Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

kan een hijack log van m'n PC uitsluitsel geven ?

None
59 antwoorden
  • Rare titel, ik geef het toe. Wat is er aan de hand ? Het geluid van mijn computer valt weer eens weg.
    Zie http://forum.computertotaal.nl/phpBB2/viewtopic.php?t=217128
    Als dit het enige probleem was, had ik dit topic niet aangemaakt maar een ander fenomeen doet zich voor: laat ik mijn computer lange tijd onaangeroerd (kwartier, halfuur) krijg ik Internet explorer niet meer aan de praat. Via Ctrl, Alt Del uitschakelen en weer opstarten en alles is weer normaal. Daarnaast duurt het een eeuwigheid voor ik mijn computer kan opstarten. Ik ben dan ook benieuwd hoe dit komt. Kan iemand de hieronder staande log even bekijken ? Alvast bedankt.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:39:04, on 13/05/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation
    view
    wiz.exe /installquiet
    O4 - HKLM\..\Run: [Driver Update and remove for Windows x64 or x86_32] C:\Program Files\Realtek\Audio\Drivers\RtlUpd.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
    O4 - HKUS\S-1-5-21-842925246-1592454029-1417001333-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: PDF in Word openen (PDF Converter 3.0) - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3
    esources/MSNPUpld.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.spector.be/DesktopModules/SpectorAlbum/ImageUploader5.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224070674171
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Acronis Nonstop Backup-service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
    O23 - Service: Google Update Service (gupdate1c9c7b35e2a82cc) (gupdate1c9c7b35e2a82cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\paul\LOCALS~1\Temp\hpdj.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe


    End of file - 10938 bytes
  • Hallo Paul, je log vertoont geen sporen va malware enz.
    Maar dat hoeft nog niks te zeggen.

    Begin met het volgende: verwijder Lavasoft AdAware.
    Dat zal jouw Windows ook blij maken.

    Daarna ga je verder met ondertaande:

    [b:eb6459f85f]Stap •1•[/b:eb6459f85f][/color:eb6459f85f]
    [b:eb6459f85f]Welk programma[/b:eb6459f85f]: [b:eb6459f85f]Emsisoft Emergency Kit 1.0[/b:eb6459f85f][/color:eb6459f85f]
    [b:eb6459f85f]Waarvoor/waarom[/b:eb6459f85f]: Detecteert en verwijdert malware
    [b:eb6459f85f]Moeilijkheidsgraad[/b:eb6459f85f]: geen.
    Download: [b:eb6459f85f]Emsisoft Emergency Kit[/color:eb6459f85f][/b:eb6459f85f]

    [b:eb6459f85f]Opmerkingen[/b:eb6459f85f]:[list:eb6459f85f][*:eb6459f85f]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad.
    [*:eb6459f85f]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:eb6459f85f]

    [b:eb6459f85f]Emsisoft Emergency Kit opstarten[/b:eb6459f85f] door de map "[b:eb6459f85f]EmsisoftEmergencyKit[/b:eb6459f85f]" te openen
    [list:eb6459f85f][list:eb6459f85f][*:eb6459f85f][b:eb6459f85f]Windows 2000[/color:eb6459f85f][/b:eb6459f85f] en [b:eb6459f85f]Windows XP[/b:eb6459f85f][/color:eb6459f85f]: dubbelklik op "Start.exe".
    [*:eb6459f85f][b:eb6459f85f]Windows Vista[/b:eb6459f85f][/color:eb6459f85f] en [b:eb6459f85f]Windows 7[/b:eb6459f85f][/color:eb6459f85f]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:eb6459f85f][/list:u:eb6459f85f]

    [b:eb6459f85f]Scannen[/b:eb6459f85f]:
    [list:eb6459f85f][*:eb6459f85f] Klik nu in het keuzescherm op "[b:eb6459f85f]Emergency Kit Scanner[/b:eb6459f85f]" en aansluitend komt dan de melding,
    dat het is aanbevolen om eerst te updaten.

    [img:eb6459f85f]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:eb6459f85f]


    [*:eb6459f85f]Doe dit dan ook door te klikken op "[b:eb6459f85f]Ja[/b:eb6459f85f]"
    [*:eb6459f85f]Wanneer het updaten gereed is volgt de melding "[b:eb6459f85f]Update proces is succesvol afgerond[/b:eb6459f85f]"
    [*:eb6459f85f]Klik nu op"[b:eb6459f85f]Menu[/b:eb6459f85f]" en dan op "[b:eb6459f85f]Scan PC[/b:eb6459f85f]"
    [*:eb6459f85f] Selecteer de optie "[b:eb6459f85f]Diep[/b:eb6459f85f]" als deze niet standaard al zo is ingesteld.
    [*:eb6459f85f] Klik aansluitend op de knop "[b:eb6459f85f]Scan[/b:eb6459f85f]"
    [list:eb6459f85f][*:eb6459f85f]Wees geduldig en doe verder niets met de computer gedurende de scan,
    daar de scan geruime tijd kan duren.[/list:u:eb6459f85f]
    [*:eb6459f85f] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is.

    [*:eb6459f85f] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:eb6459f85f]Verwijder geselecteerde[/b:eb6459f85f]" - dan zal de volgende melding komen:

    [img:eb6459f85f]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:eb6459f85f]

    [*:eb6459f85f]Klik aansluitend dus op "[b:eb6459f85f]Ja[/b:eb6459f85f]"
    [*:eb6459f85f] Wanneer het verwijderen klaar is, klik dan op de knop "[b:eb6459f85f]View report[/b:eb6459f85f]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:eb6459f85f]a2scan_110730-111615.txt[/b:eb6459f85f]
    [*:eb6459f85f] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:eb6459f85f]
    [b:eb6459f85f]Notabene:[/b:eb6459f85f][/color:eb6459f85f] Herstart nu de computer.

    [b:eb6459f85f]Stap •2•[/b:eb6459f85f][/color:eb6459f85f]
    [b:eb6459f85f]Welk programma[/b:eb6459f85f]: [b:eb6459f85f]Malwarebytes MBAM[/b:eb6459f85f][/color:eb6459f85f]
    [b:eb6459f85f]Waarvoor/waarom[/b:eb6459f85f]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:eb6459f85f]Moeilijkheidsgraad[/b:eb6459f85f]: geen.

    [b:eb6459f85f]Download Malwarebytes MBAM via één van deze locaties[/b:eb6459f85f]:
    [list:eb6459f85f][*:eb6459f85f][b:eb6459f85f]Softpedia.com[/b:eb6459f85f][*:eb6459f85f][b:eb6459f85f]Majorgeeks.com[/b:eb6459f85f][/list:u:eb6459f85f]
    [b:eb6459f85f]Allereerst[/b:eb6459f85f]:[list:eb6459f85f][*:eb6459f85f] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:eb6459f85f] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:eb6459f85f]
    [b:eb6459f85f]Malwarebytes MBAM opstarten[/b:eb6459f85f]:
    [list:eb6459f85f][*:eb6459f85f] [b:eb6459f85f]Sluit nu eerst alle nog openstaande programmavensters![/color:eb6459f85f][/b:eb6459f85f]
    [list:eb6459f85f][*:eb6459f85f][b:eb6459f85f]Windows 2000[/color:eb6459f85f][/b:eb6459f85f] en [b:eb6459f85f]Windows XP[/b:eb6459f85f][/color:eb6459f85f]: start MBAM middels dubbelklik op de snelkoppeling.
    [*:eb6459f85f][b:eb6459f85f]Windows Vista[/b:eb6459f85f][/color:eb6459f85f] en [b:eb6459f85f]Windows 7[/b:eb6459f85f][/color:eb6459f85f]: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:eb6459f85f][/list:u:eb6459f85f]
    [list:eb6459f85f][*:eb6459f85f][b:eb6459f85f]Let op:[/b:eb6459f85f]
    [list:eb6459f85f][*:eb6459f85f]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:eb6459f85f]Bij de eerstse start kijg je de mogelijkheid de volledige versie tijdelijk te gebruiken of de gratis versie.
    [*:eb6459f85f]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    [*:eb6459f85f]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:eb6459f85f]
    [img:eb6459f85f]http://img30.imageshack.us/img30/3928/mbam2.png[/img:eb6459f85f]

    [*:eb6459f85f][b:eb6459f85f]Doe ook nog het volgende:[/b:eb6459f85f]
    [list:eb6459f85f][*:eb6459f85f]Zodra het programma gestart is, ga dan naar het tabblad "[b:eb6459f85f]Instellingen[/b:eb6459f85f]".
    [*:eb6459f85f]Vink hier aan: "[b:eb6459f85f]Sluit Internet Explorer tijdens verwijdering van malware[/b:eb6459f85f]".[/list:u:eb6459f85f][/list:u:eb6459f85f]

    [b:eb6459f85f]Scannen[/b:eb6459f85f]:
    [list:eb6459f85f][*:eb6459f85f] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:eb6459f85f]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:eb6459f85f]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:eb6459f85f]
    [b:eb6459f85f]Infecties gevonden[/b:eb6459f85f]:
    [list:eb6459f85f][*:eb6459f85f]Klik nu eerst op OK om de melding weg te klikken
    [*:eb6459f85f]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:eb6459f85f]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:eb6459f85f]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:eb6459f85f]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:eb6459f85f]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:eb6459f85f]
    [b:eb6459f85f]MBAM-Log[/b:eb6459f85f]:
    [list:eb6459f85f][*:eb6459f85f] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:eb6459f85f]
    [b:eb6459f85f]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:eb6459f85f]

    [b:eb6459f85f]Stap •3•[/b:eb6459f85f][/color:eb6459f85f]
    Samenvattend: in je volgende bericht post je dus zowel de inhoud van de [b:eb6459f85f]Emergency Kit Scanner[/b:eb6459f85f] en dito [b:eb6459f85f]MBAM[/b:eb6459f85f]
  • Hallo Abraham, ik laat even weten dat de scan sinds vanmorgen wordt uitgevoerd. (ik typ dit vanop een laptop) Na zo'n 3 uur zit hij echter nog maar aan 12 %… Laten we het er maar op houden dat dit dan ook héél zorgvuldig wordt gedaan. Als het aan dit tempo doorgaat post ik de resultaten van zodra ik ze heb: morgenvroeg :wink:
  • Je hebt het over de Emisoft scan - ja die is zeer grondig!
  • Oef, eindelijk klaar. Hier is het log-bestand:

    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 14/05/2012 9:41:36

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\, F:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 14/05/2012 9:41:51

    c:\documents and settings\marijke\bureaublad\Morpheus Clean Disk 2002.lnk Ontdekt: Trace.File.Morpheus Clean Disc!A2
    Key: HKEY_CURRENT_USER\software\kazaa Ontdekt: Trace.Registry.KaZaA!A2
    Key: HKEY_USERS\marijke\software\microsoft\windows\currentversion\ext\stats\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc} Ontdekt: Trace.Registry.NavExcel!A2
    Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems Ontdekt: Trace.Registry.Trymedia!A2
    Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software Ontdekt: Trace.Registry.Trymedia!A2
    C:\Documents and Settings\paul\Cookies\paul@about[3].txt Ontdekt: Trace.TrackingCookie.about!A2
    C:\Documents and Settings\paul\Cookies\paul@angelfire[1].txt Ontdekt: Trace.TrackingCookie.angelfire!A2
    C:\Documents and Settings\paul\Cookies\paul@com[1].txt Ontdekt: Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@com[2].txt Ontdekt: Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@com[3].txt Ontdekt: Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@com[4].txt Ontdekt: Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@com[5].txt Ontdekt: Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[1].txt Ontdekt: Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[2].txt Ontdekt: Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[3].txt Ontdekt: Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[4].txt Ontdekt: Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[5].txt Ontdekt: Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[6].txt Ontdekt: Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[7].txt Ontdekt: Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[8].txt Ontdekt: Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ru4[2].txt Ontdekt: Trace.TrackingCookie.ru4!A2
    C:\Documents and Settings\paul\Cookies\paul@ru4[3].txt Ontdekt: Trace.TrackingCookie.ru4!A2
    C:\Documents and Settings\paul\Cookies\paul@stat.dealtime[1].txt Ontdekt: Trace.TrackingCookie.stat.dealtime!A2
    C:\Documents and Settings\paul\Cookies\paul@stat.dealtime[2].txt Ontdekt: Trace.TrackingCookie.stat.dealtime!A2
    C:\Documents and Settings\paul\Cookies\paul@stat.dealtime[3].txt Ontdekt: Trace.TrackingCookie.stat.dealtime!A2
    C:\Documents and Settings\paul\Cookies\paul@superstats[1].txt Ontdekt: Trace.TrackingCookie.superstats!A2
    C:\Documents and Settings\paul\Cookies\paul@superstats[2].txt Ontdekt: Trace.TrackingCookie.superstats!A2
    C:\Documents and Settings\paul\Cookies\paul@superstats[3].txt Ontdekt: Trace.TrackingCookie.superstats!A2
    C:\Documents and Settings\arno\Cookies\arno@about[1].txt Ontdekt: Trace.TrackingCookie.about!A2
    C:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis True Image Server v8.0.774 Incl.Keygen-SSG.rar/acrti80serverkg.exe Ontdekt: Riskware.Keygen.SuspectCRC!IK
    C:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis True Image Server v8.0.774 Incl.Keygen-SSG.rar/ssg.nfo Ontdekt: Riskware.Keygen.SuspectCRC!IK
    C:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis.Partition.Expert.2003.Build.285.Incl.Keygen-ROR.ShareReactor.rar/Acronis.Partition.Expert.2003.Build.285.Incl.Keygen-ROR\keygen.exe Ontdekt: Riskware.RiskTool.Win32.HideRun!IK
    C:\Program Files\FoxTabVideoConverter\VideoConverter.exe Ontdekt: Riskware.Win32.InstallCore.AMN!A2
    C:\Program Files\Vuze\.install4j\i4j_extf_8_5p83tu.exe Ontdekt: Riskware.WebToolbar.Win32.MyWebSearch!IK
    F:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis True Image Server v8.0.774 Incl.Keygen-SSG.rar/acrti80serverkg.exe Ontdekt: Riskware.Keygen.SuspectCRC!IK
    F:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis True Image Server v8.0.774 Incl.Keygen-SSG.rar/ssg.nfo Ontdekt: Riskware.Keygen.SuspectCRC!IK
    F:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis.Partition.Expert.2003.Build.285.Incl.Keygen-ROR.ShareReactor.rar/Acronis.Partition.Expert.2003.Build.285.Incl.Keygen-ROR\keygen.exe Ontdekt: Riskware.RiskTool.Win32.HideRun!IK
    F:\Program Files\FoxTabVideoConverter\VideoConverter.exe Ontdekt: Riskware.Win32.InstallCore.AMN!A2
    F:\Program Files\Vuze\.install4j\i4j_extf_8_5p83tu.exe Ontdekt: Riskware.WebToolbar.Win32.MyWebSearch!IK

    Gescand

    Bestanden: 1019420
    Sporen: 592488
    Cookies: 16271
    Processen: 35

    Gevonden

    Bestanden: 10
    Sporen: 5
    Cookies: 24
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 14/05/2012 19:28:09
    Scantijd: 9:46:18

    C:\Program Files\Vuze\.install4j\i4j_extf_8_5p83tu.exe Verwijderd Riskware.WebToolbar.Win32.MyWebSearch!IK
    F:\Program Files\Vuze\.install4j\i4j_extf_8_5p83tu.exe Verwijderd Riskware.WebToolbar.Win32.MyWebSearch!IK
    C:\Program Files\FoxTabVideoConverter\VideoConverter.exe Verwijderd Riskware.Win32.InstallCore.AMN!A2
    F:\Program Files\FoxTabVideoConverter\VideoConverter.exe Verwijderd Riskware.Win32.InstallCore.AMN!A2
    C:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis.Partition.Expert.2003.Build.285.Incl.Keygen-ROR.ShareReactor.rar/Acronis.Partition.Expert.2003.Build.285.Incl.Keygen-ROR\keygen.exe Verwijderd Riskware.RiskTool.Win32.HideRun!IK
    F:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis.Partition.Expert.2003.Build.285.Incl.Keygen-ROR.ShareReactor.rar/Acronis.Partition.Expert.2003.Build.285.Incl.Keygen-ROR\keygen.exe Verwijderd Riskware.RiskTool.Win32.HideRun!IK
    C:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis True Image Server v8.0.774 Incl.Keygen-SSG.rar/acrti80serverkg.exe Verwijderd Riskware.Keygen.SuspectCRC!IK
    C:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis True Image Server v8.0.774 Incl.Keygen-SSG.rar/ssg.nfo Verwijderd Riskware.Keygen.SuspectCRC!IK
    F:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis True Image Server v8.0.774 Incl.Keygen-SSG.rar/acrti80serverkg.exe Verwijderd Riskware.Keygen.SuspectCRC!IK
    F:\Documents and Settings\paul\Mijn documenten\Downloads\Acronis True Image Server v8.0.774 Incl.Keygen-SSG.rar/ssg.nfo Verwijderd Riskware.Keygen.SuspectCRC!IK
    C:\Documents and Settings\paul\Cookies\paul@superstats[1].txt Verwijderd Trace.TrackingCookie.superstats!A2
    C:\Documents and Settings\paul\Cookies\paul@superstats[2].txt Verwijderd Trace.TrackingCookie.superstats!A2
    C:\Documents and Settings\paul\Cookies\paul@superstats[3].txt Verwijderd Trace.TrackingCookie.superstats!A2
    C:\Documents and Settings\paul\Cookies\paul@stat.dealtime[1].txt Verwijderd Trace.TrackingCookie.stat.dealtime!A2
    C:\Documents and Settings\paul\Cookies\paul@stat.dealtime[2].txt Verwijderd Trace.TrackingCookie.stat.dealtime!A2
    C:\Documents and Settings\paul\Cookies\paul@stat.dealtime[3].txt Verwijderd Trace.TrackingCookie.stat.dealtime!A2
    C:\Documents and Settings\paul\Cookies\paul@ru4[2].txt Verwijderd Trace.TrackingCookie.ru4!A2
    C:\Documents and Settings\paul\Cookies\paul@ru4[3].txt Verwijderd Trace.TrackingCookie.ru4!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[1].txt Verwijderd Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[2].txt Verwijderd Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[3].txt Verwijderd Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[4].txt Verwijderd Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[5].txt Verwijderd Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[6].txt Verwijderd Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[7].txt Verwijderd Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@ebay.com[8].txt Verwijderd Trace.TrackingCookie.ebay.com!A2
    C:\Documents and Settings\paul\Cookies\paul@com[1].txt Verwijderd Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@com[2].txt Verwijderd Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@com[3].txt Verwijderd Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@com[4].txt Verwijderd Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@com[5].txt Verwijderd Trace.TrackingCookie.com!A2
    C:\Documents and Settings\paul\Cookies\paul@angelfire[1].txt Verwijderd Trace.TrackingCookie.angelfire!A2
    C:\Documents and Settings\paul\Cookies\paul@about[3].txt Verwijderd Trace.TrackingCookie.about!A2
    C:\Documents and Settings\arno\Cookies\arno@about[1].txt Verwijderd Trace.TrackingCookie.about!A2
    Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems Verwijderd Trace.Registry.Trymedia!A2
    Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software Verwijderd Trace.Registry.Trymedia!A2
    Key: HKEY_USERS\marijke\software\microsoft\windows\currentversion\ext\stats\{c1e58a84-95b3-4630-b8c2-d06b77b7a0fc} Verwijderd Trace.Registry.NavExcel!A2
    Key: HKEY_CURRENT_USER\software\kazaa Verwijderd Trace.Registry.KaZaA!A2
    c:\documents and settings\marijke\bureaublad\Morpheus Clean Disk 2002.lnk Verwijderd Trace.File.Morpheus Clean Disc!A2

