Nico\Desktop\Advanced Uninstaller PRO 10.lnk
[2012-03-04 09:47:19 | 000,002,563 | ---- | M] () -- C:\Users\Nico\Desktop\sdasetup.exe.lnk
[2012-03-04 09:41:03 | 000,002,578 | ---- | M] () -- C:\Users\Nico\Desktop\sdsetup_aff.exe.lnk
[2012-03-04 09:32:35 | 000,850,130 | ---- | M] () -- C:\Users\Nico\AppData\Local\census.cache
[2012-03-04 09:32:26 | 000,116,027 | ---- | M] () -- C:\Users\Nico\AppData\Local\ars.cache
[2012-03-04 09:27:35 | 000,000,036 | ---- | M] () -- C:\Users\Nico\AppData\Local\housecall.guid.cache
[2012-03-04 09:21:18 | 000,069,343 | ---- | M] () -- e:\mijn documenten\SSDLife.png
[2012-03-04 09:18:32 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\SSDlife Pro.lnk
[2012-03-04 08:59:43 | 000,001,234 | ---- | M] () -- C:\Users\Nico\Desktop\DriverMax.lnk
[2012-02-27 19:51:00 | 000,263,077 | ---- | M] () -- e:\mijn documenten\Copie polissen.pdf
[2012-02-20 20:55:00 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012-02-15 22:03:41 | 000,001,489 | ---- | M] () -- C:\Users\Nico\Desktop\4Videosoft Blu-ray to PS3 Ripper.lnk
[2012-02-15 21:44:31 | 000,002,806 | ---- | M] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,782 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,666 | ---- | M] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012-02-15 17:19:24 | 000,423,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-02-15 08:38:01 | 000,013,564 | ---- | M] () -- e:\mijn documenten\Database.kdb
[2012-02-14 17:26:23 | 254,393,502 | ---- | M] () -- e:\mijn documenten\Lady_Glorita.avi
[2012-02-14 17:26:23 | 095,552,102 | ---- | M] () -- e:\mijn documenten\Mijn diavoorstelling.avi
[2012-02-14 17:21:36 | 000,005,081 | ---- | M] () -- C:\ProgramData\hnbdehzc.pfe
[2012-02-14 17:20:48 | 000,001,167 | ---- | M] () -- C:\Users\Public\Desktop\Need4 Video Converter 9.lnk
[2012-02-09 20:37:53 | 000,001,282 | ---- | M] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-02-09 20:37:53 | 000,001,258 | ---- | M] () -- C:\Users\Nico\Desktop\Spybot - Search & Destroy.lnk

[color=#E56717:5848d2c379]========== Files Created - No Company Name ==========[/color:5848d2c379]

[2012-03-08 20:41:37 | 001,263,787 | ---- | C] () -- e:\mijn documenten\rena stranding.pdf
[2012-03-07 08:25:17 | 000,001,407 | ---- | C] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2011.lnk
[2012-03-04 23:23:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-03-04 23:23:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-03-04 23:23:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-03-04 23:23:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-03-04 23:23:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-03-04 23:18:41 | 000,092,672 | ---- | C] () -- C:\Users\Nico\Desktop\TDSSKStarter.exe
[2012-03-04 15:36:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-04 14:50:06 | 122,738,801 | ---- | C] () -- C:\Users\Nico\Desktop\EmsisoftEmergencyKit.zip
[2012-03-04 10:26:43 | 000,002,971 | ---- | C] () -- C:\Users\Nico\Desktop\HiJackThis.lnk
[2012-03-04 10:24:38 | 000,484,664 | ---- | C] () -- C:\Program Files\hijackthis-s32-downloader.exe
[2012-03-04 09:58:31 | 000,002,435 | ---- | C] () -- C:\Users\Nico\Desktop\Advanced Uninstaller PRO 10.lnk
[2012-03-04 09:58:31 | 000,002,319 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 10.lnk
[2012-03-04 09:58:23 | 000,047,984 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2012-03-04 09:47:19 | 000,002,563 | ---- | C] () -- C:\Users\Nico\Desktop\sdasetup.exe.lnk
[2012-03-04 09:41:03 | 000,002,578 | ---- | C] () -- C:\Users\Nico\Desktop\sdsetup_aff.exe.lnk
[2012-03-04 09:32:35 | 000,850,130 | ---- | C] () -- C:\Users\Nico\AppData\Local\census.cache
[2012-03-04 09:32:26 | 000,116,027 | ---- | C] () -- C:\Users\Nico\AppData\Local\ars.cache
[2012-03-04 09:27:35 | 000,000,036 | ---- | C] () -- C:\Users\Nico\AppData\Local\housecall.guid.cache
[2012-03-04 09:21:18 | 000,069,343 | ---- | C] () -- e:\mijn documenten\SSDLife.png
[2012-03-04 09:18:32 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\SSDlife Pro.lnk
[2012-02-27 19:51:00 | 000,263,077 | ---- | C] () -- e:\mijn documenten\Copie polissen.pdf
[2012-02-20 20:55:00 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012-02-15 22:03:41 | 000,001,489 | ---- | C] () -- C:\Users\Nico\Desktop\4Videosoft Blu-ray to PS3 Ripper.lnk
[2012-02-15 21:44:31 | 000,002,806 | ---- | C] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,782 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,666 | ---- | C] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012-02-14 17:21:36 | 000,005,081 | ---- | C] () -- C:\ProgramData\hnbdehzc.pfe
[2012-02-14 17:20:48 | 000,001,167 | ---- | C] () -- C:\Users\Public\Desktop\Need4 Video Converter 9.lnk
[2012-02-14 11:45:47 | 095,552,102 | ---- | C] () -- e:\mijn documenten\Mijn diavoorstelling.avi
[2012-02-14 11:44:24 | 254,393,502 | ---- | C] () -- e:\mijn documenten\Lady_Glorita.avi
[2012-02-09 20:37:53 | 000,001,282 | ---- | C] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-02-09 20:37:53 | 000,001,258 | ---- | C] () -- C:\Users\Nico\Desktop\Spybot - Search & Destroy.lnk
[2012-02-09 12:08:39 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-01-08 14:49:11 | 000,003,584 | ---- | C] () -- C:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-01 09:15:27 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011-12-31 18:53:32 | 001,587,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-31 18:25:10 | 000,000,000 | ---- | C] () -- C:\Users\Nico\AppData\Local\{61FE4B3A-9A57-4BBB-9247-158D9B608D2D}
[2011-12-31 16:58:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-12-31 16:58:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-12-31 16:52:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-12-08 08:19:32 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

[color=#E56717:5848d2c379]========== LOP Check ==========[/color:5848d2c379]

[2012-01-01 11:18:38 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\ACD Systems
[2012-01-01 16:48:13 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Acronis
[2012-01-08 15:13:20 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Ashampoo
[2012-03-07 08:28:42 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Belastingdienst
[2012-01-20 09:25:46 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Canon
[2012-02-19 08:21:26 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Downloaded Installations
[2012-02-18 11:39:11 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Dropbox
[2012-03-05 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Gena01
[2012-01-03 22:52:26 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Gogii
[2012-01-18 22:38:52 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\KeePass
[2011-12-31 18:50:42 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\KoshyJohn.com
[2011-12-31 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Leadertech
[2012-02-09 12:10:40 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Leawo
[2012-02-19 21:54:39 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TeamViewer
[2012-03-04 09:41:02 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TestApp
[2012-02-09 12:11:03 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\tiger-k
[2011-12-31 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TomTom
[2012-02-15 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\WinAVI
[2012-01-30 20:48:16 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717:5848d2c379]========== Purity Check ==========[/color:5848d2c379]