    Verwijderd

    Bestanden: 10
    Sporen: 5
    Cookies: 24
  • En hier volgt de MBAM log:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Databaseversie: v2012.05.14.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    paul :: STILLEPC [administrator]

    14/05/2012 19:48:20
    mbam-log-2012-05-14 (19-48-20).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 393167
    Verstreken tijd: 8 minuut/minuten, 3 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
  • Hallo Paul, eerst het volgende weetje:

    [b:085cc31f1c]makers van keygens, cracks, fixes en activators krijgen een bonus van de internetmaffia per geïnfecteerde Windows![/b:085cc31f1c][/color:085cc31f1c]

    [b:085cc31f1c]Welk programma[/b:085cc31f1c]: [b:085cc31f1c]TDSSStarter .exe[/b:085cc31f1c]
    [b:085cc31f1c]Waarvoor/waarom[/b:085cc31f1c]: Rootkitscanner
    [b:085cc31f1c]Moeilijkheidsgraad[/b:085cc31f1c]: geen
    Download [b:085cc31f1c]TDSSStarter [/b:085cc31f1c] naar het bureaublad.

    [b:085cc31f1c]"TDSSSStarter.exe" gebruiken[/b:085cc31f1c]:
    [list:085cc31f1c][*:085cc31f1c] [b:085cc31f1c]Sluit nu eerst alle nog openstaande programmavensters![/color:085cc31f1c][/b:085cc31f1c]
    [list:085cc31f1c][*:085cc31f1c][b:085cc31f1c]Windows 2000[/color:085cc31f1c][/b:085cc31f1c] en [b:085cc31f1c]Windows XP[/b:085cc31f1c][/color:085cc31f1c]: start "[b:085cc31f1c] TDSSStarter .exe[/b:085cc31f1c]" middels dubbelklikken op .
    [*:085cc31f1c][b:085cc31f1c]Windows Vista[/b:085cc31f1c][/color:085cc31f1c] en [b:085cc31f1c]Windows 7[/b:085cc31f1c][/color:085cc31f1c]: start "[b:085cc31f1c] TDSSStarter .exe[/b:085cc31f1c]" middels rechtsklik en kies dan voor [b:085cc31f1c]Als Administrator uitvoeren[/b:085cc31f1c].[/list:u:085cc31f1c]
    [*:085cc31f1c]Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
    [*:085cc31f1c]Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.[/list:u:085cc31f1c]
  • 22:24:19.0484 0896 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
    22:24:19.0484 0896 ============================================================
    22:24:19.0484 0896 Current date / time: 2012/05/14 22:24:19.0484
    22:24:19.0484 0896 SystemInfo:
    22:24:19.0484 0896
    22:24:19.0484 0896 OS Version: 5.1.2600 ServicePack: 3.0
    22:24:19.0484 0896 Product type: Workstation
    22:24:19.0484 0896 ComputerName: STILLEPC
    22:24:19.0484 0896 UserName: paul
    22:24:19.0484 0896 Windows directory: C:\WINDOWS
    22:24:19.0484 0896 System windows directory: C:\WINDOWS
    22:24:19.0484 0896 Processor architecture: Intel x86
    22:24:19.0484 0896 Number of processors: 4
    22:24:19.0484 0896 Page size: 0x1000
    22:24:19.0484 0896 Boot type: Normal boot
    22:24:19.0484 0896 ============================================================
    22:24:21.0093 0896 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:24:21.0093 0896 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:24:21.0109 0896 ============================================================
    22:24:21.0109 0896 \Device\Harddisk1\DR1:
    22:24:21.0109 0896 MBR partitions:
    22:24:21.0109 0896 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    22:24:21.0109 0896 \Device\Harddisk0\DR0:
    22:24:21.0109 0896 MBR partitions:
    22:24:21.0109 0896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
    22:24:21.0109 0896 ============================================================
    22:24:21.0156 0896 C: <-> \Device\Harddisk1\DR1\Partition0
    22:24:21.0187 0896 F: <-> \Device\Harddisk0\DR0\Partition0
    22:24:21.0187 0896 ============================================================
    22:24:21.0187 0896 Initialize success
    22:24:21.0187 0896 ============================================================
    22:24:21.0218 2652 ============================================================
    22:24:21.0218 2652 Scan started
    22:24:21.0218 2652 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    22:24:21.0218 2652 ============================================================
    22:24:22.0437 2652 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:24:23.0453 2652 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:24:23.0703 2652 AcrSch2Svc (5f9a7fb02944f0e557d8ee786f04c57f) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    22:24:23.0859 2652 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    22:24:24.0000 2652 AdobeActiveFileMonitor4.0 (cbce4e5e5cfc29efaac14a9de290a855) C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    22:24:24.0000 2652 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:24.0000 2652 AdobeActiveFileMonitor4.0 - detected UnsignedFile.Multi.Generic (1)
    22:24:24.0109 2652 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    22:24:24.0218 2652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    22:24:24.0328 2652 afcdp (53696ad8ffc5fac51949a525ff65a689) C:\WINDOWS\system32\DRIVERS\afcdp.sys
    22:24:25.0000 2652 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    22:24:25.0296 2652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    22:24:25.0421 2652 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
    22:24:25.0437 2652 AFS2K ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:25.0437 2652 AFS2K - detected UnsignedFile.Multi.Generic (1)
    22:24:25.0750 2652 Akamai (d76cf65239d2cddbad1eee73567fca45) C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll
    22:24:26.0031 2652 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
    22:24:26.0156 2652 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
    22:24:26.0312 2652 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    22:24:26.0562 2652 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    22:24:26.0625 2652 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    22:24:26.0734 2652 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:24:26.0750 2652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    22:24:26.0953 2652 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    22:24:27.0000 2652 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) C:\WINDOWS\system32\DRIVERS\AsusVRC.sys
    22:24:27.0015 2652 ASUSVRC ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:27.0015 2652 ASUSVRC - detected UnsignedFile.Multi.Generic (1)
    22:24:27.0046 2652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:24:27.0171 2652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:24:27.0281 2652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:24:27.0406 2652 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
    22:24:27.0500 2652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:24:27.0625 2652 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    22:24:27.0656 2652 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    22:24:27.0687 2652 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    22:24:27.0734 2652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    22:24:27.0875 2652 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
    22:24:28.0046 2652 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    22:24:28.0156 2652 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
    22:24:28.0328 2652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:24:28.0437 2652 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    22:24:28.0562 2652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:24:28.0671 2652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    22:24:28.0796 2652 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:24:28.0890 2652 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
    22:24:28.0984 2652 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
    22:24:29.0125 2652 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:24:29.0171 2652 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
    22:24:29.0328 2652 DcomLaunch (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\system32\rpcss.dll
    22:24:29.0406 2652 Dhcp (146ab038f5dbb366122d28444999ab2c) C:\WINDOWS\System32\dhcpcsvc.dll
    22:24:29.0515 2652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    22:24:29.0640 2652 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
    22:24:29.0765 2652 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
    22:24:29.0890 2652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    22:24:30.0000 2652 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
    22:24:30.0140 2652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    22:24:30.0265 2652 Dnscache (de6cdb6cbc5c27b9085cfa6dfe8e5025) C:\WINDOWS\System32\dnsrslvr.dll
    22:24:30.0343 2652 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
    22:24:30.0437 2652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    22:24:30.0546 2652 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
    22:24:30.0656 2652 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
    22:24:30.0671 2652 EIO ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:30.0671 2652 EIO - detected UnsignedFile.Multi.Generic (1)
    22:24:30.0718 2652 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
    22:24:30.0812 2652 ET5Drv (e5030e34de21a6818e8586bfb7dd4b60) C:\WINDOWS\system32\Drivers\ET5Drv.sys
    22:24:30.0859 2652 Eventlog (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
    22:24:30.0921 2652 EventSystem (97912dc0679d2da60cce589bbc196d72) C:\WINDOWS\system32\es.dll
    22:24:30.0984 2652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    22:24:31.0140 2652 FastUserSwitchingCompatibility (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    22:24:31.0203 2652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    22:24:31.0296 2652 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
    22:24:31.0500 2652 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    22:24:31.0515 2652 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:31.0515 2652 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
    22:24:31.0562 2652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    22:24:31.0671 2652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    22:24:31.0875 2652 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    22:24:31.0906 2652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:24:32.0000 2652 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:24:32.0125 2652 gdrv (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
    22:24:32.0156 2652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    22:24:32.0250 2652 GEST Service (e646877a0208b4267a61dff47ccc5f8a) C:\Program Files\GIGABYTE\GEST\GSvr.exe
    22:24:32.0265 2652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:24:32.0375 2652 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
    22:24:32.0375 2652 grmnusb ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:32.0375 2652 grmnusb - detected UnsignedFile.Multi.Generic (1)
    22:24:32.0500 2652 gupdate1c9c7b35e2a82cc (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:24:32.0500 2652 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    22:24:32.0593 2652 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:24:32.0671 2652 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    22:24:32.0812 2652 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    22:24:32.0921 2652 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
    22:24:33.0062 2652 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:24:33.0156 2652 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
    22:24:33.0281 2652 hotcore (adb2edb8f33ace78582303682ab81f25) C:\WINDOWS\system32\drivers\hotcore.sys
    22:24:33.0296 2652 hotcore ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:33.0296 2652 hotcore - detected UnsignedFile.Multi.Generic (1)
    22:24:33.0578 2652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    22:24:33.0671 2652 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
    22:24:33.0796 2652 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:24:33.0968 2652 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    22:24:34.0000 2652 IDriverT ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:34.0000 2652 IDriverT - detected UnsignedFile.Multi.Generic (1)
    22:24:34.0125 2652 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    22:24:34.0218 2652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:24:34.0328 2652 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
    22:24:34.0687 2652 IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    22:24:35.0015 2652 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:24:35.0125 2652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    22:24:35.0250 2652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:24:35.0375 2652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:24:35.0484 2652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:24:35.0671 2652 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
    22:24:35.0781 2652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:24:35.0890 2652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:24:36.0000 2652 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:24:36.0125 2652 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:24:36.0218 2652 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:24:36.0359 2652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    22:24:36.0484 2652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    22:24:36.0640 2652 LanmanServer (c7955e7edaea462d04f1c4be1d340372) C:\WINDOWS\System32\srvsvc.dll
    22:24:36.0718 2652 lanmanworkstation (a936a575eaf6dce8dc08bc0c53972add) C:\WINDOWS\System32\wkssvc.dll
    22:24:36.0937 2652 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    22:24:37.0046 2652 LBTServ (0f98b9384c37c8c29904b8ae4359a54f) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    22:24:37.0109 2652 LEqdUsb (eee5a87ec378c9ad7ce91073fbd63465) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
    22:24:37.0156 2652 LHidEqd (62663b385087f5977d8ebd1fdc67b639) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
    22:24:37.0187 2652 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    22:24:37.0250 2652 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
    22:24:37.0359 2652 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    22:24:37.0406 2652 LUsbFilt (81642f134929946ab4b9572c4c17298c) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    22:24:37.0468 2652 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
    22:24:37.0515 2652 MarvinBus ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:37.0515 2652 MarvinBus - detected UnsignedFile.Multi.Generic (1)
    22:24:37.0562 2652 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
    22:24:37.0765 2652 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    22:24:37.0828 2652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    22:24:37.0953 2652 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
    22:24:38.0062 2652 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
    22:24:38.0218 2652 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    22:24:38.0343 2652 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:24:38.0437 2652 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:24:38.0546 2652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    22:24:38.0656 2652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:24:38.0812 2652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:24:38.0906 2652 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
    22:24:39.0000 2652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    22:24:39.0109 2652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:24:39.0187 2652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:24:39.0250 2652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    22:24:39.0375 2652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:24:39.0468 2652 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    22:24:39.0593 2652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    22:24:39.0640 2652 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    22:24:39.0734 2652 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
    22:24:39.0843 2652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    22:24:39.0953 2652 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    22:24:40.0109 2652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS
    distapi.sys
    22:24:40.0218 2652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS
    disuio.sys
    22:24:40.0312 2652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS
    diswan.sys
    22:24:40.0437 2652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    22:24:40.0500 2652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS
    etbios.sys
    22:24:40.0625 2652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS
    etbt.sys
    22:24:40.0734 2652 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32
    etdde.exe
    22:24:40.0828 2652 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32
    etdde.exe
    22:24:40.0937 2652 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    22:24:41.0046 2652 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32
    etman.dll
    22:24:41.0234 2652 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:24:41.0281 2652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS
    ic1394.sys
    22:24:41.0406 2652 Nla (4522cbe00a9e9eee36aa82ed4b319148) C:\WINDOWS\System32\mswsock.dll
    22:24:41.0609 2652 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
    22:24:41.0640 2652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    22:24:41.0750 2652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    22:24:41.0921 2652 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    22:24:42.0031 2652 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32
    tmssvc.dll
    22:24:42.0156 2652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    22:24:42.0984 2652 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS
    v4_mini.sys
    22:24:43.0781 2652 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32
    vsvc32.exe
    22:24:44.0015 2652 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    22:24:44.0187 2652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS
    wlnkflt.sys
    22:24:44.0312 2652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS
    wlnkfwd.sys
    22:24:44.0515 2652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:24:44.0578 2652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    22:24:44.0703 2652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:24:44.0765 2652 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
    22:24:44.0859 2652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    22:24:44.0984 2652 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
    22:24:45.0140 2652 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    22:24:45.0187 2652 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
    22:24:45.0281 2652 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:24:45.0406 2652 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:24:45.0515 2652 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys
    22:24:45.0531 2652 pfc ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:45.0531 2652 pfc - detected UnsignedFile.Multi.Generic (1)
    22:24:45.0578 2652 PlugPlay (657b69389b893f440b07590c9e963f23) C:\WINDOWS\system32\services.exe
    22:24:45.0765 2652 PMBDeviceInfoProvider (e9605a180001a6b5551112d91de92ca1) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    22:24:45.0843 2652 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    22:24:45.0968 2652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:24:46.0062 2652 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    22:24:46.0156 2652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    22:24:46.0250 2652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:24:46.0343 2652 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    22:24:46.0375 2652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:24:46.0500 2652 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
    22:24:46.0578 2652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:24:46.0703 2652 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
    22:24:46.0781 2652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:24:46.0843 2652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:24:46.0984 2652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:24:47.0062 2652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:24:47.0187 2652 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    22:24:47.0328 2652 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
    22:24:47.0453 2652 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:24:47.0578 2652 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
    22:24:47.0796 2652 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    22:24:47.0828 2652 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
    22:24:47.0984 2652 RpcSs (d9883335cc1c17afc3a09c8ac3e4dbe4) C:\WINDOWS\System32\rpcss.dll
    22:24:48.0093 2652 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
    22:24:48.0203 2652 RTLE8023xp (6fd9c99f0b8617122ae27392ab1b3059) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    22:24:48.0296 2652 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
    22:24:48.0406 2652 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
    22:24:48.0546 2652 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
    22:24:48.0656 2652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:24:48.0734 2652 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
    22:24:48.0812 2652 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
    22:24:48.0921 2652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    22:24:49.0015 2652 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
    22:24:49.0218 2652 ServiceLayer (5bf59c6bc737baaf541168e5cb2ec1d9) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    22:24:49.0250 2652 ServiceLayer ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:49.0250 2652 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
    22:24:49.0281 2652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    22:24:49.0421 2652 SharedAccess (7579c4be909d47f10f3d8d801cb13ed9) C:\WINDOWS\System32\ipnathlp.dll
    22:24:49.0562 2652 ShellHWDetection (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    22:24:49.0656 2652 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    22:24:49.0781 2652 snapman (eb49860e776ce860dc3cfb9edb1ba517) C:\WINDOWS\system32\DRIVERS\snapman.sys
    22:24:49.0843 2652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    22:24:49.0953 2652 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    22:24:50.0046 2652 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
    22:24:50.0046 2652 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    22:24:50.0062 2652 sptd ( LockedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:50.0062 2652 sptd - detected LockedFile.Multi.Generic (1)
    22:24:50.0093 2652 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
    22:24:50.0156 2652 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
    22:24:50.0265 2652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    22:24:50.0343 2652 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
    22:24:50.0437 2652 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    22:24:50.0515 2652 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
    22:24:50.0656 2652 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    22:24:50.0765 2652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:24:51.0015 2652 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    22:24:51.0031 2652 SwitchBoard ( UnsignedFile.Multi.Generic ) - [b:5653d72c70]warning[/color:5653d72c70][/b:5653d72c70]
    22:24:51.0031 2652 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
    22:24:51.0078 2652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    22:24:51.0203 2652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    22:24:51.0328 2652 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
    22:24:51.0421 2652 TapiSrv (2bc9fb448f0c2394ff53c83a7bb04731) C:\WINDOWS\System32\tapisrv.dll
    22:24:51.0562 2652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:24:51.0609 2652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:24:51.0750 2652 tdrpman273 (431801fcc97034e04a6eff81136578d7) C:\WINDOWS\system32\DRIVERS\tdrpm273.sys
    22:24:51.0812 2652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    22:24:51.0968 2652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:24:52.0109 2652 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
    22:24:52.0234 2652 Themes (2d5d4156292150fe571872c1b88e9299) C:\WINDOWS\System32\shsvcs.dll
    22:24:52.0296 2652 timounter (a34d7024bb7140ec785c86bc065d4f60) C:\WINDOWS\system32\DRIVERS\timntr.sys
    22:24:52.0375 2652 tmcomm (df8444a8fa8fd38d8848bdd40a8403b3) C:\WINDOWS\system32\drivers\tmcomm.sys
    22:24:52.0437 2652 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
    22:24:52.0562 2652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    22:24:52.0687 2652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    22:24:52.0796 2652 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
    22:24:52.0843 2652 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
    22:24:52.0984 2652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:24:53.0125 2652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:24:53.0234 2652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:24:53.0343 2652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:24:53.0453 2652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:24:53.0562 2652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:24:53.0671 2652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:24:53.0796 2652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    22:24:53.0906 2652 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
    22:24:54.0031 2652 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
    22:24:54.0109 2652 W32Time (390d8e65f362327ad510b08971478301) C:\WINDOWS\system32\w32time.dll
    22:24:54.0218 2652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:24:54.0359 2652 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    22:24:54.0390 2652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    22:24:54.0515 2652 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
    22:24:54.0687 2652 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
    22:24:54.0796 2652 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    22:24:54.0921 2652 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    22:24:55.0156 2652 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    22:24:55.0234 2652 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
    22:24:55.0359 2652 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    22:24:55.0484 2652 wuauserv (1e8fdddef3fe260badab06dae10d753a) C:\WINDOWS\system32\wuauserv.dll
    22:24:55.0578 2652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    22:24:55.0640 2652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    22:24:55.0671 2652 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    22:24:55.0765 2652 WZCSVC (e99782dbb8ffa2aee72b31dac8d8d887) C:\WINDOWS\System32\wzcsvc.dll
    22:24:55.0921 2652 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
    22:24:56.0031 2652 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk1\DR1
    22:24:56.0250 2652 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
    22:24:56.0375 2652 Boot (0x1200) (00680790ed23e71617c72f56ee3ac366) \Device\Harddisk1\DR1\Partition0
    22:24:56.0390 2652 Boot (0x1200) (2acbbbe1942906b6c4fdf3cb4f4a70ab) \Device\Harddisk0\DR0\Partition0
    22:24:56.0390 2652 ============================================================
    22:24:56.0390 2652 Scan finished
    22:24:56.0390 2652 ============================================================
    22:24:57.0375 2620 Deinitialize success
    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
    "445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
    "137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
    "138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
    "2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
    "139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
    "445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
    "137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
    "138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
    "3703:TCP"="3703:TCP:*:Enabled:Adobe Version Cue CS3 Server"
    "3704:TCP"="3704:TCP:*:Enabled:Adobe Version Cue CS3 Server"
    "50900:TCP"="50900:TCP:*:Enabled:Adobe Version Cue CS3 Server"
    "50901:TCP"="50901:TCP:*:Enabled:Adobe Version Cue CS3 Server"
    ==============================================
    EOF
  • Zit jouw computer in een thuisnetwerk aangesloten?

    [b:1a5dbc4be7]Welk programma[/b:1a5dbc4be7]: [b:1a5dbc4be7]ComboFix[/b:1a5dbc4be7][/color:1a5dbc4be7]
    [b:1a5dbc4be7]Waarvoor/waarom[/b:1a5dbc4be7]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:1a5dbc4be7]Moeilijkheidsgraad[/b:1a5dbc4be7]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:1a5dbc4be7]Downloadlokatie[/b:1a5dbc4be7]: Dit programma absoluut naar het bureaublad downloaden!
    [b:1a5dbc4be7]Download ComboFix via één van deze locaties[/b:1a5dbc4be7]:
    [list:1a5dbc4be7][*:1a5dbc4be7][b:1a5dbc4be7]Bleepingcomputer[/b:1a5dbc4be7]
    [*:1a5dbc4be7][b:1a5dbc4be7]ForoSpyware[/b:1a5dbc4be7]
    [*:1a5dbc4be7][b:1a5dbc4be7]Geekstogo[/b:1a5dbc4be7][/list:u:1a5dbc4be7]
    [b:1a5dbc4be7]Hier[/b:1a5dbc4be7] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:1a5dbc4be7]Hier[/b:1a5dbc4be7] en [b:1a5dbc4be7]hier[/b:1a5dbc4be7] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:1a5dbc4be7]Voor alle duidelijkheid nogmaals[/b:1a5dbc4be7]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:1a5dbc4be7]Opmerkingen[/b:1a5dbc4be7]:
    [list:1a5dbc4be7][*:1a5dbc4be7] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:1a5dbc4be7]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:1a5dbc4be7]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:1a5dbc4be7]
    [b:1a5dbc4be7]ComboFix is opgestart[/b:1a5dbc4be7]:
    [list:1a5dbc4be7][*:1a5dbc4be7]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:1a5dbc4be7]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:1a5dbc4be7]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:1a5dbc4be7]Wanneer ComboFix gereed is, zal het een logbestand voor je maken.
    [*:1a5dbc4be7]Post de inhoud van dit logbestand in je volgende bericht.
    [*:1a5dbc4be7]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:1a5dbc4be7]
    [b:1a5dbc4be7]Belangrijke opmerking[/b:1a5dbc4be7]:
    [list:1a5dbc4be7][*:1a5dbc4be7][b:1a5dbc4be7]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:1a5dbc4be7][/b:1a5dbc4be7]
    [*:1a5dbc4be7][b:1a5dbc4be7]Illegal operation attempted on a registery key that has been marked for deletion.[/color:1a5dbc4be7][/b:1a5dbc4be7]
    [*:1a5dbc4be7][b:1a5dbc4be7]Start dan de computer opnieuw op.[/color:1a5dbc4be7][/b:1a5dbc4be7][/list:u:1a5dbc4be7]
  • Vooraleer Combofix op te starten heb ik devirus-scanner Avira en de Windows firewall uitgeschakeld. Ik kreeg een melding dat AVG actief was terwijl ik die lang geleden verwijderd heb. Dan maar verder gegaan en hier staat de Combofix-log:

    ComboFix 12-05-14.03 - paul 15/05/2012 8:17.11.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3582.2861 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\paul\Bureaublad\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\arno\System
    c:\documents and settings\arno\System\win_qs8.jqx
    c:\documents and settings\paul\WINDOWS
    c:\program files\5100_nld_win2k_xp.exe
    c:\program files\5100_nld_win2k_xpinfu.exe
    c:\windows\IsUn0413.exe
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-04-15 to 2012-05-15 ))))))))))))))))))))))))))))))
    .
    .
    2012-05-14 20:24 . 2012-05-14 20:24 ——– d—–w- C:\TDSSStarter
    2012-05-07 11:54 . 2012-05-07 11:54 ——– d—–w- c:\program files\Easeware
    2012-05-07 09:58 . 2011-06-27 16:56 81936 —-a-w- c:\windows\system32\RtNicProp32.dll
    2012-05-07 09:58 . 2011-06-27 16:56 102416 —-a-w- c:\windows\system32\RTNUninst32.dll
    2012-05-07 07:11 . 2012-05-07 07:13 ——– dc-h–w- c:\windows\ie8
    2012-05-06 19:23 . 2012-05-15 06:13 ——– d–h–r- c:\documents and settings\paul\Onlangs geopend
    2012-05-06 19:23 . 2012-05-06 19:23 ——– d—–w- c:\documents and settings\arno\Local Settings\Application Data\Temp
    2012-05-06 17:30 . 2012-03-19 17:01 65128 —-a-w- c:\windows\system32\RtkCoInstIIXP.dll
    2012-05-06 17:30 . 2011-11-22 14:28 11368 —-a-w- c:\windows\system32\RtkCoLDRXP.dll
    2012-05-06 17:17 . 2012-05-06 17:17 ——– d—–w- c:\program files\FinalWire
    2012-05-05 19:42 . 2012-05-05 19:42 ——– d—–w- c:\windows\system32\wbem\Repository
    2012-05-04 16:29 . 2012-05-06 19:23 ——– d—–w- c:\documents and settings\arno\Application Data\SmartDraw
    2012-05-03 11:57 . 2012-05-03 11:57 ——– d—–w- c:\documents and settings\paul\Application Data\ElevatedDiagnostics
    2012-04-30 18:27 . 2012-04-30 18:27 3654896 —-a-w- c:\program files\ccsetup318.exe
    2012-04-17 07:36 . 2012-05-07 09:36 419488 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-09 10:56 . 2010-12-11 07:23 16400 —-a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-05-07 09:36 . 2011-12-31 15:22 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-11 13:55 . 2008-04-14 22:11 2031104 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2012-04-11 13:55 . 2008-04-15 12:00 2152960 —-a-w- c:\windows\system32
    toskrnl.exe
    2012-04-11 13:55 . 2008-04-15 12:00 1862400 —-a-w- c:\windows\system32\win32k.sys
    2012-04-04 13:56 . 2008-10-21 13:29 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-01 11:00 . 2008-04-15 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:00 . 2008-04-15 12:00 43520 ——w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:00 . 2008-04-15 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-02-29 23:58 . 2012-03-14 08:49 881984 —-a-w- c:\windows\system32
    vgenco32.dll
    2012-02-29 23:58 . 2012-03-14 08:49 18624512 —-a-w- c:\windows\system32
    voglnt.dll
    2012-02-29 23:58 . 2012-03-14 08:49 1000256 —-a-w- c:\windows\system32
    vdispco32.dll
    2012-02-29 23:58 . 2011-12-27 19:55 65536 —-a-w- c:\windows\system32\OpenCL.dll
    2012-02-29 23:58 . 2011-12-27 19:55 2522944 —-a-w- c:\windows\system32
    vcuvid.dll
    2012-02-29 23:58 . 2011-12-27 19:55 2437440 —-a-w- c:\windows\system32
    vcuvenc.dll
    2012-02-29 23:58 . 2011-12-27 19:55 17534976 —-a-w- c:\windows\system32
    vcompiler.dll
    2012-02-29 23:58 . 2008-09-17 07:55 5918720 —-a-w- c:\windows\system32
    vcuda.dll
    2012-02-29 23:58 . 2007-09-16 17:07 4309760 —-a-w- c:\windows\system32
    v4_disp.dll
    2012-02-29 23:58 . 2007-09-16 17:07 2291712 —-a-w- c:\windows\system32
    vapi.dll
    2012-02-29 23:58 . 2007-09-16 17:07 13417632 —-a-w- c:\windows\system32\drivers
    v4_mini.sys
    2012-02-29 21:15 . 2012-03-14 08:51 335872 —-a-w- c:\windows\system32
    vrshe.dll
    2012-02-29 21:15 . 2012-03-14 08:51 274432 —-a-w- c:\windows\system32
    vrsja.dll
    2012-02-29 21:15 . 2012-03-14 08:51 274432 —-a-w- c:\windows\system32
    vrsesm.dll
    2012-02-29 21:15 . 2012-03-14 08:51 258048 —-a-w- c:\windows\system32
    vrspl.dll
    2012-02-29 21:15 . 2012-03-14 08:51 253952 —-a-w- c:\windows\system32
    vrssv.dll
    2012-02-29 21:15 . 2012-03-14 08:51 249856 —-a-w- c:\windows\system32
    vrseng.dll
    2012-02-29 21:15 . 2012-03-14 08:51 249856 —-a-w- c:\windows\system32
    vrscs.dll
    2012-02-29 21:15 . 2012-03-14 08:51 282624 —-a-w- c:\windows\system32
    vrsit.dll
    2012-02-29 21:15 . 2012-03-14 08:51 278528 —-a-w- c:\windows\system32
    vrsde.dll
    2012-02-29 21:15 . 2012-03-14 08:51 270336 —-a-w- c:\windows\system32
    vrsptb.dll
    2012-02-29 21:15 . 2012-03-14 08:51 258048 —-a-w- c:\windows\system32
    vrssk.dll
    2012-02-29 21:15 . 2012-03-14 08:51 274432 —-a-w- c:\windows\system32
    vrspt.dll
    2012-02-29 21:15 . 2012-03-14 08:51 262144 —-a-w- c:\windows\system32
    vrshu.dll
    2012-02-29 21:15 . 2012-03-14 08:51 266240 —-a-w- c:\windows\system32
    vrsko.dll
    2012-02-29 21:15 . 2012-03-14 08:51 335872 —-a-w- c:\windows\system32
    vrsar.dll
    2012-02-29 21:15 . 2012-03-14 08:51 282624 —-a-w- c:\windows\system32
    vrses.dll
    2012-02-29 21:15 . 2012-03-14 08:51 274432 —-a-w- c:\windows\system32
    vrsnl.dll
    2012-02-29 21:15 . 2012-03-14 08:51 258048 —-a-w- c:\windows\system32
    vrstr.dll
    2012-02-29 21:15 . 2012-03-14 08:51 253952 —-a-w- c:\windows\system32
    vrsth.dll
    2012-02-29 21:15 . 2012-03-14 08:51 253952 —-a-w- c:\windows\system32
    vrsno.dll
    2012-02-29 21:15 . 2012-03-14 08:51 286720 —-a-w- c:\windows\system32
    vrsfr.dll
    2012-02-29 21:15 . 2012-03-14 08:51 282624 —-a-w- c:\windows\system32
    vrsel.dll
    2012-02-29 21:15 . 2012-03-14 08:51 270336 —-a-w- c:\windows\system32
    vrsru.dll
    2012-02-29 21:15 . 2012-03-14 08:51 229376 —-a-w- c:\windows\system32
    vrszhc.dll
    2012-02-29 21:15 . 2012-03-14 08:51 126976 —-a-w- c:\windows\system32
    vrszht.dll
    2012-02-29 21:15 . 2012-03-14 08:51 253952 —-a-w- c:\windows\system32
    vrsda.dll
    2012-02-29 21:15 . 2012-03-14 08:51 249856 —-a-w- c:\windows\system32
    vrsfi.dll
    2012-02-29 21:15 . 2012-03-14 08:51 258048 —-a-w- c:\windows\system32
    vrssl.dll
    2012-02-29 20:30 . 2012-03-14 08:50 54272 —-a-w- c:\windows\system32
    vwddi.dll
    2012-02-29 20:30 . 2012-03-14 08:51 143680 —-a-w- c:\windows\system32
    vcolor.exe
    2012-02-29 20:30 . 2012-03-14 08:50 15494464 —-a-w- c:\windows\system32
    vcpl.dll
    2012-02-29 20:30 . 2012-03-14 08:51 164160 —-a-w- c:\windows\system32
    vsvc32.exe
    2012-02-29 20:30 . 2012-03-14 08:50 108352 —-a-w- c:\windows\system32
    vmctray.dll
    2012-02-29 14:10 . 2008-04-15 12:00 177664 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2008-04-15 12:00 148480 —-a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2008-04-15 12:00 385024 ——w- c:\windows\system32\html.iec
    2012-02-19 00:05 . 2008-04-15 12:00 26112 —-a-w- c:\windows\system32\userinit.exe
    2012-02-09 15:12 . 2012-02-09 15:12 31181592 —-a-w- c:\program files\DWFWriter4Setup.exe
    2012-02-09 14:57 . 2012-02-09 14:33 62286360 —-a-w- c:\program files\FreeDWGViewer.exe
    2012-02-09 14:42 . 2012-02-09 14:41 808368 —-a-w- c:\program files\AutodeskDesignRevSetup.exe
    2012-01-11 06:54 . 2012-01-11 06:54 3562624 —-a-w- c:\program files\ccsetup314.exe
    2012-01-05 09:37 . 2008-10-22 11:09 86016 —-a-w- c:\program files\setupenne.dll
    2011-12-30 14:08 . 2011-12-30 14:08 1402880 —-a-w- c:\program files\HiJackThis.msi
    2011-12-26 07:01 . 2011-12-26 07:01 21073936 —-a-w- c:\program files\vlc-1.1.11-win32.exe
    2011-10-18 16:51 . 2011-10-18 16:51 3687352 —-a-w- c:\program files\PMB.lnk
    2011-04-10 12:06 . 2011-04-10 12:06 20586196 —-a-w- c:\program files\vlc-1.1.8-win32.exe
    2011-04-10 12:03 . 2011-02-19 15:31 20364702 —-a-w- c:\program files\vlc-1.1.7-win32.exe
    2011-01-29 06:52 . 2011-01-29 06:52 200442456 —-a-w- c:\program files\vegaspro100c_32bit.exe
    2011-01-27 18:35 . 2011-01-27 18:35 1364522 —-a-w- c:\program files\wrar393.exe
    2011-01-16 09:27 . 2011-01-16 09:26 150446976 —-a-w- c:\program files\AVSVideoEditor.exe
    2011-01-12 02:33 . 2011-01-12 02:33 11008549 —-a-w- c:\program files\avidemux_2.5.4_win32.exe
    2011-01-11 17:21 . 2011-01-11 17:20 62701672 —-a-w- c:\program files\AVSVideoConverter.exe
    2010-12-30 16:59 . 2010-12-30 16:58 19985265 —-a-w- c:\program files\vlc-1.1.5-win32.exe
    2010-12-14 19:22 . 2010-12-14 19:22 338760 —-a-w- c:\program files\RegtaskTool_Installer.exe
    2010-12-11 07:22 . 2010-12-11 07:21 25188112 —-a-w- c:\program files\setpoint620.exe
    2010-12-08 18:15 . 2008-10-20 17:25 9039288 —-a-w- c:\program files\Vuze_Installer.exe
    2010-12-04 11:27 . 2010-07-04 06:54 13454568 —-a-w- c:\program files\RegistryReviverSetup.exe
    2010-08-29 11:47 . 2009-04-29 16:04 44089904 —-a-w- c:\program files\avira_antivir_personal_en.exe
    2010-08-29 11:37 . 2010-08-29 11:37 44153664 —-a-w- c:\program files\avira_antivir_personal_de.exe
    2010-08-29 11:23 . 2010-08-29 11:23 3427712 —-a-w- c:\program files\ccsetup235.exe
    2010-08-05 17:43 . 2010-08-05 17:43 3420304 —-a-w- c:\program files\ccsetup234.exe
    2010-03-20 17:37 . 2010-03-20 17:37 1103048 —-a-w- c:\program files\wpsetup.exe
    2010-03-12 12:28 . 2010-03-12 12:28 34506392 —-a-w- c:\program files\Nokia_PC_Suite_dut_web.exe
    2010-03-12 10:46 . 2010-03-12 10:39 98366952 —-a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe
    2010-01-02 22:50 . 2009-10-16 05:08 13731712 —-a-w- c:\program files\AVSRegistryCleaner.exe
    2009-12-25 11:22 . 2009-12-25 11:22 6113439 —-a-w- c:\program files\pci_filerecovery.exe
    2009-10-25 11:52 . 2009-10-25 11:52 77086488 —-a-w- c:\program files\Ad-AwareInstallation.exe
    2009-09-02 18:54 . 2009-09-02 18:54 74160 —-a-w- c:\program files\irfanview_lang_nederlands.exe
    2009-09-02 18:52 . 2009-09-02 18:52 1359360 —-a-w- c:\program files\iview425_setup.exe
    2009-08-30 09:17 . 2009-08-30 09:16 3293088 —-a-w- c:\program files\ccsetup223.exe
    2009-05-28 18:34 . 2009-05-28 18:34 5076056 —-a-w- c:\program files
    uvi760_480.exe
    2009-03-22 12:11 . 2009-03-22 12:11 4310568 —-a-w- c:\program files\WebUpdater_241.exe
    2009-03-14 08:06 . 2009-03-14 08:06 37452296 —-a-w- c:\program files\Ad-AwareAE.exe
    2008-12-21 11:12 . 2008-12-21 11:11 5797488 —-a-w- c:\program files\GOMPLAYERENSETUP.EXE
    2008-12-21 08:57 . 2008-12-21 08:57 27288880 —-a-w- c:\program files\QuickTimeInstaller.exe
    2008-12-21 08:49 . 2008-12-21 08:49 12349806 —-a-w- c:\program files\dvdflick_setup_1.3.0.4.exe
    2008-11-30 11:51 . 2008-10-06 07:04 15083520 —-a-w- c:\program files\spybotsd160.exe
    2008-11-23 14:14 . 2008-10-02 17:20 25129080 —-a-w- c:\program files\antivir_workstation_winu_en_h.exe
    2008-11-23 12:02 . 2008-11-23 12:02 1958864 —-a-w- c:\program files\TrendMicro_Downloader.exe
    2008-11-11 14:44 . 2008-11-11 14:44 860391 —-a-w- c:\program files\7z457.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-09-26 222784]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
    "NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
    "nwiz"="c:\program files\NVIDIA Corporation
    view
    wiz.exe" [2012-02-29 1634112]
    "Driver Update and remove for Windows x64 or x86_32"="c:\program files\Realtek\Audio\Drivers\RtlUpd.exe" [2011-08-29 1493608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\LBTWlgn]
    2010-10-28 10:13 64592 —-a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Avira\\AntiVir Desktop\\avscan.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\mshta.exe"=
    "c:\\Documents and Settings\\paul\\Local Settings\\Application Data\\Akamai\
    etsession_win.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    .
    R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [4/10/2008 13:21 30820]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/10/2008 20:41 717296]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2/12/2010 20:22 752128]
    R2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [29/12/2010 15:42 3246040]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/05/2009 19:54 136360]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/12/2010 9:22 10448]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [14/03/2012 10:51 2348352]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [15/03/2011 14:44 428384]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [29/12/2010 15:42 167968]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1c9c7b35e2a82cc;Google Update Service (gupdate1c9c7b35e2a82cc);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 5:42 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17/04/2012 9:36 257696]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/05/2012 8:42 1691480]
    S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [3/10/2008 0:16 55816]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 5:42 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys –> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [24/08/2010 19:30 40912]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [24/08/2010 19:30 10448]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
    S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/04/2008 14:00 14336]
    S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe –> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 09:36]
    .
    2011-12-26 c:\windows\Tasks\AdobeAAMUpdater-1.0-STILLEPC-paul.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-22 02:44]
    .
    2011-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
    .
    2012-05-07 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
    - c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2012-05-07 16:56]
    .
    2012-01-01 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 07:23]
    .
    2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce185a38be5ba.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42]
    .
    2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08544131963a.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42]
    .
    2012-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42]
    .
    2012-02-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31]
    .
    2012-05-07 c:\windows\Tasks\User_Feed_Synchronization-{1CD3A718-4B83-444F-9C3D-CB870A64AC95}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.tijd.be/
    uInternet Settings,ProxyOverride = *.local
    IE: PDF in Word openen (PDF Converter 3.0) - c:\program files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    AddRemove-Van Dale Grote woordenboeken Engels - c:\windows\ISUN0413.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-15 08:26
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(1000)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    Voltooingstijd: 2012-05-15 08:28:11
    ComboFix-quarantined-files.txt 2012-05-15 06:27
    ComboFix2.txt 2011-12-31 10:24
    .
    Pre-Run: 206.797.115.392 bytes beschikbaar
    Post-Run: 207.369.703.424 bytes beschikbaar
    .
    - - End Of File - - 94D26615879269511AD81DBF6BEB2995
  • Wat betreft AVG, die gaan we definitief uit jouw Windows verwijderen.