[color=#E56717:5848d2c379]========== Alternate Data Streams ==========[/color:5848d2c379]

@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Mijn diavoorstelling.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Lady_Glorita.avi:TOC.WMV
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
OTL Extras logfile created on: 9-3-2012 7:43:03 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Nico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

5,99 Gb Total Physical Memory | 4,63 Gb Available Physical Memory | 77,25% Memory free
6,38 Gb Paging File | 4,91 Gb Available in Paging File | 76,96% Paging File free
Paging file location(s): c:\pagefile.sys 400 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 72,19 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 61,73 Mb Free Space | 61,73% Space Free | Partition Type: NTFS
Drive E: | 97,56 Gb Total Space | 73,35 Gb Free Space | 75,19% Space Free | Partition Type: NTFS
Drive F: | 833,86 Gb Total Space | 440,41 Gb Free Space | 52,82% Space Free | Partition Type: NTFS
Drive G: | 4,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717:5848d2c379]========== Extra Registry (SafeList) ==========[/color:5848d2c379]


[color=#E56717:5848d2c379]========== File Associations ==========[/color:5848d2c379]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717:5848d2c379]========== Shell Spawning ==========[/color:5848d2c379]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717:5848d2c379]========== Security Center Settings ==========[/color:5848d2c379]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717:5848d2c379]========== System Restore Settings ==========[/color:5848d2c379]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717:5848d2c379]========== Firewall Settings ==========[/color:5848d2c379]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fi

honshu 9 maart 2012, 07:49

heb jenog een reactie op mijn vorige posting?
OTL logfile created on: 9-3-2012 7:43:03 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Nico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

5,99 Gb Total Physical Memory | 4,63 Gb Available Physical Memory | 77,25% Memory free
6,38 Gb Paging File | 4,91 Gb Available in Paging File | 76,96% Paging File free
Paging file location(s): c:\pagefile.sys 400 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 72,19 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 61,73 Mb Free Space | 61,73% Space Free | Partition Type: NTFS
Drive E: | 97,56 Gb Total Space | 73,35 Gb Free Space | 75,19% Space Free | Partition Type: NTFS
Drive F: | 833,86 Gb Total Space | 440,41 Gb Free Space | 52,82% Space Free | Partition Type: NTFS
Drive G: | 4,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717:41339687f5]========== Processes (SafeList) ==========[/color:41339687f5]

PRC - [2012-03-09 07:42:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.com
PRC - [2012-03-02 13:06:48 | 008,557,464 | ---- | M] (Innovative Solutions) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
PRC - [2012-02-28 17:23:22 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012-01-23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012-01-19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-01-01 10:37:29 | 002,475,952 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011-12-09 20:42:00 | 000,350,208 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
PRC - [2011-05-19 04:00:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011-05-19 04:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011-05-12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011-05-12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010-12-08 13:21:24 | 001,273,856 | ---- | M] () -- C:\Program Files (x86)\anysee\Driver\CNO.exe
PRC - [2009-11-13 18:53:26 | 000,357,304 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009-11-13 18:52:10 | 005,075,776 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-11-18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008-01-22 17:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2006-12-19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


[color=#E56717:41339687f5]========== Modules (No Company Name) ==========[/color:41339687f5]

MOD - [2012-02-28 10:55:56 | 000,008,608 | ---- | M] () -- C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll
MOD - [2011-12-09 20:42:00 | 000,350,208 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\SABnzbd.exe
MOD - [2010-12-08 13:21:24 | 001,273,856 | ---- | M] () -- C:\Program Files (x86)\anysee\Driver\CNO.exe
MOD - [2010-11-01 17:52:28 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
MOD - [2010-11-01 17:52:28 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
MOD - [2010-11-01 17:52:28 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
MOD - [2010-10-08 03:37:34 | 000,546,205 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
MOD - [2010-09-27 13:04:10 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\anysee\Driver\CNOPlugIns.dll
MOD - [2010-01-31 16:14:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
MOD - [2010-01-31 16:11:56 | 000,671,744 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
MOD - [2010-01-31 16:11:52 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
MOD - [2010-01-31 16:11:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
MOD - [2010-01-31 16:11:52 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
MOD - [2010-01-31 16:11:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
MOD - [2010-01-31 16:11:52 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
MOD - [2010-01-31 16:11:52 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\select.pyd
MOD - [2010-01-31 15:56:20 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
MOD - [2010-01-31 15:56:12 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
MOD - [2010-01-31 15:56:04 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
MOD - [2010-01-31 15:54:18 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
MOD - [2010-01-31 15:54:16 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
MOD - [2010-01-31 15:54:06 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
MOD - [2010-01-31 15:54:04 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
MOD - [2010-01-31 15:54:04 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
MOD - [2009-03-03 18:21:18 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
MOD - [2006-08-12 16:47:52 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd


[color=#E56717:41339687f5]========== Win32 Services (SafeList) ==========[/color:41339687f5]

SRV:64bit: - [2011-09-27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011-04-27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011-04-27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009-08-18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-02-05 19:59:56 | 000,085,184 | ---- | M] (Macrovision ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2012-01-23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012-01-19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012-01-01 10:37:29 | 002,475,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011-12-31 16:59:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011-05-19 04:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011-05-12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011-05-12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-11-13 18:55:02 | 000,891,344 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-11-18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008-01-22 17:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006-12-19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


[color=#E56717:41339687f5]========== Driver Services (SafeList) ==========[/color:41339687f5]

DRV:64bit: - [2012-01-01 10:37:29 | 000,250,464 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012-01-01 10:37:27 | 001,477,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm255.sys -- (tdrpman255) Acronis Try&Decide and Restore Points filter (build 255)
DRV:64bit: - [2012-01-01 10:37:26 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012-01-01 10:37:25 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011-09-02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011-09-02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011-09-02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011-09-02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011-09-02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011-08-02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-04-27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010-12-02 08:42:02 | 000,834,048 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anyseeTU.SYS -- (AMTBDA_P861F)
DRV:64bit: - [2010-11-20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010-11-20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010-11-20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010-11-20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-07-27 09:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-07-27 09:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009-12-07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009-12-07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009-08-18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-08-03 11:12:00 | 001,289,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008-03-20 12:34:12 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aabed2.sys -- (e.dentifier2)
DRV:64bit: - [2007-08-13 03:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2011-05-20 15:31:06 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/02/20 20:55:00] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011-05-19 04:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717:41339687f5]========== Standard Registry (SafeList) ==========[/color:41339687f5]


[color=#E56717:41339687f5]========== Internet Explorer ==========[/color:41339687f5]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symbaloo.com/
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A F4 10 C8 D4 C7 CC 01 [binary data]
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_nlNL464
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1EFD50B3-2E9B-46E0-80B2-6D099AB91773}&mid=3166752f6b8047d19e719128c0e116f6-86d575b5e754d087a77665dfbc778dde796ffc3c&lang=en&ds=ft011&pr=sa&d=2012-03-04 10:26:35&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717:41339687f5]========== FireFox ==========[/color:41339687f5]

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@ABNAMRO/BECON,version=1.00: C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll (ABN AMRO)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)


[2011-12-31 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Extensions
[2011-12-31 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012-02-01 22:12:01 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

[color=#E56717:41339687f5]========== Chrome ==========[/color:41339687f5]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: ABN AMRO e.dentifier2 Plug-in (Enabled) = C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DealPly = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012-03-04 23:27:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [anysee CNO] C:\Program Files (x86)\anysee\Driver\CNO.exe ()
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001..\Run: [DriverMax] C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Selectie converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E9EC2EF-A6E2-4B2E-9D16-C7104CC3BCD8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717:41339687f5]========== Files/Folders - Created Within 30 Days ==========[/color:41339687f5]