    Maar om even terug te komen op het gegeven dat jij niet in een thuisnetwerk zit, er staan tig poorten open in de firewall.

    Ik vind dan ook persoonlijk, dat jij beter op een firewall van derden overgaat dan maar met de Windows firewall te blijven werken!


    AVG Remover 32-bit: http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_2125.exe

    Gebruik dit tool om de laatste resten van AVG uit jouw Windows te krijgen.
    Windows zal er ook blij mee zijn!
  • 1) Ik kreeg net een bericht van Avira om up te graden naar versie 2012. Hierbij krijg ik een melding dat deze software niet compatibel is met AVG en Spybot Search & Destroy en word ik gevraagd deze te verwijderen.
    Nadat ik AVG gepoogd heb te verwijderen (via link in je laatste post) krijg ik tóch weer dit bericht van Avira. Betekent dit dat AVG nog niet verwijderd is ?

    2) Kun je me een betere Firewall aanbevelen ?

    Alvast bedankt.
  • Wat betreft de firewall is er feitelijk maar één keus: [b:c405427c0c]Online Armor Free Firewall[/b:c405427c0c][/color:c405427c0c]
    [b:c405427c0c]Downloadlink[/b:c405427c0c]

    Perfekte Firewall, die ook keyloggers detecteert - daarmee is het dus onder andere veiliger internetbankieren!

    [b:c405427c0c]Windows Firewall deaktiveren[/b:c405427c0c][/color:c405427c0c]
    Nadat de [b:c405427c0c]Online Armor Firewall[/b:c405427c0c] is geïnstalleerd, ga jij eerst controleren of de Windows Firewall nog aktief is.

    Daarvoor ga je naar Start\Uitvoeren en de opdracht luidt: [b:c405427c0c]services.msc[/b:c405427c0c].
    Klik op de knop OK.

    In het venster Services scroll je naar [b:c405427c0c]Windows Firewall[/color:c405427c0c][/b:c405427c0c].
    Dubbelklikk op die vermelding, bij "Opstarttype" zet je de instelling op "Gedeaktiveerd".

    Klik nu eerst op de knop [b:c405427c0c]Toepassen[/b:c405427c0c]; vervolgens klik je op de knop [b:c405427c0c]Stoppen[/b:c405427c0c], wacht even en klik uiteindelijk op [b:c405427c0c]OK[/b:c405427c0c].

    [b:c405427c0c]Web Client[/b:c405427c0c][/color:c405427c0c]
    Doe hetzelfde met [b:c405427c0c]Web Client[/b:c405427c0c][/color:c405427c0c] als hetgeen je met de [b:c405427c0c]Windows Firewall[/color:c405427c0c][/b:c405427c0c] gedaan hebt.
    [b:c405427c0c]Dit is een pure beveiligingsmaatregel.[/b:c405427c0c][/color:c405427c0c]



    Vreemd dat AVG niet goed verwijderd zou zijn.

    Doe daarom het volgende:

    [b:c405427c0c]Welk programma[/b:c405427c0c]: [b:c405427c0c]OTL.com[/b:c405427c0c][/color:c405427c0c]
    [b:c405427c0c]Waarvoor/waarom[/b:c405427c0c]: multifunktioneel tool - analyse en fix
    [b:c405427c0c]Moeilijkheidsgraad[/b:c405427c0c]: geen.
    [b:c405427c0c]Download[/b:c405427c0c]: [b:c405427c0c]OTL[/color:c405427c0c][/b:c405427c0c] en plaats het bestand op het bureaublad.

    [b:c405427c0c]OTL.com[/color:c405427c0c] gebruiken[/b:c405427c0c]:
    [list:c405427c0c][*:c405427c0c] [b:c405427c0c]Sluit nu eerst alle nog openstaande programmavensters![/color:c405427c0c][/b:c405427c0c]
    [list:c405427c0c][*:c405427c0c]Dubblklik op [img:c405427c0c]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:c405427c0c]
    [/list:u:c405427c0c][/list:u:c405427c0c]
    [list:c405427c0c][*:c405427c0c]Zet een vinkje bij [b:c405427c0c]Scan All Users[/b:c405427c0c][/color:c405427c0c].
    [*:c405427c0c]Verander de instelling bij [b:c405427c0c]File Age[/color:c405427c0c][/b:c405427c0c] naar 60.
    [*:c405427c0c]Klik op [img:c405427c0c]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:c405427c0c].
    [*:c405427c0c]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:c405427c0c]De scan zal niet heel erg lang duren.
    [list:c405427c0c][*:c405427c0c]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:c405427c0c]OTL.Txt[/b:c405427c0c] en [b:c405427c0c]Extras.txt[/b:c405427c0c].
    [*:c405427c0c]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:c405427c0c]
    [*:c405427c0c][b:c405427c0c]Notabene:[/b:c405427c0c][/color:c405427c0c] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:c405427c0c]
  • OTL logfile created on: 16/05/2012 7:49:08 - Run 1
    OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\paul\Bureaublad
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

    3,50 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 83,00% Memory free
    5,34 Gb Paging File | 4,81 Gb Available in Paging File | 90,13% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,75 Gb Total Space | 192,80 Gb Free Space | 41,40% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 333,55 Gb Free Space | 35,81% Space Free | Partition Type: NTFS

    Computer Name: STILLEPC | User Name: paul | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:6d7b7210ce]

    PRC - [2012/05/16 07:46:39 | 000,595,456 | —- | M] (OldTimer Tools) – C:\Documents and Settings\paul\Bureaublad\OTL.com
    PRC - [2012/04/11 23:16:35 | 000,180,648 | —- | M] (Google Inc.) – C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    PRC - [2012/03/01 01:58:00 | 002,348,352 | —- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/02/10 14:33:00 | 004,369,208 | —- | M] (Emsi Software GmbH) – C:\Program Files\Online Armor\oasrv.exe
    PRC - [2012/02/10 14:33:00 | 002,645,440 | —- | M] (Emsi Software GmbH) – C:\Program Files\Online Armor\oaui.exe
    PRC - [2012/02/10 14:32:58 | 001,167,408 | —- | M] (Emsi Software GmbH) – C:\Program Files\Online Armor\oahlp.exe
    PRC - [2012/02/10 14:32:56 | 000,208,472 | —- | M] (Emsi Software GmbH) – C:\Program Files\Online Armor\oacat.exe
    PRC - [2012/01/02 08:36:11 | 003,246,040 | —- | M] (Acronis) – C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2011/07/06 17:21:28 | 000,269,480 | —- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/06/10 00:52:40 | 012,002,664 | —- | M] (Adobe Systems, Inc.) – C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
    PRC - [2011/04/27 12:32:43 | 000,136,360 | —- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/15 14:44:30 | 000,428,384 | —- | M] (Sony Corporation) – C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2010/12/20 16:57:20 | 000,804,304 | —- | M] (Acronis) – C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2010/11/03 15:53:54 | 000,281,768 | —- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/19 14:37:14 | 000,517,096 | —- | M] (Adobe Systems Incorporated) – C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | —- | M] (Avira GmbH) – C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2008/04/15 14:00:00 | 001,037,312 | —- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
    PRC - [2005/09/26 12:41:32 | 000,222,784 | —- | M] (BillP Studios) – C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe


    ========== Modules (No Company Name) ==========[/color:6d7b7210ce]

    MOD - [2012/04/04 07:53:58 | 000,300,544 | —- | M] () – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
    MOD - [2012/03/01 01:58:00 | 001,568,576 | —- | M] () – C:\Program Files\NVIDIA Corporation
    view
    View.dll
    MOD - [2011/06/10 00:52:42 | 002,748,416 | —- | M] () – C:\Program Files\Adobe\Adobe Bridge CS5\libmysqld.dll
    MOD - [2011/06/10 00:52:42 | 000,073,728 | —- | M] () – C:\Program Files\Adobe\Adobe Bridge CS5\Symlib.dll
    MOD - [2010/01/28 13:57:54 | 000,355,688 | —- | M] () – C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2008/09/17 09:55:00 | 000,466,944 | —- | M] () – C:\WINDOWS\system32
    vshell.dll


    ========== Win32 Services (SafeList) ==========[/color:6d7b7210ce]

    SRV - File not found [On_Demand | Stopped] – C:\DOCUME~1\paul\LOCALS~1\Temp\hpdj.exe – (hpdj)
    SRV - File not found [Disabled | Stopped] – C:\Program Files\AskBarDis\bar\bin\AskService.exe – (ASKService)
    SRV - File not found [On_Demand | Stopped] – %SystemRoot%\System32\appmgmts.dll – (AppMgmt)
    SRV - [2012/05/07 11:36:25 | 000,257,696 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/01 01:58:00 | 002,348,352 | —- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe – (nvUpdatusService)
    SRV - [2012/02/10 14:33:00 | 004,369,208 | —- | M] (Emsi Software GmbH) [Auto | Running] – C:\Program Files\Online Armor\oasrv.exe – (SvcOnlineArmor)
    SRV - [2012/02/10 14:32:56 | 000,208,472 | —- | M] (Emsi Software GmbH) [Auto | Running] – C:\Program Files\Online Armor\oacat.exe – (OAcat)
    SRV - [2012/01/02 08:36:11 | 003,246,040 | —- | M] (Acronis) [Auto | Running] – C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe – (afcdpsrv)
    SRV - [2011/07/06 17:21:28 | 000,269,480 | —- | M] (Avira GmbH) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\avguard.exe – (AntiVirService)
    SRV - [2011/04/27 12:32:43 | 000,136,360 | —- | M] (Avira GmbH) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\sched.exe – (AntiVirSchedulerService)
    SRV - [2011/03/22 21:27:01 | 003,229,784 | —- | M] () [Disabled | Stopped] – C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll – (Akamai)
    SRV - [2011/03/15 14:44:30 | 000,428,384 | —- | M] (Sony Corporation) [Auto | Running] – C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe – (PMBDeviceInfoProvider)
    SRV - [2010/12/20 16:57:20 | 000,804,304 | —- | M] (Acronis) [Auto | Running] – C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe – (AcrSch2Svc)
    SRV - [2010/10/28 12:13:30 | 000,293,456 | —- | M] (Logitech, Inc.) [Disabled | Stopped] – C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe – (LBTServ)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe – (SwitchBoard)
    SRV - [2010/01/26 13:41:08 | 000,652,800 | —- | M] (Nokia) [On_Demand | Stopped] – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – (ServiceLayer)
    SRV - [2008/10/15 11:18:32 | 000,654,848 | —- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)
    SRV - [2008/10/06 10:18:27 | 000,055,816 | —- | M] () [On_Demand | Stopped] – C:\Program Files\GIGABYTE\GEST\gsvr.exe – (GEST Service)
    SRV - [2008/06/15 15:34:20 | 000,071,096 | —- | M] () [On_Demand | Stopped] – C:\Program Files\CDBurnerXP\NMSAccessU.exe – (NMSAccessU)
    SRV - [2007/03/20 16:41:24 | 000,153,792 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe – (Adobe Version Cue CS3)
    SRV - [2005/10/03 12:04:04 | 000,102,400 | —- | M] () [On_Demand | Stopped] – C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe – (AdobeActiveFileMonitor4.0)


    ========== Driver Services (SafeList) ==========[/color:6d7b7210ce]

    DRV - File not found [Kernel | On_Demand | Stopped] – – (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] – System32\Drivers\Video3D32.sys – (Video3D)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] – – (PCIDump)
    DRV - File not found [Kernel | System | Stopped] – – (lbrtfdc)
    DRV - File not found [File_System | Boot | Stopped] – system32\DRIVERS\Lbd.sys – (Lbd)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys – (Lavasoft Kernexplorer)
    DRV - File not found [Kernel | System | Stopped] – – (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] – – (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\DOCUME~1\paul\LOCALS~1\Temp\catchme.sys – (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] – – (a3gkuwzz)
    DRV - [2012/02/10 14:33:38 | 000,042,152 | —- | M] () [Kernel | System | Running] – C:\WINDOWS\system32\drivers\oahlp32.sys – (oahlpXX)
    DRV - [2012/02/10 14:33:14 | 000,029,464 | —- | M] (Emsisoft) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\OAnet.sys – (OAnet)
    DRV - [2012/02/10 14:33:14 | 000,025,192 | —- | M] (Emsisoft) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\OAmon.sys – (OAmon)
    DRV - [2012/02/10 14:33:12 | 000,205,864 | —- | M] () [File_System | System | Running] – C:\WINDOWS\system32\drivers\OADriver.sys – (OADevice)
    DRV - [2012/01/02 08:36:15 | 000,167,968 | —- | M] (Acronis) [File_System | On_Demand | Running] – C:\WINDOWS\system32\drivers\afcdp.sys – (afcdp)
    DRV - [2012/01/02 08:36:07 | 000,752,128 | —- | M] (Acronis) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\tdrpm273.sys – (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
    DRV - [2012/01/02 08:36:06 | 000,600,928 | —- | M] (Acronis) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\timntr.sys – (timounter)
    DRV - [2011/07/06 17:21:33 | 000,138,192 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\avipbb.sys – (avipbb)
    DRV - [2011/07/06 17:21:32 | 000,066,616 | —- | M] (Avira GmbH) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\avgntflt.sys – (avgntflt)
    DRV - [2011/06/27 18:56:06 | 000,295,528 | —- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rtenicxp.sys – (RTLE8023xp)
    DRV - [2011/01/06 03:15:58 | 000,170,528 | —- | M] (Acronis) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\snapman.sys – (snapman)
    DRV - [2010/08/24 19:31:18 | 000,028,624 | —- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\LUsbFilt.sys – (LUsbFilt)
    DRV - [2010/08/24 19:31:02 | 000,037,328 | —- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\LMouFilt.Sys – (LMouFilt)
    DRV - [2010/08/24 19:30:52 | 000,038,864 | —- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\LHidFilt.Sys – (LHidFilt)
    DRV - [2010/08/24 19:30:40 | 000,040,912 | —- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\LEqdUsb.sys – (LEqdUsb)
    DRV - [2010/08/24 19:30:40 | 000,010,448 | —- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\LHidEqd.sys – (LHidEqd)
    DRV - [2010/08/24 19:30:18 | 000,010,448 | —- | M] (Logitech, Inc.) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\LBeepKE.sys – (LBeepKE)
    DRV - [2009/11/18 07:17:00 | 001,395,800 | —- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Monfilt.sys – (Monfilt)
    DRV - [2009/11/18 07:16:00 | 001,691,480 | —- | M] (Creative) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Ambfilt.sys – (Ambfilt)
    DRV - [2009/05/11 12:49:20 | 000,011,608 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Program Files\Avira\AntiVir Desktop\avgio.sys – (avgio)
    DRV - [2009/05/11 10:12:50 | 000,028,520 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\ssmdrv.sys – (ssmdrv)
    DRV - [2008/12/28 01:25:37 | 000,016,608 | —- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\gdrv.sys – (gdrv)
    DRV - [2008/11/23 13:31:29 | 000,102,664 | —- | M] (Trend Micro Inc.) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\tmcomm.sys – (tmcomm)
    DRV - [2008/10/20 20:41:27 | 000,717,296 | —- | M] () [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\sptd.sys – (sptd)
    DRV - [2008/10/06 10:17:27 | 000,030,008 | —- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ET5Drv.sys – (ET5Drv)
    DRV - [2008/10/03 16:19:38 | 000,082,380 | —- | M] (Oak Technology Inc.) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\AFS2K.SYS – (AFS2K)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | —- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\pccsmcfd.sys – (pccsmcfd)
    DRV - [2008/02/14 11:04:06 | 004,676,096 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/09/13 15:54:12 | 000,012,288 | —- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\EIO.sys – (EIO)
    DRV - [2007/01/29 17:12:52 | 000,018,432 | —- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\AsusVRC.sys – (ASUSVRC)
    DRV - [2006/04/06 16:02:58 | 000,030,820 | —- | M] (Paragon Software Group) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\hotcore.sys – (hotcore)
    DRV - [2005/09/23 23:18:32 | 000,171,520 | —- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\MarvinBus.sys – (MarvinBus)
    DRV - [2002/06/13 16:08:46 | 000,014,604 | —- | M] (Padus, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\pfc.sys – (pfc)


    ========== Standard Registry (SafeList) ==========[/color:6d7b7210ce]


    ========== Internet Explorer ==========[/color:6d7b7210ce]

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com
    esults.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.be/about:InPrivate [binary data]
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tijd.be/home
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 A8 50 C4 88 AA CA 01 [binary data]
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\..\SearchScopes,DefaultScope = {2E3D5878-382F-446C-9265-712EF298340F}
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\..\SearchScopes\{2A51D3AD-467A-496C-A406-677189F59230}: "URL" =
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\..\SearchScopes\{2E3D5878-382F-446C-9265-712EF298340F}: "URL" = http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GPEA_nlBE295
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    ========== FireFox ==========[/color:6d7b7210ce]

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director
    p32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins
    pitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@cdr.nl/DigiLeen,version=1.00: C:\Program Files\DigiLeen\plugin\NPDigiLeen.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin
    pGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin
    pgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652
    pCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC
    pvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR
    ppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@cdr.nl/DigiLeen,version=1.00: C:\Program Files\DigiLeen\plugin\NPDigiLeen.dll ()

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/12 12:46:24 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/12 12:46:25 | 000,000,000 | —D | M]

    [2008/10/20 19:29:00 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\extensions
    [2008/10/20 19:29:00 | 000,000,000 | —D | M] ("Ask Toolbar for Firefox") – C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2010/10/26 17:57:38 | 000,002,036 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\fcmdSrchppcb.xml

    O1 HOSTS File: ([2012/05/15 08:26:05 | 000,000,027 | —- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Driver Update and remove for Windows x64 or x86_32] C:\Program Files\Realtek\Audio\Drivers\RtlUpd.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32
    vmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation
    view
    wiz.exe ()
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    O4 - HKU\S-1-5-21-842925246-1592454029-1417001333-1004..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-842925246-1592454029-1417001333-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-842925246-1592454029-1417001333-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: PDF in Word openen (PDF Converter 3.0) - C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll (ScanSoft, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3
    esources/MSNPUpld.cab (MSN Photo Upload Tool)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.spector.be/DesktopModules/SpectorAlbum/ImageUploader5.cab (Image Uploader Control)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224070674171 (MUWebControl Class)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx (MJPEGRender Control)
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C4165E7-DD78-402E-A1CC-CA5C06EDE4EE}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/10/01 17:24:39 | 000,000,000 | —- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
    O32 - AutoRun File - [2008/10/01 17:24:39 | 000,000,000 | —- | M] () - F:\AUTOEXEC.BAT – [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37 - HKLM\…com [@ = ComFile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========[/color:6d7b7210ce]

    [2012/05/16 07:46:36 | 000,595,456 | —- | C] (OldTimer Tools) – C:\Documents and Settings\paul\Bureaublad\OTL.com
    [2012/05/15 23:46:14 | 000,000,000 | —D | C] – C:\Documents and Settings\paul\Application Data\OnlineArmor
    [2012/05/15 23:46:14 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Application Data\OnlineArmor
    [2012/05/15 23:45:52 | 000,029,464 | —- | C] (Emsisoft) – C:\WINDOWS\System32\drivers\OAnet.sys
    [2012/05/15 23:45:52 | 000,025,192 | —- | C] (Emsisoft) – C:\WINDOWS\System32\drivers\OAmon.sys
    [2012/05/15 23:45:42 | 000,000,000 | —D | C] – C:\Program Files\Online Armor
    [2012/05/15 23:37:33 | 029,588,048 | —- | C] (Emsi Software GmbH ) – C:\Program Files\OnlineArmorSetup.exe
    [2012/05/15 08:28:13 | 000,000,000 | —D | C] – C:\WINDOWS\temp
    [2012/05/15 08:14:38 | 000,518,144 | —- | C] (SteelWerX) – C:\WINDOWS\SWREG.exe
    [2012/05/15 08:14:38 | 000,406,528 | —- | C] (SteelWerX) – C:\WINDOWS\SWSC.exe
    [2012/05/15 08:14:38 | 000,212,480 | —- | C] (SteelWerX) – C:\WINDOWS\SWXCACLS.exe
    [2012/05/15 08:14:38 | 000,060,416 | —- | C] (NirSoft) – C:\WINDOWS\NIRCMD.exe
    [2012/05/15 07:47:10 | 000,000,000 | —D | C] – C:\Qoobox
    [2012/05/15 07:39:19 | 004,492,858 | R— | C] (Swearware) – C:\Documents and Settings\paul\Bureaublad\ComboFix.exe
    [2012/05/14 22:24:09 | 000,000,000 | —D | C] – C:\TDSSStarter
    [2012/05/14 09:37:50 | 001,585,560 | —- | C] (Emsi Software GmbH) – C:\Documents and Settings\paul\Bureaublad\start.exe
    [2012/05/07 13:54:13 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\DriverNavigator
    [2012/05/07 13:54:12 | 000,000,000 | —D | C] – C:\Program Files\Easeware
    [2012/05/07 13:06:59 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Windows PowerShell 1.0
    [2012/05/07 09:11:59 | 000,000,000 | -H-D | C] – C:\WINDOWS\ie8
    [2012/05/07 08:42:48 | 000,000,000 | —D | C] – C:\WINDOWS\System32\RTCOM
    [2012/05/07 08:42:38 | 000,359,016 | —- | C] (Realtek Semiconductor Crop.) – C:\WINDOWS\vncutil.exe
    [2012/05/07 08:42:37 | 000,129,640 | —- | C] (Realtek Semiconductor) – C:\WINDOWS\RtkAudioService.exe
    [2012/05/07 08:42:33 | 002,808,832 | R— | C] (RealTek Semicoductor Corp.) – C:\WINDOWS\ALCWZRD.EXE
    [2012/05/07 08:42:33 | 001,691,480 | —- | C] (Creative) – C:\WINDOWS\System32\drivers\Ambfilt.sys
    [2012/05/06 21:23:59 | 000,000,000 | RH-D | C] – C:\Documents and Settings\paul\Onlangs geopend
    [2012/05/06 19:17:09 | 000,000,000 | —D | C] – C:\Program Files\FinalWire
    [2012/05/03 13:57:58 | 000,000,000 | —D | C] – C:\Documents and Settings\paul\Application Data\ElevatedDiagnostics
    [2012/05/03 13:56:24 | 000,000,000 | —D | C] – C:\WINDOWS\System32\windowspowershell
    [2012/04/30 20:27:47 | 003,654,896 | —- | C] (Piriform Ltd) – C:\Program Files\ccsetup318.exe
    [2012/02/09 17:12:36 | 031,181,592 | —- | C] (Autodesk, Inc. ) – C:\Program Files\DWFWriter4Setup.exe
    [2012/02/09 16:41:25 | 000,808,368 | —- | C] (Autodesk, Inc.) – C:\Program Files\AutodeskDesignRevSetup.exe
    [2012/02/09 16:33:27 | 062,286,360 | —- | C] (Acresso Software Inc. ) – C:\Program Files\FreeDWGViewer.exe
    [2012/01/11 08:54:35 | 003,562,624 | —- | C] (Piriform Ltd) – C:\Program Files\ccsetup314.exe
    [2011/10/18 18:51:42 | 003,687,352 | —- | C] (Sony Corporation) – C:\Program Files\PMB.lnk
    [2011/01/29 08:52:17 | 200,442,456 | —- | C] (Sony Creative Software Inc.) – C:\Program Files\vegaspro100c_32bit.exe
    [2011/01/16 11:26:17 | 150,446,976 | —- | C] (Online Media Technologies Ltd. ) – C:\Program Files\AVSVideoEditor.exe
    [2011/01/11 19:20:53 | 062,701,672 | —- | C] (Online Media Technologies Ltd. ) – C:\Program Files\AVSVideoConverter.exe
    [2010/12/11 09:21:50 | 025,188,112 | —- | C] (Logitech Inc.) – C:\Program Files\setpoint620.exe
    [2010/08/29 13:23:50 | 003,427,712 | —- | C] (Piriform Ltd) – C:\Program Files\ccsetup235.exe
    [2010/08/05 19:43:29 | 003,420,304 | —- | C] (Piriform Ltd) – C:\Program Files\ccsetup234.exe
    [2010/07/04 08:54:26 | 013,454,568 | —- | C] (ReviverSoft LLC.) – C:\Program Files\RegistryReviverSetup.exe

    ========== Files - Modified Within 30 Days ==========[/color:6d7b7210ce]