[2012-03-09 07:42:22 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.com
[2012-03-07 08:26:20 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Belastingdienst
[2012-03-07 08:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst
[2012-03-07 08:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belastingdienst
[2012-03-06 16:47:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-03-05 19:44:35 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Gena01
[2012-03-05 19:11:32 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\CyberLink
[2012-03-05 18:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012-03-04 23:23:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-03-04 23:23:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-03-04 23:23:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-03-04 23:23:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-03-04 23:21:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-04 23:20:56 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\Nico\Desktop\ComboFix.exe
[2012-03-04 23:19:25 | 000,000,000 | ---D | C] -- C:\TDSSStarter
[2012-03-04 15:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-04 15:36:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-03-04 15:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-03-04 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-03-04 10:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012-03-04 09:58:33 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2012-03-04 09:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2012-03-04 09:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2012-03-04 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2012-03-04 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\TestApp
[2012-03-04 09:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Binarysense
[2012-03-04 09:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
[2012-03-04 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BinarySense
[2012-02-26 16:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2012-02-26 16:22:52 | 000,246,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2012-02-26 16:22:52 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012-02-26 16:22:52 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2012-02-26 16:22:52 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012-02-26 16:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2012-02-26 16:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2012-02-26 16:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2012-02-26 08:18:28 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\MetaGeek,_LLC
[2012-02-25 22:33:59 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2012-02-25 22:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek
[2012-02-20 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\CyberLink
[2012-02-20 20:55:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11
[2012-02-20 20:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012-02-20 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012-02-20 20:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012-02-20 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\MediaServer
[2012-02-20 20:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012-02-20 20:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012-02-20 20:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012-02-19 21:50:19 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\TeamViewer
[2012-02-19 08:21:26 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Downloaded Installations
[2012-02-15 22:05:04 | 000,000,000 | ---D | C] -- e:\mijn documenten\4Videosoft Studio
[2012-02-15 22:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\4Videosoft Studio
[2012-02-15 22:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Videosoft
[2012-02-15 22:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4Videosoft Studio
[2012-02-15 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\WinAVI
[2012-02-15 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\WinAVI
[2012-02-15 21:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI
[2012-02-15 21:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
[2012-02-15 21:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012-02-15 21:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012-02-15 21:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2012-02-14 17:23:25 | 000,000,000 | ---D | C] -- C:\Need4Video files
[2012-02-14 17:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need4 Video Converter 9
[2012-02-14 17:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need4 Video Converter 9
[2012-02-14 16:50:25 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\Western Digital
[2012-02-14 12:36:31 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\AVS4YOU
[2012-02-14 12:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012-02-14 12:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012-02-14 12:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012-02-14 12:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012-02-14 12:20:57 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\Ahead
[2012-02-14 12:19:26 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Ahead
[2012-02-14 12:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
[2012-02-09 20:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-02-09 20:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-02-09 20:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012-02-09 12:10:40 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\tiger-k
[2012-02-09 12:10:40 | 000,000,000 | ---D | C] -- e:\mijn documenten\Leawo
[2012-02-09 12:10:40 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Leawo
[2012-02-09 12:08:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012-02-09 12:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012-02-09 12:08:14 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2012-02-09 12:08:14 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2012-02-09 09:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Productivity_3.1

[color=#E56717:41339687f5]========== Files - Modified Within 30 Days ==========[/color:41339687f5]

[2012-03-09 07:42:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.com
[2012-03-09 07:40:57 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-09 07:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-08 22:48:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-08 22:48:16 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-08 21:21:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-08 20:41:37 | 001,263,787 | ---- | M] () -- e:\mijn documenten\rena stranding.pdf
[2012-03-08 17:57:19 | 001,563,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-03-08 17:57:19 | 000,708,176 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-03-08 17:57:19 | 000,621,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-03-08 17:57:19 | 000,136,066 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-03-08 17:57:19 | 000,108,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-03-07 08:25:17 | 000,001,407 | ---- | M] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2011.lnk
[2012-03-04 23:27:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-03-04 23:21:09 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Nico\Desktop\ComboFix.exe
[2012-03-04 23:18:58 | 000,092,672 | ---- | M] () -- C:\Users\Nico\Desktop\TDSSKStarter.exe
[2012-03-04 15:36:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-04 14:51:53 | 122,738,801 | ---- | M] () -- C:\Users\Nico\Desktop\EmsisoftEmergencyKit.zip
[2012-03-04 10:26:43 | 000,002,971 | ---- | M] () -- C:\Users\Nico\Desktop\HiJackThis.lnk
[2012-03-04 10:24:38 | 000,484,664 | ---- | M] () -- C:\Program Files\hijackthis-s32-downloader.exe
[2012-03-04 09:58:31 | 000,002,435 | ---- | M] () -- C:\Users\Nico\Desktop\Advanced Uninstaller PRO 10.lnk
[2012-03-04 09:47:19 | 000,002,563 | ---- | M] () -- C:\Users\Nico\Desktop\sdasetup.exe.lnk
[2012-03-04 09:41:03 | 000,002,578 | ---- | M] () -- C:\Users\Nico\Desktop\sdsetup_aff.exe.lnk
[2012-03-04 09:32:35 | 000,850,130 | ---- | M] () -- C:\Users\Nico\AppData\Local\census.cache
[2012-03-04 09:32:26 | 000,116,027 | ---- | M] () -- C:\Users\Nico\AppData\Local\ars.cache
[2012-03-04 09:27:35 | 000,000,036 | ---- | M] () -- C:\Users\Nico\AppData\Local\housecall.guid.cache
[2012-03-04 09:21:18 | 000,069,343 | ---- | M] () -- e:\mijn documenten\SSDLife.png
[2012-03-04 09:18:32 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\SSDlife Pro.lnk
[2012-03-04 08:59:43 | 000,001,234 | ---- | M] () -- C:\Users\Nico\Desktop\DriverMax.lnk
[2012-02-27 19:51:00 | 000,263,077 | ---- | M] () -- e:\mijn documenten\Copie polissen.pdf
[2012-02-20 20:55:00 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012-02-15 22:03:41 | 000,001,489 | ---- | M] () -- C:\Users\Nico\Desktop\4Videosoft Blu-ray to PS3 Ripper.lnk
[2012-02-15 21:44:31 | 000,002,806 | ---- | M] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,782 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,666 | ---- | M] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012-02-15 17:19:24 | 000,423,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-02-15 08:38:01 | 000,013,564 | ---- | M] () -- e:\mijn documenten\Database.kdb
[2012-02-14 17:26:23 | 254,393,502 | ---- | M] () -- e:\mijn documenten\Lady_Glorita.avi
[2012-02-14 17:26:23 | 095,552,102 | ---- | M] () -- e:\mijn documenten\Mijn diavoorstelling.avi
[2012-02-14 17:21:36 | 000,005,081 | ---- | M] () -- C:\ProgramData\hnbdehzc.pfe
[2012-02-14 17:20:48 | 000,001,167 | ---- | M] () -- C:\Users\Public\Desktop\Need4 Video Converter 9.lnk
[2012-02-09 20:37:53 | 000,001,282 | ---- | M] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-02-09 20:37:53 | 000,001,258 | ---- | M] () -- C:\Users\Nico\Desktop\Spybot - Search & Destroy.lnk

[color=#E56717:41339687f5]========== Files Created - No Company Name ==========[/color:41339687f5]