    [2012/05/16 07:56:00 | 000,000,232 | —- | M] () – C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/05/16 07:46:39 | 000,595,456 | —- | M] (OldTimer Tools) – C:\Documents and Settings\paul\Bureaublad\OTL.com
    [2012/05/16 07:44:00 | 000,001,044 | —- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/16 07:37:07 | 000,496,558 | —- | M] () – C:\WINDOWS\System32\perfh013.dat
    [2012/05/16 07:37:07 | 000,429,990 | —- | M] () – C:\WINDOWS\System32\perfh009.dat
    [2012/05/16 07:37:07 | 000,084,980 | —- | M] () – C:\WINDOWS\System32\perfc013.dat
    [2012/05/16 07:37:07 | 000,066,748 | —- | M] () – C:\WINDOWS\System32\perfc009.dat
    [2012/05/16 07:33:33 | 000,001,040 | —- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd08544131963a.job
    [2012/05/16 07:33:33 | 000,001,040 | —- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cce185a38be5ba.job
    [2012/05/16 07:31:35 | 000,002,048 | –S- | M] () – C:\WINDOWS\bootstat.dat
    [2012/05/16 07:14:00 | 000,000,940 | —- | M] () – C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/05/16 02:00:00 | 000,000,340 | —- | M] () – C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-STILLEPC-paul.job
    [2012/05/15 23:37:43 | 029,588,048 | —- | M] (Emsi Software GmbH ) – C:\Program Files\OnlineArmorSetup.exe
    [2012/05/15 19:58:19 | 099,218,336 | —- | M] () – C:\Documents and Settings\paul\Bureaublad\avira_free_antivirus_en.exe
    [2012/05/15 13:57:00 | 000,000,968 | —- | M] () – C:\WINDOWS\tasks\Google Software Updater.job
    [2012/05/15 08:50:09 | 000,000,420 | -H– | M] () – C:\WINDOWS\tasks\User_Feed_Synchronization-{1CD3A718-4B83-444F-9C3D-CB870A64AC95}.job
    [2012/05/15 08:45:15 | 000,000,434 | —- | M] () – C:\WINDOWS\tasks\DriverNavigator Scheduled Scan.job
    [2012/05/15 08:26:05 | 000,000,027 | —- | M] () – C:\WINDOWS\System32\drivers\etc\hosts
    [2012/05/15 07:39:28 | 004,492,858 | R— | M] (Swearware) – C:\Documents and Settings\paul\Bureaublad\ComboFix.exe
    [2012/05/14 22:23:18 | 000,093,184 | —- | M] () – C:\Documents and Settings\paul\Bureaublad\TDSSKStarter.exe
    [2012/05/14 19:44:22 | 000,000,784 | —- | M] () – C:\Documents and Settings\All Users.WINDOWS\Bureaublad\Malwarebytes Anti-Malware.lnk
    [2012/05/14 06:56:44 | 001,585,560 | —- | M] (Emsi Software GmbH) – C:\Documents and Settings\paul\Bureaublad\start.exe
    [2012/05/13 20:38:08 | 000,002,445 | —- | M] () – C:\Documents and Settings\paul\Bureaublad\HiJackThis (2).lnk
    [2012/05/12 12:26:07 | 000,000,064 | —- | M] () – C:\WINDOWS\System32\rp_stats.dat
    [2012/05/12 12:26:07 | 000,000,044 | —- | M] () – C:\WINDOWS\System32\rp_rules.dat
    [2012/05/11 12:11:20 | 003,827,800 | —- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/05/11 11:04:58 | 000,001,374 | —- | M] () – C:\WINDOWS\imsins.BAK
    [2012/05/09 18:14:01 | 001,134,113 | —- | M] () – C:\Documents and Settings\paul\Mijn documenten\Electrabel - Gerststraat - 05-2012.jpg
    [2012/05/07 13:54:13 | 000,000,875 | —- | M] () – C:\Documents and Settings\All Users.WINDOWS\Bureaublad\DriverNavigator.lnk
    [2012/05/07 11:40:50 | 000,000,942 | —- | M] () – C:\Documents and Settings\paul\Bureaublad\Continue Media Player Installation.lnk
    [2012/05/07 09:18:33 | 000,000,815 | —- | M] () – C:\Documents and Settings\paul\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk
    [2012/05/07 08:09:32 | 000,000,767 | —- | M] () – C:\Documents and Settings\paul\Bureaublad\EVEREST Home Edition.lnk
    [2012/05/06 19:17:12 | 000,000,884 | —- | M] () – C:\Documents and Settings\paul\Bureaublad\AIDA64 Extreme Edition.lnk
    [2012/05/06 18:13:27 | 000,013,646 | —- | M] () – C:\WINDOWS\System32\wpa.dbl
    [2012/05/01 18:32:40 | 000,000,023 | —- | M] () – C:\WINDOWS\ZDPLUSSEARCH.INI
    [2012/04/30 20:28:38 | 000,000,682 | —- | M] () – C:\Documents and Settings\All Users.WINDOWS\Bureaublad\CCleaner.lnk
    [2012/04/30 20:27:56 | 003,654,896 | —- | M] (Piriform Ltd) – C:\Program Files\ccsetup318.exe
    [2012/04/30 15:46:16 | 001,889,287 | —- | M] () – C:\Documents and Settings\paul\Mijn documenten\National Suisse - Freelander.jpg
    [2012/04/27 15:29:58 | 000,071,197 | —- | M] () – C:\Documents and Settings\paul\Mijn documenten\bevestiging aanvraag studiebeurs 27422[1].pdf
    [2012/04/27 15:23:14 | 001,232,396 | —- | M] () – C:\Documents and Settings\paul\Mijn documenten\Huurcontract kot Gerststraat 01.jpg
    [2012/04/21 15:15:09 | 019,934,542 | —- | M] () – C:\Documents and Settings\paul\Mijn documenten\Land Rover - fl2_handbook_2007.pdf
    [2012/04/19 15:16:52 | 000,002,515 | —- | M] () – C:\Documents and Settings\paul\Bureaublad\Microsoft Office Word 2007.lnk
    [2012/04/19 11:41:31 | 000,101,860 | —- | M] () – C:\Documents and Settings\paul\Mijn documenten\Spanner Jaw Sizes.mht

    ========== Files Created - No Company Name ==========[/color:6d7b7210ce]

    [2012/05/15 23:45:52 | 000,205,864 | —- | C] () – C:\WINDOWS\System32\drivers\OADriver.sys
    [2012/05/15 23:45:52 | 000,042,152 | —- | C] () – C:\WINDOWS\System32\drivers\oahlp32.sys
    [2012/05/15 19:55:20 | 099,218,336 | —- | C] () – C:\Documents and Settings\paul\Bureaublad\avira_free_antivirus_en.exe
    [2012/05/15 08:14:38 | 000,256,000 | —- | C] () – C:\WINDOWS\PEV.exe
    [2012/05/15 08:14:38 | 000,208,896 | —- | C] () – C:\WINDOWS\MBR.exe
    [2012/05/15 08:14:38 | 000,098,816 | —- | C] () – C:\WINDOWS\sed.exe
    [2012/05/15 08:14:38 | 000,080,412 | —- | C] () – C:\WINDOWS\grep.exe
    [2012/05/15 08:14:38 | 000,068,096 | —- | C] () – C:\WINDOWS\zip.exe
    [2012/05/14 22:23:18 | 000,093,184 | —- | C] () – C:\Documents and Settings\paul\Bureaublad\TDSSKStarter.exe
    [2012/05/09 18:14:00 | 001,134,113 | —- | C] () – C:\Documents and Settings\paul\Mijn documenten\Electrabel - Gerststraat - 05-2012.jpg
    [2012/05/07 13:54:14 | 000,000,434 | —- | C] () – C:\WINDOWS\tasks\DriverNavigator Scheduled Scan.job
    [2012/05/07 13:54:13 | 000,000,875 | —- | C] () – C:\Documents and Settings\All Users.WINDOWS\Bureaublad\DriverNavigator.lnk
    [2012/05/07 11:58:29 | 000,081,936 | —- | C] () – C:\WINDOWS\System32\RtNicProp32.dll
    [2012/05/07 11:40:50 | 000,000,942 | —- | C] () – C:\Documents and Settings\paul\Bureaublad\Continue Media Player Installation.lnk
    [2012/05/07 09:13:39 | 000,001,374 | —- | C] () – C:\WINDOWS\imsins.BAK
    [2012/05/07 08:42:36 | 000,021,736 | —- | C] () – C:\WINDOWS\System32\drivers\RTAIODAT.DAT
    [2012/05/06 19:17:12 | 000,000,884 | —- | C] () – C:\Documents and Settings\paul\Bureaublad\AIDA64 Extreme Edition.lnk
    [2012/04/30 15:46:12 | 001,889,287 | —- | C] () – C:\Documents and Settings\paul\Mijn documenten\National Suisse - Freelander.jpg
    [2012/04/27 15:29:58 | 000,071,197 | —- | C] () – C:\Documents and Settings\paul\Mijn documenten\bevestiging aanvraag studiebeurs 27422[1].pdf
    [2012/04/27 15:23:14 | 001,232,396 | —- | C] () – C:\Documents and Settings\paul\Mijn documenten\Huurcontract kot Gerststraat 01.jpg
    [2012/04/21 15:15:08 | 019,934,542 | —- | C] () – C:\Documents and Settings\paul\Mijn documenten\Land Rover - fl2_handbook_2007.pdf
    [2012/04/19 11:41:31 | 000,101,860 | —- | C] () – C:\Documents and Settings\paul\Mijn documenten\Spanner Jaw Sizes.mht
    [2012/03/14 10:50:29 | 000,293,992 | —- | C] () – C:\WINDOWS\System32
    vdrsdb1.bin
    [2012/03/14 10:50:29 | 000,293,992 | —- | C] () – C:\WINDOWS\System32
    vdrsdb0.bin
    [2012/03/14 10:50:29 | 000,000,001 | —- | C] () – C:\WINDOWS\System32
    vdrssel.bin
    [2012/02/16 13:40:26 | 000,003,072 | —- | C] () – C:\WINDOWS\System32\iacenc.dll
    [2011/12/31 00:47:35 | 000,073,549 | —- | C] () – C:\WINDOWS\hpqins16.dat
    [2011/12/30 16:08:54 | 001,402,880 | —- | C] () – C:\Program Files\HiJackThis.msi
    [2011/12/27 21:55:39 | 002,784,050 | —- | C] () – C:\WINDOWS\System32
    vdata.data
    [2011/12/27 21:21:50 | 000,067,136 | -H– | C] () – C:\WINDOWS\System32\mlfcache.dat
    [2011/12/26 09:01:39 | 021,073,936 | —- | C] () – C:\Program Files\vlc-1.1.11-win32.exe
    [2011/05/07 06:34:50 | 000,000,064 | —- | C] () – C:\WINDOWS\System32\rp_stats.dat
    [2011/05/07 06:34:50 | 000,000,044 | —- | C] () – C:\WINDOWS\System32\rp_rules.dat
    [2011/05/06 15:45:38 | 000,354,816 | —- | C] () – C:\WINDOWS\System32\psisdecd.dll
    [2011/04/10 14:06:17 | 020,586,196 | —- | C] () – C:\Program Files\vlc-1.1.8-win32.exe
    [2011/02/19 17:31:29 | 020,364,702 | —- | C] () – C:\Program Files\vlc-1.1.7-win32.exe
    [2011/01/27 20:35:50 | 001,364,522 | —- | C] () – C:\Program Files\wrar393.exe
    [2011/01/16 13:37:57 | 000,000,008 | —- | C] () – C:\WINDOWS\System32
    vModes.dat
    [2011/01/15 13:39:06 | 000,017,305 | —- | C] () – C:\Program Files\ADOBE_PHOTOSHOP_LIGHTROOM_3.3_[thethingy].6018893.TPB.torrent
    [2011/01/12 04:33:14 | 011,008,549 | —- | C] () – C:\Program Files\avidemux_2.5.4_win32.exe
    [2011/01/11 18:53:00 | 013,626,517 | —- | C] () – C:\Program Files\MainConcept MPEG Pro Plug-In for Adobe Premiere Pro HD v1.0.6.rar
    [2011/01/11 18:52:59 | 000,008,791 | —- | C] () – C:\Program Files\MainConcept+MPEG+Pro+Plug-In+for+Adobe+Premiere+Pro+HD+v1.0.6.rarMainConcept+MPEG+Pro+Plug-In+for+Adobe+Premiere+Pro+HD+v1.0.6.rar.torrent
    [2011/01/11 10:33:17 | 000,036,567 | —- | C] () – C:\Program Files\Pinnacle_Studio_14_HD_Ultimate_-_by_Mick_(Full_Version).5130775.TPB.torrent
    [2010/12/30 18:58:53 | 019,985,265 | —- | C] () – C:\Program Files\vlc-1.1.5-win32.exe
    [2010/12/14 21:22:08 | 000,338,760 | —- | C] () – C:\Program Files\RegtaskTool_Installer.exe
    [2010/08/29 13:37:28 | 044,153,664 | —- | C] () – C:\Program Files\avira_antivir_personal_de.exe
    [2010/08/02 13:07:23 | 000,129,842 | —- | C] () – C:\Program Files\pog_mono_renditionizer_v391a2.zip

    ========== LOP Check ==========[/color:6d7b7210ce]

    [2010/12/29 15:42:50 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Acronis
    [2011/01/11 18:53:49 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Anti-phishing Domain Advisor
    [2011/12/30 20:18:34 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
    [2008/10/03 15:56:53 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
    [2011/12/17 20:29:22 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
    [2010/12/28 19:39:49 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Mender
    [2011/01/11 18:53:41 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\EmailNotifier
    [2011/05/06 16:07:12 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\espionServerData
    [2008/10/05 10:26:28 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\GARMIN
    [2010/03/12 14:28:49 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
    [2011/12/30 20:18:34 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
    [2012/05/16 07:36:27 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\OnlineArmor
    [2010/03/12 12:39:40 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\OviInstallerCache
    [2010/03/12 12:44:14 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
    [2008/10/05 09:13:38 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
    [2010/11/24 14:59:59 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\regid.1986-12.com.adobe
    [2010/11/23 14:23:24 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\ReviverSoft
    [2008/10/04 11:57:06 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
    [2011/01/11 20:48:05 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
    [2011/01/29 09:58:07 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
    [2008/10/04 11:56:53 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\zeon
    [2010/04/01 23:56:38 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/08 23:56:06 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/09 23:55:55 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/11/24 14:32:00 | 000,000,000 | —D | M] – C:\Documents and Settings\anne\Application Data\PC Suite
    [2010/06/01 17:30:50 | 000,000,000 | —D | M] – C:\Documents and Settings\anne\Application Data\WinPatrol
    [2010/12/28 07:52:39 | 000,000,000 | —D | M] – C:\Documents and Settings\anne\Application Data\Zeon
    [2008/12/21 14:31:47 | 000,000,000 | —D | M] – C:\Documents and Settings\arno\Application Data\Canon
    [2010/06/12 19:05:46 | 000,000,000 | —D | M] – C:\Documents and Settings\arno\Application Data\FUJIFILM
    [2011/05/20 16:30:47 | 000,000,000 | —D | M] – C:\Documents and Settings\arno\Application Data\ICAClient
    [2008/12/21 14:31:35 | 000,000,000 | —D | M] – C:\Documents and Settings\arno\Application Data\NewSoft
    [2008/12/21 14:28:25 | 000,000,000 | —D | M] – C:\Documents and Settings\arno\Application Data\ScanSoft
    [2012/05/06 21:23:06 | 000,000,000 | —D | M] – C:\Documents and Settings\arno\Application Data\SmartDraw
    [2010/04/13 17:11:23 | 000,000,000 | —D | M] – C:\Documents and Settings\arno\Application Data\WinPatrol
    [2008/10/24 07:52:44 | 000,000,000 | —D | M] – C:\Documents and Settings\arno\Application Data\Zeon
    [2008/10/03 18:43:21 | 000,000,000 | —D | M] – C:\Documents and Settings\marijke\Application Data\Acronis
    [2008/10/03 18:43:10 | 000,000,000 | —D | M] – C:\Documents and Settings\marijke\Application Data\VanDale
    [2008/10/03 18:43:10 | 000,000,000 | —D | M] – C:\Documents and Settings\marijke\Application Data\Verzendmap van Share-to-Web
    [2010/08/27 12:37:03 | 000,000,000 | —D | M] – C:\Documents and Settings\marijke\Application Data\WinPatrol
    [2011/01/06 03:16:09 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\35BB0E22-43A9-415E-9421-AD4C6F51D268
    [2012/01/02 08:36:14 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\4BDC9860-8C59-4813-A399-D5BB7A034DF4
    [2010/12/10 18:30:42 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Acronis
    [2011/12/26 00:13:09 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\AVG2012
    [2011/01/12 04:35:55 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\avidemux
    [2012/02/26 12:33:15 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Azureus
    [2008/10/15 13:50:09 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Canneverbe_Limited
    [2009/01/05 20:51:34 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Canon
    [2010/11/24 15:03:19 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/01/28 17:04:36 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\com.adobe.DC3Module.AdobeADC
    [2008/10/20 20:41:23 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\DAEMON Tools
    [2009/01/22 17:59:32 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\DigiLeen
    [2010/12/28 19:10:45 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Easeware
    [2012/05/03 13:57:58 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\ElevatedDiagnostics
    [2009/02/15 16:24:23 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\FUJIFILM
    [2010/06/02 12:51:41 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\GARMIN
    [2012/02/09 16:49:46 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\IGC
    [2010/12/11 09:24:07 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Leadertech
    [2010/08/25 05:10:39 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\NewSoft
    [2010/03/13 08:17:57 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Nokia
    [2012/05/15 23:46:21 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\OnlineArmor
    [2011/08/07 17:44:16 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Opera
    [2010/03/12 12:44:12 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\PC Suite
    [2011/01/29 08:49:58 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Publish Providers
    [2008/10/03 16:05:25 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\ScanSoft
    [2011/07/10 10:47:21 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Sony
    [2011/07/26 01:14:55 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Sony Creative Software Inc
    [2008/11/03 13:10:27 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\SPB
    [2010/11/28 11:34:10 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/05/06 21:21:51 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Uniblue
    [2008/10/20 13:44:12 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\VanDale
    [2011/01/11 18:53:41 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\wbtooltb
    [2010/08/29 12:30:35 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\WinPatrol
    [2008/10/04 11:57:15 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\Zeon
    [2012/05/15 08:45:15 | 000,000,434 | —- | M] () – C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job
    [2012/05/16 07:56:00 | 000,000,232 | —- | M] () – C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    [2012/05/15 08:50:09 | 000,000,420 | -H– | M] () – C:\WINDOWS\Tasks\User_Feed_Synchronization-{1CD3A718-4B83-444F-9C3D-CB870A64AC95}.job

    ========== Purity Check ==========[/color:6d7b7210ce]



    ========== Alternate Data Streams ==========[/color:6d7b7210ce]

    @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\vga.sys:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Program Files\vlc-1.1.7-win32.exe:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\paul\Mijn documenten\Garmin Mapsource Topo Spain v2.rar:SummaryInformation

    < End of report >
  • OTL Extras logfile created on: 16/05/2012 7:49:08 - Run 1
    OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\paul\Bureaublad
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

    3,50 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 83,00% Memory free
    5,34 Gb Paging File | 4,81 Gb Available in Paging File | 90,13% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465,75 Gb Total Space | 192,80 Gb Free Space | 41,40% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 333,55 Gb Free Space | 35,81% Space Free | Partition Type: NTFS

    Computer Name: STILLEPC | User Name: paul | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:bd8c7c08af]


    ========== File Associations ==========[/color:bd8c7c08af]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========[/color:bd8c7c08af]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] – "%1" %*
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] – "C:\Program Files\VideoLAN\VLC\vlc.exe" –started-from-file –playlist-enqueue "%1" ()
    Directory [Bridge] – C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] – "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
    Directory [PlayWithVLC] – "C:\Program Files\VideoLAN\VLC\vlc.exe" –started-from-file –no-playlist-enqueue "%1" ()
    Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:bd8c7c08af]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========[/color:bd8c7c08af]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========[/color:bd8c7c08af]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

    ========== Authorized Applications List ==========[/color:bd8c7c08af]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\GIGABYTE\GEST\run.exe" = C:\Program Files\GIGABYTE\GEST\run.exe:*:Enabled:update – ()
    "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server – (Adobe Systems Incorporated)
    "C:\Program Files\Avira\AntiVir Desktop\avscan.exe" = C:\Program Files\Avira\AntiVir Desktop\avscan.exe:*:Enabled:avscan – (Avira GmbH)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze – (Vuze Inc.)
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player – ()
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth – (Google)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit – (Apple Inc.)
    "C:\Documents and Settings\paul\Local Settings\Application Data\Akamai
    etsession_win.exe" = C:\Documents and Settings\paul\Local Settings\Application Data\Akamai
    etsession_win.exe:*:Enabled:Akamai NetSession Client – (Akamai Technologies, Inc)
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe – (NVIDIA Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:bd8c7c08af]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0451FD8E-D80E-4BA6-AE02-EBE80A059CB0}" = Sibelius Scorch (ActiveX Only)
    "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0DC66F25-C58F-40d3-86BC-CA29C6D99BF8}" = Windows 7 Upgrade Advisor
    "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{15C165F1-1DAE-4476-AFB6-8723729B41E7}" = hp deskjet 5100
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.4
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{29EA075F-2C61-472F-B01D-80E8D8F023F1}" = Garmin City Navigator Europe NT v9
    "{2BDBD1DE-2959-407F-BBC2-C9B2828CEDF2}" = HPSSupply
    "{2D40A1BE-E50E-4272-8097-841D779E5B0E}_is1" = Internet Speed Tester 3.0
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{332DB63A-14F2-465D-9C7E-B0D04353323F}" = RegistryReviver
    "{334B6B44-2C7F-4AC0-A215-E780541CE033}" = Paragon Drive Copy 8.0 Personal Special Edition
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
    "{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
    "{3A3923F8-AA05-4281-9F6F-DC6F85D0092D}" = Garmin POI Loader
    "{3B78608F-D09A-11DF-A54E-0013D3D69929}" = Vegas Pro 10.0
    "{3DCFD210-5E9B-4403-B185-1D7AE5C28612}" = Garmin MapInstall
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
    "{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{47282117-BA45-4240-9191-57FE76041DDE}" = Garmin Training Center 3.4.3
    "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
    "{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
    "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
    "{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
    "{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
    "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle videodriver
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
    "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
    "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A5509EE-5579-46C1-B566-5065545547F9}" = Media Add-ons voor Acronis True Image Home 2011
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C45D9D2-D429-4EA7-8E9E-BFBBD9BAA4F2}" = Garmin City Navigator Europe NT 2011.10
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D0FB354-3D85-483A-A899-99FB3084942D}" = Garmin MapSource
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Nederlands
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systeemsoftware 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
    "{B53208F5-5F23-4193-AFFA-275EF9C6B4DA}" = ScanSoft PDF Professional 3.0
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
    "{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
    "{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
    "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
    "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{F0207194-35B9-4476-B02E-395EE52B5960}" = ASUS nVidia Driver
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
    "{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
    "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
    "{FBA71ADC-C8B7-4635-889B-773AC7B18470}" = ACSI Camp Site Guide Europe 2009
    "{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-stuurprogrammapakket - Nokia Modem (10/05/2009 4.2)
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "7-Zip" = 7-Zip 4.57
    "8461-7759-5462-8226" = Vuze
    "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-stuurprogrammapakket - Nokia Modem (06/01/2009 7.01.0.4)
    "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.30
    "Akamai" = Akamai NetSession Interface
    "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "AVS Registry Cleaner 1.1_is1" = AVS Registry Cleaner version 1.1
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
    "AVSRegistryCleaner_is1" = AVS Registry Cleaner version 1.2
    "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "conduitEngine" = Conduit Engine
    "DigiLeen 1.1_is1" = DigiLeen 1.1
    "Disk Investigator" = Disk Investigator 1.5
    "DriverNavigator_is1" = DriverNavigator 2.7.5
    "DVD Flick_is1" = DVD Flick
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "GOM Player" = GOM Player
    "Google Updater" = Google Updater
    "HFX PRO for Studio" = HFX PRO for Studio
    "HijackThis" = HijackThis 2.0.2
    "hp print screen utility" = hp print screen utility
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{FBA71ADC-C8B7-4635-889B-773AC7B18470}" = ACSI Camp Site Guide Europe 2009
    "IrfanView" = IrfanView (remove only)
    "IsoBuster_is1" = IsoBuster 2.4
    "jZip" = jZip
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.61.0.1400
    "MediaMonkey_is1" = MediaMonkey 3.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nokia Ovi Suite" = Nokia Ovi Suite
    "Nokia PC Suite" = Nokia PC Suite
    "OnlineArmor_is1" = Online Armor 5.5
    "PoiEdit" = PoiEdit
    "Recuva" = Recuva
    "RegistryReviver" = RegistryReviver
    "sp6" = Logitech SetPoint 6.20
    "Spector Photo Software" = Spector Photo Software
    "Studio 9.0 Installpath Updater" = Studio 9.0 Installpath Updater
    "SuperMegaSpoof_is1" = SuperMegaSpoof 2.0
    "SystemRequirementsLab" = System Requirements Lab
    "VLC media player" = VLC media player 1.1.11
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "wbtooltb" = Webblog
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinGDB3" = WinGDB3 3.2
    "WinPatrol" = WinPatrol
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========[/color:bd8c7c08af]

    [HKEY_USERS\S-1-5-21-842925246-1592454029-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Support.com Toolbar Updater
    "Akamai" = Akamai NetSession Interface

    ========== Last 10 Event Log Errors ==========[/color:bd8c7c08af]

    [ Application Events ]
    Error - 31/12/2011 6:00:07 | Computer Name = STILLEPC | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 31/12/2011 7:38:56 | Computer Name = STILLEPC | Source = Application Hang | ID = 1002
    Description = Vastgelopen toepassing: msiexec.exe, versie: 4.5.6001.22159, vastgelopen
    module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

    Error - 31/12/2011 7:55:36 | Computer Name = STILLEPC | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: , versie: 0.0.0.0, vastgelopen module: unknown,
    versie: 0.0.0.0, vastgelopen op: 0x00000000.

    Error - 31/12/2011 7:55:39 | Computer Name = STILLEPC | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: , versie: 0.0.0.0, vastgelopen module: unknown,
    versie: 0.0.0.0, vastgelopen op: 0x00000000.

    Error - 31/12/2011 8:08:53 | Computer Name = STILLEPC | Source = Application Hang | ID = 1002
    Description = Vastgelopen toepassing: msiexec.exe, versie: 4.5.6001.22159, vastgelopen
    module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

    Error - 31/12/2011 9:15:52 | Computer Name = STILLEPC | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: msiexec.exe, versie: 4.5.6001.22159, vastgelopen
    module: MSCTF.dll, versie: 5.1.2600.5512, vastgelopen op: 0x0001f87f.

    Error - 1/01/2012 7:09:47 | Computer Name = STILLEPC | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: nwiz.exe, versie: 6.14.10.13595, vastgelopen
    module: nwiz.exe, versie: 6.14.10.13595, vastgelopen op: 0x00006cc9.

    Error - 1/01/2012 7:10:38 | Computer Name = STILLEPC | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: nwiz.exe, versie: 6.14.10.13595, vastgelopen
    module: nwiz.exe, versie: 6.14.10.13595, vastgelopen op: 0x00006cc9.

    Error - 1/01/2012 7:12:18 | Computer Name = STILLEPC | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: nwiz.exe, versie: 6.14.10.13595, vastgelopen
    module: nwiz.exe, versie: 6.14.10.13595, vastgelopen op: 0x00006cc9.

    Error - 1/01/2012 7:16:59 | Computer Name = STILLEPC | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: nwiz.exe, versie: 6.14.10.13595, vastgelopen
    module: nwiz.exe, versie: 6.14.10.13595, vastgelopen op: 0x00006cc9.

    [ OSession Events ]
    Error - 17/03/2009 18:07:35 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15484
    seconds with 3420 seconds of active time. This session ended with a crash.

    Error - 2/09/2009 7:16:07 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1094
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2/09/2009 14:06:34 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 101
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/10/2009 17:48:47 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 25066
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 5/07/2010 14:34:19 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 342
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 21/08/2010 18:42:17 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15421
    seconds with 420 seconds of active time. This session ended with a crash.

    Error - 25/08/2010 1:28:05 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3092
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 13/05/2011 8:03:00 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4092
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 27/12/2011 16:00:37 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20224
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 31/12/2011 8:40:52 | Computer Name = STILLEPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1707
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 15/05/2012 18:39:09 | Computer Name = STILLEPC | Source = Disk | ID = 262151
    Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

    Error - 15/05/2012 18:39:10 | Computer Name = STILLEPC | Source = Disk | ID = 262151
    Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

    Error - 15/05/2012 18:39:11 | Computer Name = STILLEPC | Source = Disk | ID = 262151
    Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

    Error - 15/05/2012 18:39:13 | Computer Name = STILLEPC | Source = Disk | ID = 262151
    Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

    Error - 15/05/2012 18:39:14 | Computer Name = STILLEPC | Source = Disk | ID = 262151
    Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

    Error - 15/05/2012 18:39:15 | Computer Name = STILLEPC | Source = Disk | ID = 262151
    Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

    Error - 15/05/2012 18:39:16 | Computer Name = STILLEPC | Source = Disk | ID = 262151
    Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

    Error - 15/05/2012 18:39:17 | Computer Name = STILLEPC | Source = Disk | ID = 262151
    Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

    Error - 15/05/2012 18:39:19 | Computer Name = STILLEPC | Source = Disk | ID = 262151
    Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

    Error - 16/05/2012 1:32:51 | Computer Name = STILLEPC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: Lbd


    < End of report >
  • AVG is goed verwijderd verwijderd - een paar onschuldige resten gaan we nu via script verwijderen.

    [b:5e29d15233]Sluit voordat OTL[/color:5e29d15233] de fix laat doen, eerst alle andere openstaande vensters![/b:5e29d15233]

    [list:5e29d15233][*:5e29d15233]Dubblklik op [img:5e29d15233]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:5e29d15233]
    [*:5e29d15233]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het kader onder [img:5e29d15233]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:5e29d15233]

    [b:5e29d15233]
    :OTL
    SRV - File not found [Disabled | Stopped] – C:\Program Files\AskBarDis\bar\bin\AskService.exe – (ASKService)
    IE - HKU\S-1-5-21-842925246-1592454029-1417001333-1004\..\SearchScopes\{2A51D3AD-467A-496C-A406-677189F59230}: "URL" =
    [2008/10/20 19:29:00 | 000,000,000 | —D | M] ("Ask Toolbar for Firefox") – C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2012/05/16 07:56:00 | 000,000,232 | —- | M] () – C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2011/12/30 20:18:34 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
    [2011/12/26 00:13:09 | 000,000,000 | —D | M] – C:\Documents and Settings\paul\Application Data\AVG2012
    [2012/05/16 07:56:00 | 000,000,232 | —- | M] () – C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]



    :Services


    :Reg


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [createrestorepoint]
    [reboot][/color:5e29d15233][/b:5e29d15233]


    [*:5e29d15233]Klik daarna bovenaan op [img:5e29d15233]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:5e29d15233]
    [*:5e29d15233]Laat het programma ongestoord zijn werk doen.
    [*:5e29d15233][b:5e29d15233]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:5e29d15233][/color:5e29d15233]
    [*:5e29d15233]Klik op [b:5e29d15233]OK[/b:5e29d15233]
    [*:5e29d15233]Na het opnieuw opstarten wordt enkel een nieuw log geopend.
    [*:5e29d15233]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:5e29d15233]


    [b:5e29d15233]Zeer disctabele programma's:[/b:5e29d15233]
    C:\Program Files\Easeware
    C:\Program Files\RegistryReviverSetup.exe
    C:\Program Files\RegtaskTool_Installer.exe
  • All processes killed
    ========== OTL ==========
    Service ASKService stopped successfully!
    Service ASKService deleted successfully!
    File C:\Program Files\AskBarDis\bar\bin\AskService.exe not found.
    Registry key HKEY_USERS\S-1-5-21-842925246-1592454029-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\{2A51D3AD-467A-496C-A406-677189F59230}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A51D3AD-467A-496C-A406-677189F59230}\ not found.
    C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
    C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
    C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
    C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
    C:\Documents and Settings\paul\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
    C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
    C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012\Temp(2) folder moved successfully.
    C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012\fet(2) folder moved successfully.
    C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012\fet folder moved successfully.
    C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012 folder moved successfully.
    C:\Documents and Settings\paul\Application Data\AVG2012\cfgall folder moved successfully.
    C:\Documents and Settings\paul\Application Data\AVG2012 folder moved successfully.
    File C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] not found.
    File EY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >[/color:3f436f94e1]
    Windows IP-configuratie
    De DNS-omzettingscache is leeggemaakt.
    C:\Documents and Settings\paul\Bureaublad\cmd.bat deleted successfully.
    C:\Documents and Settings\paul\Bureaublad\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: ACSI Campinggids 2009

    User: Adobe CS5

    User: All Users

    User: All Users.WINDOWS

    User: anne
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: arno
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 759296 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 2844 bytes

    User: Campingselect

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User.WINDOWS
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: gebruiker

    User: LocalService
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: marijke
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService.NT AUTHORITY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: paul
    ->Temp folder emptied: 561455 bytes
    ->Temporary Internet Files folder emptied: 58081884 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 64285 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 57,00 mb


    [EMPTYJAVA]

    User: ACSI Campinggids 2009

    User: Adobe CS5

    User: All Users

    User: All Users.WINDOWS

    User: anne
    ->Java cache emptied: 0 bytes

    User: arno
    ->Java cache emptied: 0 bytes

    User: Campingselect

    User: Default User

    User: Default User.WINDOWS

    User: gebruiker

    User: LocalService

    User: LocalService.NT AUTHORITY

    User: marijke
    ->Java cache emptied: 0 bytes

    User: NetworkService

    User: NetworkService.NT AUTHORITY

    User: paul
    ->Java cache emptied: 0 bytes

    User: UpdatusUser

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: ACSI Campinggids 2009

    User: Adobe CS5

    User: All Users

    User: All Users.WINDOWS

    User: anne
    ->Flash cache emptied: 0 bytes

    User: arno
    ->Flash cache emptied: 0 bytes

    User: Campingselect

    User: Default User

    User: Default User.WINDOWS
    ->Flash cache emptied: 0 bytes

    User: gebruiker

    User: LocalService

    User: LocalService.NT AUTHORITY

    User: marijke
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: NetworkService.NT AUTHORITY

    User: paul
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb

    Unable to start System Restore Service. Error code 1056

    OTL by OldTimer - Version 3.2.43.0 log created on 05162012_093727

    Files\Folders moved on Reboot…

    Registry entries deleted on Reboot…
  • Hallo Paul, we gebruiken ComboFix opnieuw.
    Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

    - of ComboFix wil geupdated worden;
    - of ComboFix wil opnieuw gedownload worden.