[2012-03-08 20:41:37 | 001,263,787 | ---- | C] () -- e:\mijn documenten\rena stranding.pdf
[2012-03-07 08:25:17 | 000,001,407 | ---- | C] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2011.lnk
[2012-03-04 23:23:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-03-04 23:23:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-03-04 23:23:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-03-04 23:23:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-03-04 23:23:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-03-04 23:18:41 | 000,092,672 | ---- | C] () -- C:\Users\Nico\Desktop\TDSSKStarter.exe
[2012-03-04 15:36:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-04 14:50:06 | 122,738,801 | ---- | C] () -- C:\Users\Nico\Desktop\EmsisoftEmergencyKit.zip
[2012-03-04 10:26:43 | 000,002,971 | ---- | C] () -- C:\Users\Nico\Desktop\HiJackThis.lnk
[2012-03-04 10:24:38 | 000,484,664 | ---- | C] () -- C:\Program Files\hijackthis-s32-downloader.exe
[2012-03-04 09:58:31 | 000,002,435 | ---- | C] () -- C:\Users\Nico\Desktop\Advanced Uninstaller PRO 10.lnk
[2012-03-04 09:58:31 | 000,002,319 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 10.lnk
[2012-03-04 09:58:23 | 000,047,984 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2012-03-04 09:47:19 | 000,002,563 | ---- | C] () -- C:\Users\Nico\Desktop\sdasetup.exe.lnk
[2012-03-04 09:41:03 | 000,002,578 | ---- | C] () -- C:\Users\Nico\Desktop\sdsetup_aff.exe.lnk
[2012-03-04 09:32:35 | 000,850,130 | ---- | C] () -- C:\Users\Nico\AppData\Local\census.cache
[2012-03-04 09:32:26 | 000,116,027 | ---- | C] () -- C:\Users\Nico\AppData\Local\ars.cache
[2012-03-04 09:27:35 | 000,000,036 | ---- | C] () -- C:\Users\Nico\AppData\Local\housecall.guid.cache
[2012-03-04 09:21:18 | 000,069,343 | ---- | C] () -- e:\mijn documenten\SSDLife.png
[2012-03-04 09:18:32 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\SSDlife Pro.lnk
[2012-02-27 19:51:00 | 000,263,077 | ---- | C] () -- e:\mijn documenten\Copie polissen.pdf
[2012-02-20 20:55:00 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012-02-15 22:03:41 | 000,001,489 | ---- | C] () -- C:\Users\Nico\Desktop\4Videosoft Blu-ray to PS3 Ripper.lnk
[2012-02-15 21:44:31 | 000,002,806 | ---- | C] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,782 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,666 | ---- | C] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012-02-14 17:21:36 | 000,005,081 | ---- | C] () -- C:\ProgramData\hnbdehzc.pfe
[2012-02-14 17:20:48 | 000,001,167 | ---- | C] () -- C:\Users\Public\Desktop\Need4 Video Converter 9.lnk
[2012-02-14 11:45:47 | 095,552,102 | ---- | C] () -- e:\mijn documenten\Mijn diavoorstelling.avi
[2012-02-14 11:44:24 | 254,393,502 | ---- | C] () -- e:\mijn documenten\Lady_Glorita.avi
[2012-02-09 20:37:53 | 000,001,282 | ---- | C] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-02-09 20:37:53 | 000,001,258 | ---- | C] () -- C:\Users\Nico\Desktop\Spybot - Search & Destroy.lnk
[2012-02-09 12:08:39 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-01-08 14:49:11 | 000,003,584 | ---- | C] () -- C:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-01 09:15:27 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011-12-31 18:53:32 | 001,587,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-31 18:25:10 | 000,000,000 | ---- | C] () -- C:\Users\Nico\AppData\Local\{61FE4B3A-9A57-4BBB-9247-158D9B608D2D}
[2011-12-31 16:58:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-12-31 16:58:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-12-31 16:52:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-12-08 08:19:32 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

[color=#E56717:41339687f5]========== LOP Check ==========[/color:41339687f5]

[2012-01-01 11:18:38 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\ACD Systems
[2012-01-01 16:48:13 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Acronis
[2012-01-08 15:13:20 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Ashampoo
[2012-03-07 08:28:42 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Belastingdienst
[2012-01-20 09:25:46 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Canon
[2012-02-19 08:21:26 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Downloaded Installations
[2012-02-18 11:39:11 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Dropbox
[2012-03-05 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Gena01
[2012-01-03 22:52:26 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Gogii
[2012-01-18 22:38:52 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\KeePass
[2011-12-31 18:50:42 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\KoshyJohn.com
[2011-12-31 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Leadertech
[2012-02-09 12:10:40 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Leawo
[2012-02-19 21:54:39 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TeamViewer
[2012-03-04 09:41:02 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TestApp
[2012-02-09 12:11:03 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\tiger-k
[2011-12-31 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TomTom
[2012-02-15 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\WinAVI
[2012-01-30 20:48:16 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717:41339687f5]========== Purity Check ==========[/color:41339687f5]



[color=#E56717:41339687f5]========== Alternate Data Streams ==========[/color:41339687f5]

@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Mijn diavoorstelling.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Lady_Glorita.avi:TOC.WMV
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
OTL Extras logfile created on: 9-3-2012 7:43:03 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Nico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

5,99 Gb Total Physical Memory | 4,63 Gb Available Physical Memory | 77,25% Memory free
6,38 Gb Paging File | 4,91 Gb Available in Paging File | 76,96% Paging File free
Paging file location(s): c:\pagefile.sys 400 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 72,19 Gb Free Space | 64,58% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 61,73 Mb Free Space | 61,73% Space Free | Partition Type: NTFS
Drive E: | 97,56 Gb Total Space | 73,35 Gb Free Space | 75,19% Space Free | Partition Type: NTFS
Drive F: | 833,86 Gb Total Space | 440,41 Gb Free Space | 52,82% Space Free | Partition Type: NTFS
Drive G: | 4,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717:41339687f5]========== Extra Registry (SafeList) ==========[/color:41339687f5]


[color=#E56717:41339687f5]========== File Associations ==========[/color:41339687f5]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[color=#E56717:41339687f5]========== Shell Spawning ==========[/color:41339687f5]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717:41339687f5]========== Security Center Settings ==========[/color:41339687f5]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717:41339687f5]========== System Restore Settings ==========[/color:41339687f5]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717:41339687f5]========== Firewall Settings ==========[/color:41339687f5]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fi

honshu 9 maart 2012, 07:50

sorry, zie dat ie er 2x uit is gegaan

Abraham54 9 maart 2012, 09:39

Hoi, via OTL gaan we de laatste instellingen van AVG verwijderen.
Wat de rest betreft: je hebt AVG keurig verwijdert.
Ik raad je dan ook aan na de OTL-scan AVAST 7 Free te installeren!
Verder vermoed ik dat je vrijveel aan muziek en video's via Sabzind download.
Dit blijkt dus niet zonder gevaar te zijn.
Ik adviseer je een speciale downloadmap aan te maken voor die Sabzind downloads en nadat de downloads er in staan de map cannen met de antivirus en met MBAM.
En zorg er dan voor dat de gevonden en besmette bestanden dan ook echt verwijderd worden!
Want er zijn door die besmettingen meerdere obscure ADSL-streams in het NTSF-bestandssysteemj ontstaan!
Ik hoop dat je mijn advies opvolgd, want via dezelfde weg ligt het vieze kreng ZeroAcces op de loer!
Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters!
Start OTL[list:724faf9243][*:724faf9243]Plak de volgende (vetgedrukte, blauwe tekst) onder [color=#0000FF:724faf9243]Custom Scans/Fixes[/color:724faf9243]
[color=#0000FF:724faf9243]
:OTL
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_nlNL464
B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1EFD50B3-2E9B-46E0-80B2-6D099AB91773}&mid=3166752f6b8047d19e719128c0e116f6-86d575b5e754d087a77665dfbc778dde796ffc3c&lang=en&ds=ft011&pr=sa&d=2012-03-04 10:26:35&v=10.0.0.7&sap=dsp&q={searchTerms}
b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
e:\mijn documenten\Mijn diavoorstelling.avi:TOC.WMV
e:\mijn documenten\Lady_Glorita.avi:TOC.WMV
C:\Program Files (x86)\ConduitEngine
C:\Program Files (x86)\Productivity_3.1
C:\ProgramData\Temp:DFC5A2B2
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot][/color:724faf9243]

[*:724faf9243]Klik daarna bovenaan op de knop [color=#FF0000:724faf9243]Run Fix[/color:724faf9243][*:724faf9243]Laat het programma ongestoord zijn werk doen.
[*:724faf9243]De pc zal na afloop opnieuw opgestart worden.
[*:724faf9243]Post ook de inhoud van het log[/list:u:724faf9243]
Downloadlink Avast 7 Free: http://www.chip.de/downloads/avast-Free-Antivirus_13010163.html
De Avast setup bevat ook de Nederlandse taal.

honshu 9 maart 2012, 17:28

hoi,
dank voor je reactie en advies.
Muziek heb ik al nooit gedownload en heel sporadische een filmpje.
werk alleen met spotnet, voor, wederom heel sporadisch een programmaatje, en eerder met newsleechter.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: N. van der Zwan
->Temp folder emptied: 0 bytes

User: Nico
->Temp folder emptied: 5706060 bytes
->Temporary Internet Files folder emptied: 24981233 bytes
->Java cache emptied: 20038703 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2135 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70685 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50428 bytes
RecycleBin emptied: 151040 bytes

Total Files Cleaned = 49,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: N. van der Zwan

User: Nico
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.36.2 log created on 03092012_172023
Files\Folders moved on Reboot...
C:\Users\Nico\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File\Folder C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{057DB991-E091-427B-A0B7-5375144EA839}.tmp not found!
File\Folder C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D3233071-8676-4EE3-B942-AB2E45DB8743}.tmp not found!
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWRGWFBX\neosansstd-regular-webfont[1].eot moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAW3CW6E\plusone_gadget[1].htm moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VDH6VN8\timeout[1].htm moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...

honshu 9 maart 2012, 17:31

en isearch is een volhouder

Abraham54 9 maart 2012, 21:57

Zowat 1,5 GB aan troep is uit jouw Windows verwijderd!
Gebruik jij geen schoonmaakprogramma?
Welk programma: Zoek.exe
Waarvoor/waarom: multifunktioneel tool
Moeilijkheidsgraad: geen.
Download: zoek.exe
"Zoek.exe" gebruiken:
[list:2a666332e5][*:2a666332e5] [color=#0000FF:2a666332e5]Sluit nu eerst alle nog openstaande programmavensters![/color:2a666332e5]
[list:2a666332e5][*:2a666332e5][color=#0000FF:2a666332e5]Windows 2000[/color:2a666332e5] en [color=#0000FF:2a666332e5]Windows XP[/color:2a666332e5]: start het tool middels dubbelklik op "Zoek.exe".
[*:2a666332e5][color=#0000FF:2a666332e5]Windows Vista[/color:2a666332e5] en [color=#0000FF:2a666332e5]Windows 7[/color:2a666332e5]: start het tool middels rechtsklik op "Zoek.exe" en dan kiezen voor Als Administrator uitvoeren.[/list:u:2a666332e5][/list:u:2a666332e5]
Er start nu een zwart CMD/Opdrachtpromptvenster op.
[list:2a666332e5][*:2a666332e5]Typ nu in dat venster B gevolgd door Enter om "Custom search" te starten.
[*:2a666332e5]Een kladblokdocument met de naam "input.txt" zal nu openen.
[*:2a666332e5]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster[/list:u:2a666332e5]
[color=#0000FF:2a666332e5]
isearch;
[/color:2a666332e5]

[list:2a666332e5][*:2a666332e5]Wanneer je de blauwe gekleurde tekst in het lege kladblokvenster geplakt hebt, mag je input.txt sluiten, laat de wijzigingen opslaan.[/list:u:2a666332e5]

[list:2a666332e5][*:2a666332e5]Hierna begint de scan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.[/list:u:2a666332e5]

honshu 9 maart 2012, 22:10

Nou redelijk vreemd hoor, ik gebruik diskmax en ccleaner en soms one button checkup

Abraham54 9 maart 2012, 22:22

Hmm, ik zal zien of ik je aan een echte professionele reiniger kan helpen.
Maar ik moet dan eerst controleren of de registratielink nog werkt!
En dat kan even duren, want ik heb het druk.

honshu 9 maart 2012, 22:30

Zoek.exe Version 2.0.0.9 Updated 04-March-2012
Tool run by Nico on vr 09-03-2012 at 22:26:18,26.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Nico\Desktop\zoek.exe
==== Folders Found ======================
==== Files Found ======================
had ik zelf al op gezocht maar kan ook niets vinden,
er is een manier om isearch te verwijderen door handmatig register verwijzingen te verwijderen; heb ik nog niet gedaan, niet omdat ik dat niet durf, maar vond het enigszins gecompliceerd; ga die site maar weer eens opzoeken waar de oplossing stond, tenzij we hier nog succes boeken.

honshu 9 maart 2012, 22:45

als die 1,5gB alles uit die temp folders is java cache kan dat wel kloppen, ik heb nogal wat traderprogramma's open op internet en het Tradebox van abnamro laat heel snel de javacache vollopen

honshu 9 maart 2012, 22:48

http://www.spyany.com/program/article_spw_rm_ISearch.html
lijkt je dit wat?

Abraham54 9 maart 2012, 23:59

Wil je het log gewoon posten en niet linken via een site die als gevaarlijk staat vermeld!

honshu 10 maart 2012, 07:38

ok prima hoor. (ik hou nooit zo van uitroepteken!!)

Abraham54 10 maart 2012, 10:38

Ik zie dat log nog steeds niet.....

honshu 10 maart 2012, 12:42

stond hier boven"
Zoek.exe Version 2.0.0.9 Updated 04-March-2012
Tool run by Nico on vr 09-03-2012 at 22:26:18,26.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Nico\Desktop\zoek.exe
==== Folders Found ======================
==== Files Found ======================

honshu 10 maart 2012, 13:03

stond hierboven
Zoek.exe Version 2.0.0.9 Updated 04-March-2012
Tool run by Nico on vr 09-03-2012 at 22:26:18,26.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Nico\Desktop\zoek.exe
==== Folders Found ======================
==== Files Found ======================
had ik zelf al op gezocht maar kan ook niets vinden,
er is een manier om isearch te verwijderen door handmatig register verwijzingen te verwijderen; heb ik nog niet gedaan, niet omdat ik dat niet durf, maar vond het enigszins gecompliceerd; ga die site maar weer eens opzoeken waar de oplossing stond, tenzij we hier nog succes boeken.