    Krijg je dus zo'n melding, dan dit ook uitvoeren.
    Post wederom de inhoud van het ComboFix-log.
  • ComboFix 12-05-16.01 - paul 16/05/2012 13:29:14.12.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3582.2953 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\paul\Bureaublad\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-04-16 to 2012-05-16 ))))))))))))))))))))))))))))))
    .
    .
    2012-05-16 07:37 . 2012-05-16 07:37 ——– d—–w- C:\_OTL
    2012-05-15 21:46 . 2012-05-16 05:36 ——– d—–w- c:\documents and settings\All Users.WINDOWS\Application Data\OnlineArmor
    2012-05-15 21:46 . 2012-05-15 21:46 ——– d—–w- c:\documents and settings\paul\Application Data\OnlineArmor
    2012-05-15 21:45 . 2012-02-10 12:33 42152 —-a-w- c:\windows\system32\drivers\oahlp32.sys
    2012-05-15 21:45 . 2012-02-10 12:33 29464 —-a-w- c:\windows\system32\drivers\OAnet.sys
    2012-05-15 21:45 . 2012-02-10 12:33 25192 —-a-w- c:\windows\system32\drivers\OAmon.sys
    2012-05-15 21:45 . 2012-02-10 12:33 205864 —-a-w- c:\windows\system32\drivers\OADriver.sys
    2012-05-15 21:45 . 2012-05-16 11:18 ——– d—–w- c:\program files\Online Armor
    2012-05-15 21:37 . 2012-05-15 21:37 29588048 —-a-w- c:\program files\OnlineArmorSetup.exe
    2012-05-14 20:24 . 2012-05-14 20:24 ——– d—–w- C:\TDSSStarter
    2012-05-07 11:54 . 2012-05-07 11:54 ——– d—–w- c:\program files\Easeware
    2012-05-07 09:58 . 2011-06-27 16:56 81936 —-a-w- c:\windows\system32\RtNicProp32.dll
    2012-05-07 09:58 . 2011-06-27 16:56 102416 —-a-w- c:\windows\system32\RTNUninst32.dll
    2012-05-07 07:11 . 2012-05-07 07:13 ——– dc-h–w- c:\windows\ie8
    2012-05-06 19:23 . 2012-05-15 06:13 ——– d–h–r- c:\documents and settings\paul\Onlangs geopend
    2012-05-06 19:23 . 2012-05-06 19:23 ——– d—–w- c:\documents and settings\arno\Local Settings\Application Data\Temp
    2012-05-06 17:30 . 2012-03-19 17:01 65128 —-a-w- c:\windows\system32\RtkCoInstIIXP.dll
    2012-05-06 17:30 . 2011-11-22 14:28 11368 —-a-w- c:\windows\system32\RtkCoLDRXP.dll
    2012-05-06 17:17 . 2012-05-06 17:17 ——– d—–w- c:\program files\FinalWire
    2012-05-05 19:42 . 2012-05-05 19:42 ——– d—–w- c:\windows\system32\wbem\Repository
    2012-05-04 16:29 . 2012-05-06 19:23 ——– d—–w- c:\documents and settings\arno\Application Data\SmartDraw
    2012-05-03 11:57 . 2012-05-03 11:57 ——– d—–w- c:\documents and settings\paul\Application Data\ElevatedDiagnostics
    2012-04-30 18:27 . 2012-04-30 18:27 3654896 —-a-w- c:\program files\ccsetup318.exe
    2012-04-17 07:36 . 2012-05-07 09:36 419488 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-09 10:56 . 2010-12-11 07:23 16400 —-a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-05-07 09:36 . 2011-12-31 15:22 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-11 13:55 . 2008-04-14 22:11 2031104 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2012-04-11 13:55 . 2008-04-15 12:00 2152960 —-a-w- c:\windows\system32
    toskrnl.exe
    2012-04-11 13:55 . 2008-04-15 12:00 1862400 —-a-w- c:\windows\system32\win32k.sys
    2012-04-04 13:56 . 2008-10-21 13:29 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-01 11:00 . 2008-04-15 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:00 . 2008-04-15 12:00 43520 ——w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:00 . 2008-04-15 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-02-29 23:58 . 2012-03-14 08:49 881984 —-a-w- c:\windows\system32
    vgenco32.dll
    2012-02-29 23:58 . 2012-03-14 08:49 18624512 —-a-w- c:\windows\system32
    voglnt.dll
    2012-02-29 23:58 . 2012-03-14 08:49 1000256 —-a-w- c:\windows\system32
    vdispco32.dll
    2012-02-29 23:58 . 2011-12-27 19:55 65536 —-a-w- c:\windows\system32\OpenCL.dll
    2012-02-29 23:58 . 2011-12-27 19:55 2522944 —-a-w- c:\windows\system32
    vcuvid.dll
    2012-02-29 23:58 . 2011-12-27 19:55 2437440 —-a-w- c:\windows\system32
    vcuvenc.dll
    2012-02-29 23:58 . 2011-12-27 19:55 17534976 —-a-w- c:\windows\system32
    vcompiler.dll
    2012-02-29 23:58 . 2008-09-17 07:55 5918720 —-a-w- c:\windows\system32
    vcuda.dll
    2012-02-29 23:58 . 2007-09-16 17:07 4309760 —-a-w- c:\windows\system32
    v4_disp.dll
    2012-02-29 23:58 . 2007-09-16 17:07 2291712 —-a-w- c:\windows\system32
    vapi.dll
    2012-02-29 23:58 . 2007-09-16 17:07 13417632 —-a-w- c:\windows\system32\drivers
    v4_mini.sys
    2012-02-29 21:15 . 2012-03-14 08:51 335872 —-a-w- c:\windows\system32
    vrshe.dll
    2012-02-29 21:15 . 2012-03-14 08:51 274432 —-a-w- c:\windows\system32
    vrsja.dll
    2012-02-29 21:15 . 2012-03-14 08:51 274432 —-a-w- c:\windows\system32
    vrsesm.dll
    2012-02-29 21:15 . 2012-03-14 08:51 258048 —-a-w- c:\windows\system32
    vrspl.dll
    2012-02-29 21:15 . 2012-03-14 08:51 253952 —-a-w- c:\windows\system32
    vrssv.dll
    2012-02-29 21:15 . 2012-03-14 08:51 249856 —-a-w- c:\windows\system32
    vrseng.dll
    2012-02-29 21:15 . 2012-03-14 08:51 249856 —-a-w- c:\windows\system32
    vrscs.dll
    2012-02-29 21:15 . 2012-03-14 08:51 282624 —-a-w- c:\windows\system32
    vrsit.dll
    2012-02-29 21:15 . 2012-03-14 08:51 278528 —-a-w- c:\windows\system32
    vrsde.dll
    2012-02-29 21:15 . 2012-03-14 08:51 270336 —-a-w- c:\windows\system32
    vrsptb.dll
    2012-02-29 21:15 . 2012-03-14 08:51 258048 —-a-w- c:\windows\system32
    vrssk.dll
    2012-02-29 21:15 . 2012-03-14 08:51 274432 —-a-w- c:\windows\system32
    vrspt.dll
    2012-02-29 21:15 . 2012-03-14 08:51 262144 —-a-w- c:\windows\system32
    vrshu.dll
    2012-02-29 21:15 . 2012-03-14 08:51 266240 —-a-w- c:\windows\system32
    vrsko.dll
    2012-02-29 21:15 . 2012-03-14 08:51 335872 —-a-w- c:\windows\system32
    vrsar.dll
    2012-02-29 21:15 . 2012-03-14 08:51 282624 —-a-w- c:\windows\system32
    vrses.dll
    2012-02-29 21:15 . 2012-03-14 08:51 274432 —-a-w- c:\windows\system32
    vrsnl.dll
    2012-02-29 21:15 . 2012-03-14 08:51 258048 —-a-w- c:\windows\system32
    vrstr.dll
    2012-02-29 21:15 . 2012-03-14 08:51 253952 —-a-w- c:\windows\system32
    vrsth.dll
    2012-02-29 21:15 . 2012-03-14 08:51 253952 —-a-w- c:\windows\system32
    vrsno.dll
    2012-02-29 21:15 . 2012-03-14 08:51 286720 —-a-w- c:\windows\system32
    vrsfr.dll
    2012-02-29 21:15 . 2012-03-14 08:51 282624 —-a-w- c:\windows\system32
    vrsel.dll
    2012-02-29 21:15 . 2012-03-14 08:51 270336 —-a-w- c:\windows\system32
    vrsru.dll
    2012-02-29 21:15 . 2012-03-14 08:51 229376 —-a-w- c:\windows\system32
    vrszhc.dll
    2012-02-29 21:15 . 2012-03-14 08:51 126976 —-a-w- c:\windows\system32
    vrszht.dll
    2012-02-29 21:15 . 2012-03-14 08:51 253952 —-a-w- c:\windows\system32
    vrsda.dll
    2012-02-29 21:15 . 2012-03-14 08:51 249856 —-a-w- c:\windows\system32
    vrsfi.dll
    2012-02-29 21:15 . 2012-03-14 08:51 258048 —-a-w- c:\windows\system32
    vrssl.dll
    2012-02-29 20:30 . 2012-03-14 08:50 54272 —-a-w- c:\windows\system32
    vwddi.dll
    2012-02-29 20:30 . 2012-03-14 08:51 143680 —-a-w- c:\windows\system32
    vcolor.exe
    2012-02-29 20:30 . 2012-03-14 08:50 15494464 —-a-w- c:\windows\system32
    vcpl.dll
    2012-02-29 20:30 . 2012-03-14 08:51 164160 —-a-w- c:\windows\system32
    vsvc32.exe
    2012-02-29 20:30 . 2012-03-14 08:50 108352 —-a-w- c:\windows\system32
    vmctray.dll
    2012-02-29 14:10 . 2008-04-15 12:00 177664 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2008-04-15 12:00 148480 —-a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2008-04-15 12:00 385024 ——w- c:\windows\system32\html.iec
    2012-02-19 00:05 . 2008-04-15 12:00 26112 —-a-w- c:\windows\system32\userinit.exe
    2012-02-09 15:12 . 2012-02-09 15:12 31181592 —-a-w- c:\program files\DWFWriter4Setup.exe
    2012-02-09 14:57 . 2012-02-09 14:33 62286360 —-a-w- c:\program files\FreeDWGViewer.exe
    2012-02-09 14:42 . 2012-02-09 14:41 808368 —-a-w- c:\program files\AutodeskDesignRevSetup.exe
    2012-01-11 06:54 . 2012-01-11 06:54 3562624 —-a-w- c:\program files\ccsetup314.exe
    2012-01-05 09:37 . 2008-10-22 11:09 86016 —-a-w- c:\program files\setupenne.dll
    2011-12-30 14:08 . 2011-12-30 14:08 1402880 —-a-w- c:\program files\HiJackThis.msi
    2011-12-26 07:01 . 2011-12-26 07:01 21073936 —-a-w- c:\program files\vlc-1.1.11-win32.exe
    2011-10-18 16:51 . 2011-10-18 16:51 3687352 —-a-w- c:\program files\PMB.lnk
    2011-04-10 12:06 . 2011-04-10 12:06 20586196 —-a-w- c:\program files\vlc-1.1.8-win32.exe
    2011-04-10 12:03 . 2011-02-19 15:31 20364702 —-a-w- c:\program files\vlc-1.1.7-win32.exe
    2011-01-29 06:52 . 2011-01-29 06:52 200442456 —-a-w- c:\program files\vegaspro100c_32bit.exe
    2011-01-27 18:35 . 2011-01-27 18:35 1364522 —-a-w- c:\program files\wrar393.exe
    2011-01-16 09:27 . 2011-01-16 09:26 150446976 —-a-w- c:\program files\AVSVideoEditor.exe
    2011-01-12 02:33 . 2011-01-12 02:33 11008549 —-a-w- c:\program files\avidemux_2.5.4_win32.exe
    2011-01-11 17:21 . 2011-01-11 17:20 62701672 —-a-w- c:\program files\AVSVideoConverter.exe
    2010-12-30 16:59 . 2010-12-30 16:58 19985265 —-a-w- c:\program files\vlc-1.1.5-win32.exe
    2010-12-14 19:22 . 2010-12-14 19:22 338760 —-a-w- c:\program files\RegtaskTool_Installer.exe
    2010-12-11 07:22 . 2010-12-11 07:21 25188112 —-a-w- c:\program files\setpoint620.exe
    2010-12-08 18:15 . 2008-10-20 17:25 9039288 —-a-w- c:\program files\Vuze_Installer.exe
    2010-12-04 11:27 . 2010-07-04 06:54 13454568 —-a-w- c:\program files\RegistryReviverSetup.exe
    2010-08-29 11:47 . 2009-04-29 16:04 44089904 —-a-w- c:\program files\avira_antivir_personal_en.exe
    2010-08-29 11:37 . 2010-08-29 11:37 44153664 —-a-w- c:\program files\avira_antivir_personal_de.exe
    2010-08-29 11:23 . 2010-08-29 11:23 3427712 —-a-w- c:\program files\ccsetup235.exe
    2010-08-05 17:43 . 2010-08-05 17:43 3420304 —-a-w- c:\program files\ccsetup234.exe
    2010-03-20 17:37 . 2010-03-20 17:37 1103048 —-a-w- c:\program files\wpsetup.exe
    2010-03-12 12:28 . 2010-03-12 12:28 34506392 —-a-w- c:\program files\Nokia_PC_Suite_dut_web.exe
    2010-03-12 10:46 . 2010-03-12 10:39 98366952 —-a-w- c:\program files\Nokia_Ovi_Suite_webinstaller_ALL.exe
    2010-01-02 22:50 . 2009-10-16 05:08 13731712 —-a-w- c:\program files\AVSRegistryCleaner.exe
    2009-12-25 11:22 . 2009-12-25 11:22 6113439 —-a-w- c:\program files\pci_filerecovery.exe
    2009-10-25 11:52 . 2009-10-25 11:52 77086488 —-a-w- c:\program files\Ad-AwareInstallation.exe
    2009-09-02 18:54 . 2009-09-02 18:54 74160 —-a-w- c:\program files\irfanview_lang_nederlands.exe
    2009-09-02 18:52 . 2009-09-02 18:52 1359360 —-a-w- c:\program files\iview425_setup.exe
    2009-08-30 09:17 . 2009-08-30 09:16 3293088 —-a-w- c:\program files\ccsetup223.exe
    2009-05-28 18:34 . 2009-05-28 18:34 5076056 —-a-w- c:\program files
    uvi760_480.exe
    2009-03-22 12:11 . 2009-03-22 12:11 4310568 —-a-w- c:\program files\WebUpdater_241.exe
    2009-03-14 08:06 . 2009-03-14 08:06 37452296 —-a-w- c:\program files\Ad-AwareAE.exe
    2008-12-21 11:12 . 2008-12-21 11:11 5797488 —-a-w- c:\program files\GOMPLAYERENSETUP.EXE
    2008-12-21 08:57 . 2008-12-21 08:57 27288880 —-a-w- c:\program files\QuickTimeInstaller.exe
    2008-12-21 08:49 . 2008-12-21 08:49 12349806 —-a-w- c:\program files\dvdflick_setup_1.3.0.4.exe
    2008-11-30 11:51 . 2008-10-06 07:04 15083520 —-a-w- c:\program files\spybotsd160.exe
    2008-11-23 14:14 . 2008-10-02 17:20 25129080 —-a-w- c:\program files\antivir_workstation_winu_en_h.exe
    2008-11-23 12:02 . 2008-11-23 12:02 1958864 —-a-w- c:\program files\TrendMicro_Downloader.exe
    2008-11-11 14:44 . 2008-11-11 14:44 860391 —-a-w- c:\program files\7z457.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-15_06.26.10 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-06-10 23:58 . 2011-06-10 23:58 51024 c:\windows\system32\vcomp100.dll
    + 2008-04-15 12:00 . 2012-05-16 11:14 84980 c:\windows\system32\perfc013.dat
    + 2008-04-15 12:00 . 2012-05-16 11:14 66748 c:\windows\system32\perfc009.dat
    + 2011-06-10 23:58 . 2011-06-10 23:58 81744 c:\windows\system32\mfcm100u.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 81744 c:\windows\system32\mfcm100.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 60752 c:\windows\system32\mfc100rus.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 60752 c:\windows\system32\mfc100rus.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 43344 c:\windows\system32\mfc100kor.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 43344 c:\windows\system32\mfc100kor.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 43856 c:\windows\system32\mfc100jpn.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 43856 c:\windows\system32\mfc100jpn.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 62288 c:\windows\system32\mfc100ita.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 62288 c:\windows\system32\mfc100ita.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 64336 c:\windows\system32\mfc100fra.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\system32\mfc100fra.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 63824 c:\windows\system32\mfc100esn.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 63824 c:\windows\system32\mfc100esn.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 55120 c:\windows\system32\mfc100enu.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 55120 c:\windows\system32\mfc100enu.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 64336 c:\windows\system32\mfc100deu.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 64336 c:\windows\system32\mfc100deu.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\system32\mfc100cht.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 36176 c:\windows\system32\mfc100cht.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 36176 c:\windows\system32\mfc100chs.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 36176 c:\windows\system32\mfc100chs.dll
    + 2008-04-15 12:00 . 2012-05-16 11:14 496558 c:\windows\system32\perfh013.dat
    + 2008-04-15 12:00 . 2012-05-16 11:14 429990 c:\windows\system32\perfh009.dat
    + 2011-06-10 23:58 . 2011-06-10 23:58 773968 c:\windows\system32\msvcr100.dll
    - 2010-03-18 08:15 . 2010-03-18 08:15 421200 c:\windows\system32\msvcp100.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 421200 c:\windows\system32\msvcp100.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 138056 c:\windows\system32\atl100.dll
    + 2012-05-15 17:58 . 2012-05-15 17:58 160768 c:\windows\Installer\1a330d.msi
    + 2011-06-10 23:58 . 2011-06-10 23:58 4422992 c:\windows\system32\mfc100u.dll
    + 2011-06-10 23:58 . 2011-06-10 23:58 4397384 c:\windows\system32\mfc100.dll
    + 2011-06-28 19:27 . 2011-06-28 19:27 4028928 c:\windows\Installer\22a46f.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5\Bridge.exe" [2011-06-09 12002664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-09-26 222784]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
    "NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
    "nwiz"="c:\program files\NVIDIA Corporation
    view
    wiz.exe" [2012-02-29 1634112]
    "Driver Update and remove for Windows x64 or x86_32"="c:\program files\Realtek\Audio\Drivers\RtlUpd.exe" [2011-08-29 1493608]
    "@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-02-10 2645440]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLinkedConnections"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-02-10 359352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\LBTWlgn]
    2010-10-28 10:13 64592 —-a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Avira\\AntiVir Desktop\\avscan.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\mshta.exe"=
    "c:\\Documents and Settings\\paul\\Local Settings\\Application Data\\Akamai\
    etsession_win.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    .
    R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [4/10/2008 13:21 30820]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/10/2008 20:41 717296]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2/12/2010 20:22 752128]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [15/05/2012 23:45 205864]
    R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [15/05/2012 23:45 42152]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [15/05/2012 23:45 25192]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [15/05/2012 23:45 29464]
    R2 afcdpsrv;Acronis Nonstop Backup-service ;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [29/12/2010 15:42 3246040]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [22/05/2009 19:54 136360]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/12/2010 9:22 10448]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [14/03/2012 10:51 2348352]
    R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [15/05/2012 23:45 208472]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [15/03/2011 14:44 428384]
    R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [15/05/2012 23:45 4369208]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [29/12/2010 15:42 167968]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1c9c7b35e2a82cc;Google Update Service (gupdate1c9c7b35e2a82cc);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 5:42 133104]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [17/04/2012 9:36 257696]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/05/2012 8:42 1691480]
    S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [3/10/2008 0:16 55816]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/04/2009 5:42 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys –> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [24/08/2010 19:30 40912]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [24/08/2010 19:30 10448]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
    S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [15/04/2008 14:00 14336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 09:36]
    .
    2012-05-16 c:\windows\Tasks\AdobeAAMUpdater-1.0-STILLEPC-paul.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-