Abraham54 10 maart 2012, 13:45

Ik begrijp er ook niks van.
Post een nieuw OTL-log.

honshu 10 maart 2012, 14:02

krijg je nu maar 1 txt bestand, klopt dat. (dat extras zie ik niet)
OTL logfile created on: 10-3-2012 13:57:07 - Run 4
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Nico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

5,99 Gb Total Physical Memory | 4,41 Gb Available Physical Memory | 73,53% Memory free
6,38 Gb Paging File | 4,70 Gb Available in Paging File | 73,71% Paging File free
Paging file location(s): c:\pagefile.sys 400 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 72,35 Gb Free Space | 64,72% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 61,73 Mb Free Space | 61,73% Space Free | Partition Type: NTFS
Drive E: | 97,56 Gb Total Space | 73,36 Gb Free Space | 75,19% Space Free | Partition Type: NTFS
Drive F: | 833,86 Gb Total Space | 440,41 Gb Free Space | 52,82% Space Free | Partition Type: NTFS
Drive G: | 4,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717:c76a694f1e]========== Processes (SafeList) ==========[/color:c76a694f1e]

PRC - [2012-03-09 07:42:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.com
PRC - [2012-03-02 13:06:48 | 008,557,464 | ---- | M] (Innovative Solutions) -- C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
PRC - [2012-02-28 17:23:22 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012-01-23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012-01-19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-01-01 10:37:29 | 002,475,952 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011-05-19 04:00:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
PRC - [2011-05-19 04:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011-05-12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011-05-12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2010-12-08 13:21:24 | 001,273,856 | ---- | M] () -- C:\Program Files (x86)\anysee\Driver\CNO.exe
PRC - [2009-11-13 18:53:26 | 000,357,304 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009-11-13 18:52:10 | 005,075,776 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-11-18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008-01-22 17:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2006-12-19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


[color=#E56717:c76a694f1e]========== Modules (No Company Name) ==========[/color:c76a694f1e]

MOD - [2012-02-28 10:55:56 | 000,008,608 | ---- | M] () -- C:\Program Files (x86)\Innovative Solutions\DriverMax\sync.dll
MOD - [2011-10-05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010-12-08 13:21:24 | 001,273,856 | ---- | M] () -- C:\Program Files (x86)\anysee\Driver\CNO.exe
MOD - [2010-09-27 13:04:10 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\anysee\Driver\CNOPlugIns.dll


[color=#E56717:c76a694f1e]========== Win32 Services (SafeList) ==========[/color:c76a694f1e]

SRV:64bit: - [2011-09-27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011-04-27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011-04-27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009-08-18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-02-05 19:59:56 | 000,085,184 | ---- | M] (Macrovision ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2012-01-23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012-01-19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012-01-01 10:37:29 | 002,475,952 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011-12-31 16:59:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011-05-19 04:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011-05-12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011-05-12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-11-13 18:55:02 | 000,891,344 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-11-18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008-01-22 17:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006-12-19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


[color=#E56717:c76a694f1e]========== Driver Services (SafeList) ==========[/color:c76a694f1e]

DRV:64bit: - [2012-01-01 10:37:29 | 000,250,464 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012-01-01 10:37:27 | 001,477,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm255.sys -- (tdrpman255) Acronis Try&Decide and Restore Points filter (build 255)
DRV:64bit: - [2012-01-01 10:37:26 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012-01-01 10:37:25 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011-09-02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011-09-02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011-09-02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011-09-02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011-09-02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011-08-02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-04-27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010-12-02 08:42:02 | 000,834,048 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anyseeTU.SYS -- (AMTBDA_P861F)
DRV:64bit: - [2010-11-20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010-11-20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010-11-20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010-11-20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-07-27 09:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-07-27 09:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009-12-07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009-12-07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009-08-18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-08-03 11:12:00 | 001,289,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008-03-20 12:34:12 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aabed2.sys -- (e.dentifier2)
DRV:64bit: - [2007-08-13 03:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2011-05-20 15:31:06 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/02/20 20:55:00] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011-05-19 04:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717:c76a694f1e]========== Standard Registry (SafeList) ==========[/color:c76a694f1e]


[color=#E56717:c76a694f1e]========== Internet Explorer ==========[/color:c76a694f1e]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symbaloo.com/
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A F4 10 C8 D4 C7 CC 01 [binary data]
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1EFD50B3-2E9B-46E0-80B2-6D099AB91773}&mid=3166752f6b8047d19e719128c0e116f6-86d575b5e754d087a77665dfbc778dde796ffc3c&lang=en&ds=ft011&pr=sa&d=2012-03-04 10:26:35&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717:c76a694f1e]========== FireFox ==========[/color:c76a694f1e]

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@ABNAMRO/BECON,version=1.00: C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll (ABN AMRO)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)


[2011-12-31 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Extensions
[2011-12-31 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nico\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012-02-01 22:12:01 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

[color=#E56717:c76a694f1e]========== Chrome ==========[/color:c76a694f1e]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: ABN AMRO e.dentifier2 Plug-in (Enabled) = C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DealPly = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012-03-04 23:27:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [anysee CNO] C:\Program Files (x86)\anysee\Driver\CNO.exe ()
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001..\Run: [DriverMax] C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1109764070-618117929-3508857997-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Selectie converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar bestaande PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E9EC2EF-A6E2-4B2E-9D16-C7104CC3BCD8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717:c76a694f1e]========== Files/Folders - Created Within 30 Days ==========[/color:c76a694f1e]

[2012-03-09 17:20:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-03-09 14:38:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012-03-09 07:42:22 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.com
[2012-03-07 08:26:20 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Belastingdienst
[2012-03-07 08:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belastingdienst
[2012-03-07 08:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belastingdienst
[2012-03-06 16:47:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-03-05 19:44:35 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Gena01
[2012-03-05 19:11:32 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\CyberLink
[2012-03-05 18:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012-03-04 23:23:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-03-04 23:23:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-03-04 23:23:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-03-04 23:23:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012-03-04 23:21:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-04 23:20:56 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\Nico\Desktop\ComboFix.exe
[2012-03-04 23:19:25 | 000,000,000 | ---D | C] -- C:\TDSSStarter
[2012-03-04 15:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-03-04 15:36:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-03-04 15:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-03-04 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-03-04 10:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012-03-04 09:58:33 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2012-03-04 09:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2012-03-04 09:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions
[2012-03-04 09:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2012-03-04 09:41:02 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\TestApp
[2012-03-04 09:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Binarysense
[2012-03-04 09:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
[2012-03-04 09:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BinarySense
[2012-02-26 16:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2012-02-26 16:22:52 | 000,246,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2012-02-26 16:22:52 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012-02-26 16:22:52 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2012-02-26 16:22:52 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012-02-26 16:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2012-02-26 16:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2012-02-26 16:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xirrus
[2012-02-26 08:18:28 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\MetaGeek,_LLC
[2012-02-25 22:33:59 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2012-02-25 22:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek
[2012-02-20 20:56:54 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\CyberLink
[2012-02-20 20:55:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11
[2012-02-20 20:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012-02-20 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012-02-20 20:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012-02-20 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\MediaServer
[2012-02-20 20:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2012-02-20 20:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012-02-20 20:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012-02-19 21:50:19 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\TeamViewer
[2012-02-19 08:21:26 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Downloaded Installations
[2012-02-15 22:05:04 | 000,000,000 | ---D | C] -- e:\mijn documenten\4Videosoft Studio
[2012-02-15 22:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\4Videosoft Studio
[2012-02-15 22:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4Videosoft
[2012-02-15 22:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4Videosoft Studio
[2012-02-15 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\WinAVI
[2012-02-15 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\WinAVI
[2012-02-15 21:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI
[2012-02-15 21:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Premium
[2012-02-15 21:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012-02-15 21:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012-02-15 21:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2012-02-14 17:23:25 | 000,000,000 | ---D | C] -- C:\Need4Video files
[2012-02-14 17:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need4 Video Converter 9
[2012-02-14 17:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need4 Video Converter 9
[2012-02-14 16:50:25 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\Western Digital
[2012-02-14 12:36:31 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\AVS4YOU
[2012-02-14 12:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012-02-14 12:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012-02-14 12:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012-02-14 12:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012-02-14 12:20:57 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Local\Ahead
[2012-02-14 12:19:26 | 000,000,000 | ---D | C] -- C:\Users\Nico\AppData\Roaming\Ahead
[2012-02-14 12:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
[2012-02-09 20:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-02-09 20:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-02-09 20:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[color=#E56717:c76a694f1e]========== Files - Modified Within 30 Days ==========[/color:c76a694f1e]

[2012-03-10 13:21:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-10 12:43:27 | 001,563,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-03-10 12:43:27 | 000,708,176 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-03-10 12:43:27 | 000,621,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-03-10 12:43:27 | 000,136,066 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-03-10 12:43:27 | 000,108,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-03-10 12:43:01 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-03-10 12:43:01 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-03-10 12:35:57 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-10 12:35:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-03-09 22:26:16 | 000,765,440 | ---- | M] () -- C:\Users\Nico\Desktop\zoek.exe
[2012-03-09 07:42:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Nico\Desktop\OTL.com
[2012-03-08 20:41:37 | 001,263,787 | ---- | M] () -- e:\mijn documenten\rena stranding.pdf
[2012-03-07 08:25:17 | 000,001,407 | ---- | M] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2011.lnk
[2012-03-04 23:27:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-03-04 23:21:09 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Nico\Desktop\ComboFix.exe
[2012-03-04 23:18:58 | 000,092,672 | ---- | M] () -- C:\Users\Nico\Desktop\TDSSKStarter.exe
[2012-03-04 15:36:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-04 14:51:53 | 122,738,801 | ---- | M] () -- C:\Users\Nico\Desktop\EmsisoftEmergencyKit.zip
[2012-03-04 10:26:43 | 000,002,971 | ---- | M] () -- C:\Users\Nico\Desktop\HiJackThis.lnk
[2012-03-04 10:24:38 | 000,484,664 | ---- | M] () -- C:\Program Files\hijackthis-s32-downloader.exe
[2012-03-04 09:58:31 | 000,002,435 | ---- | M] () -- C:\Users\Nico\Desktop\Advanced Uninstaller PRO 10.lnk
[2012-03-04 09:47:19 | 000,002,563 | ---- | M] () -- C:\Users\Nico\Desktop\sdasetup.exe.lnk
[2012-03-04 09:41:03 | 000,002,578 | ---- | M] () -- C:\Users\Nico\Desktop\sdsetup_aff.exe.lnk
[2012-03-04 09:32:35 | 000,850,130 | ---- | M] () -- C:\Users\Nico\AppData\Local\census.cache
[2012-03-04 09:32:26 | 000,116,027 | ---- | M] () -- C:\Users\Nico\AppData\Local\ars.cache
[2012-03-04 09:27:35 | 000,000,036 | ---- | M] () -- C:\Users\Nico\AppData\Local\housecall.guid.cache
[2012-03-04 09:21:18 | 000,069,343 | ---- | M] () -- e:\mijn documenten\SSDLife.png
[2012-03-04 09:18:32 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\SSDlife Pro.lnk
[2012-03-04 08:59:43 | 000,001,234 | ---- | M] () -- C:\Users\Nico\Desktop\DriverMax.lnk
[2012-02-27 19:51:00 | 000,263,077 | ---- | M] () -- e:\mijn documenten\Copie polissen.pdf
[2012-02-20 20:55:00 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012-02-15 22:03:41 | 000,001,489 | ---- | M] () -- C:\Users\Nico\Desktop\4Videosoft Blu-ray to PS3 Ripper.lnk
[2012-02-15 21:44:31 | 000,002,806 | ---- | M] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,782 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,666 | ---- | M] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012-02-15 17:19:24 | 000,423,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-02-15 08:38:01 | 000,013,564 | ---- | M] () -- e:\mijn documenten\Database.kdb
[2012-02-14 17:26:23 | 254,393,502 | ---- | M] () -- e:\mijn documenten\Lady_Glorita.avi
[2012-02-14 17:26:23 | 095,552,102 | ---- | M] () -- e:\mijn documenten\Mijn diavoorstelling.avi
[2012-02-14 17:21:36 | 000,005,081 | ---- | M] () -- C:\ProgramData\hnbdehzc.pfe
[2012-02-14 17:20:48 | 000,001,167 | ---- | M] () -- C:\Users\Public\Desktop\Need4 Video Converter 9.lnk
[2012-02-09 20:37:53 | 000,001,282 | ---- | M] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-02-09 20:37:53 | 000,001,258 | ---- | M] () -- C:\Users\Nico\Desktop\Spybot - Search & Destroy.lnk

[color=#E56717:c76a694f1e]========== Files Created - No Company Name ==========[/color:c76a694f1e]

[2012-03-09 22:26:03 | 000,765,440 | ---- | C] () -- C:\Users\Nico\Desktop\zoek.exe
[2012-03-08 20:41:37 | 001,263,787 | ---- | C] () -- e:\mijn documenten\rena stranding.pdf
[2012-03-07 08:25:17 | 000,001,407 | ---- | C] () -- C:\Users\Public\Desktop\Aangifte inkomstenbelasting 2011.lnk
[2012-03-04 23:23:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-03-04 23:23:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-03-04 23:23:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-03-04 23:23:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-03-04 23:23:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-03-04 23:18:41 | 000,092,672 | ---- | C] () -- C:\Users\Nico\Desktop\TDSSKStarter.exe
[2012-03-04 15:36:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-03-04 14:50:06 | 122,738,801 | ---- | C] () -- C:\Users\Nico\Desktop\EmsisoftEmergencyKit.zip
[2012-03-04 10:26:43 | 000,002,971 | ---- | C] () -- C:\Users\Nico\Desktop\HiJackThis.lnk
[2012-03-04 10:24:38 | 000,484,664 | ---- | C] () -- C:\Program Files\hijackthis-s32-downloader.exe
[2012-03-04 09:58:31 | 000,002,435 | ---- | C] () -- C:\Users\Nico\Desktop\Advanced Uninstaller PRO 10.lnk
[2012-03-04 09:58:31 | 000,002,319 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 10.lnk
[2012-03-04 09:58:23 | 000,047,984 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl
[2012-03-04 09:47:19 | 000,002,563 | ---- | C] () -- C:\Users\Nico\Desktop\sdasetup.exe.lnk
[2012-03-04 09:41:03 | 000,002,578 | ---- | C] () -- C:\Users\Nico\Desktop\sdsetup_aff.exe.lnk
[2012-03-04 09:32:35 | 000,850,130 | ---- | C] () -- C:\Users\Nico\AppData\Local\census.cache
[2012-03-04 09:32:26 | 000,116,027 | ---- | C] () -- C:\Users\Nico\AppData\Local\ars.cache
[2012-03-04 09:27:35 | 000,000,036 | ---- | C] () -- C:\Users\Nico\AppData\Local\housecall.guid.cache
[2012-03-04 09:21:18 | 000,069,343 | ---- | C] () -- e:\mijn documenten\SSDLife.png
[2012-03-04 09:18:32 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\SSDlife Pro.lnk
[2012-02-27 19:51:00 | 000,263,077 | ---- | C] () -- e:\mijn documenten\Copie polissen.pdf
[2012-02-20 20:55:00 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 11.lnk
[2012-02-15 22:03:41 | 000,001,489 | ---- | C] () -- C:\Users\Nico\Desktop\4Videosoft Blu-ray to PS3 Ripper.lnk
[2012-02-15 21:44:31 | 000,002,806 | ---- | C] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,782 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2012-02-15 21:44:31 | 000,002,666 | ---- | C] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2012-02-14 17:21:36 | 000,005,081 | ---- | C] () -- C:\ProgramData\hnbdehzc.pfe
[2012-02-14 17:20:48 | 000,001,167 | ---- | C] () -- C:\Users\Public\Desktop\Need4 Video Converter 9.lnk
[2012-02-14 11:45:47 | 095,552,102 | ---- | C] () -- e:\mijn documenten\Mijn diavoorstelling.avi
[2012-02-14 11:44:24 | 254,393,502 | ---- | C] () -- e:\mijn documenten\Lady_Glorita.avi
[2012-02-09 20:37:53 | 000,001,282 | ---- | C] () -- C:\Users\Nico\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012-02-09 20:37:53 | 000,001,258 | ---- | C] () -- C:\Users\Nico\Desktop\Spybot - Search & Destroy.lnk
[2012-02-09 12:08:39 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012-01-08 14:49:11 | 000,003,584 | ---- | C] () -- C:\Users\Nico\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-01 09:15:27 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011-12-31 18:53:32 | 001,587,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-31 18:25:10 | 000,000,000 | ---- | C] () -- C:\Users\Nico\AppData\Local\{61FE4B3A-9A57-4BBB-9247-158D9B608D2D}
[2011-12-31 16:58:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-12-31 16:58:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-12-31 16:52:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-12-08 08:19:32 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

[color=#E56717:c76a694f1e]========== LOP Check ==========[/color:c76a694f1e]

[2012-01-01 11:18:38 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\ACD Systems
[2012-01-01 16:48:13 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Acronis
[2012-01-08 15:13:20 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Ashampoo
[2012-03-07 08:28:42 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Belastingdienst
[2012-01-20 09:25:46 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Canon
[2012-02-19 08:21:26 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Downloaded Installations
[2012-02-18 11:39:11 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Dropbox
[2012-03-05 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Gena01
[2012-01-03 22:52:26 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Gogii
[2012-01-18 22:38:52 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\KeePass
[2011-12-31 18:50:42 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\KoshyJohn.com
[2011-12-31 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Leadertech
[2012-02-09 12:10:40 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\Leawo
[2012-02-19 21:54:39 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TeamViewer
[2012-03-04 09:41:02 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TestApp
[2012-02-09 12:11:03 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\tiger-k
[2011-12-31 19:07:51 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\TomTom
[2012-02-15 21:58:31 | 000,000,000 | ---D | M] -- C:\Users\Nico\AppData\Roaming\WinAVI
[2012-01-30 20:48:16 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717:c76a694f1e]========== Purity Check ==========[/color:c76a694f1e]



[color=#E56717:c76a694f1e]========== Alternate Data Streams ==========[/color:c76a694f1e]

@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Mijn diavoorstelling.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Lady_Glorita.avi:TOC.WMV
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >

Abraham54 10 maart 2012, 14:17

Doe eerst het volgende:
Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters!
Start OTL[list:551894a3be][*:551894a3be]Plak de volgende (vetgedrukte, blauwe tekst) onder [color=#0000FF:551894a3be]Custom Scans/Fixes[/color:551894a3be]
[color=#0000FF:551894a3be]
:OTL
@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Mijn diavoorstelling.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Lady_Glorita.avi:TOC.WMV
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
:Services
:Reg
:Files
:Commands
[purity]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot][/color:551894a3be]

[*:551894a3be]Klik daarna bovenaan op de knop [color=#FF0000:551894a3be]Run Fix[/color:551894a3be][*:551894a3be]Laat het programma ongestoord zijn werk doen.
[*:551894a3be]De pc zal na afloop opnieuw opgestart worden.
[*:551894a3be]Post tevens de inhoud van het OTL-scanlog[/list:u:551894a3be]
Daarna gebruik je Zoek.exe weer:
"Zoek.exe" gebruiken:
[list:551894a3be][*:551894a3be] [color=#0000FF:551894a3be]Sluit nu eerst alle nog openstaande programmavensters![/color:551894a3be]
[list:551894a3be][*:551894a3be][color=#0000FF:551894a3be]Windows 2000[/color:551894a3be] en [color=#0000FF:551894a3be]Windows XP[/color:551894a3be]: start het tool middels dubbelklik op "Zoek.exe".
[*:551894a3be][color=#0000FF:551894a3be]Windows Vista[/color:551894a3be] en [color=#0000FF:551894a3be]Windows 7[/color:551894a3be]: start het tool middels rechtsklik op "Zoek.exe" en dan kiezen voor Als Administrator uitvoeren.[/list:u:551894a3be][/list:u:551894a3be]
Er start nu een zwart CMD/Opdrachtpromptvenster op.
[list:551894a3be][*:551894a3be]Typ nu in dat venster E gevolgd door Enter om "View content of folders" te starten.
[*:551894a3be]Een kladblokdocument met de naam "input.txt" zal nu openen.
[*:551894a3be]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenster[/list:u:551894a3be]
[color=#0000FF:551894a3be]
{95B7759C-8C7F-4BF1-B163-73684A933233};
{1EFD50B3-2E9B-46E0-80B2-6D099AB91773};
{afdbddaa-5d3f-42ee-b79c-185a7020515b};
[/color:551894a3be]

[list:551894a3be][*:551894a3be]Wanneer je de blauwe gekleurde tekst in het lege kladblokvenster geplakt hebt, mag je input.txt sluiten, laat de wijzigingen opslaan.[/list:u:551894a3be]
[indent][indent][/indent][/indent]
[list:551894a3be][*:551894a3be]Hierna begint de scan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.[/list:u:551894a3be]

honshu 10 maart 2012, 14:39

All processes killed
Error: Unable to interpret <@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Mijn diavoorstelling.avi:TOC.WMV > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 64 bytes -> e:\mijn documenten\Lady_Glorita.avi:TOC.WMV > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 > in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: N. van der Zwan
->Temp folder emptied: 0 bytes

User: Nico
->Temp folder emptied: 148323 bytes
->Temporary Internet Files folder emptied: 11205102 bytes
->Java cache emptied: 20038702 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 615 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2062 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 394167 bytes

Total Files Cleaned = 30,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: N. van der Zwan

User: Nico
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.36.2 log created on 03102012_143256
Files\Folders moved on Reboot...
C:\Users\Nico\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6BDA2IP\plusone_gadget[1].htm moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3SG7WHD\like[1].htm moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D60ARPI3\timeout[1].htm moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2D1D2T6D\neosansstd-regular-webfont[1].eot moved successfully.
C:\Users\Nico\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2D1D2T6D\tweet_button.1331069346[1].htm moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...

honshu 10 maart 2012, 14:44

zoek exe openen:
bij D staat bij mij view content of folders
bij E staat bij mij Delete by CLSID

honshu 10 maart 2012, 14:50

kom in het register redelijk veel verwijzingen naar isearch tegen en nog enkele AVG secure toolbar

Abraham54 10 maart 2012, 15:06

Je bedoelt via zoeken daarop?
Dan mag je die verwijderen!
En wat betreft antivirussoftware, wat ga je doen?

honshu 10 maart 2012, 15:11

via zoeken ja.
heb nu security essentials van microsoft draaien, en kijk even naar dat avast free, kan dat samen eigenlijk? liever niet he?

Abraham54 10 maart 2012, 15:15

MSE is in vergelijking met de versie uit begin 2011 minder geworden.
Avast 7 Free is de top!
En inderdaad maar één antivirusprogramma gebruiken.

honshu 10 maart 2012, 16:50

bij D staat bij mij view content of folders
bij E staat bij mij Delete by CLSID

honshu 10 maart 2012, 17:05

alle vewijzingen naar isearch en avg handmatig uit het register verwijderd en het isearch is dan eindelijk verdwenen.........

Abraham54 10 maart 2012, 19:53

Goed gedaan dus.
AVG laatst zich echt heel lastig verwijderen!
Heb je ondertussen nog stappen genomen om Avast 7 alsnog te nemen?

Antwoord niet gevonden? Stel hier je vraag: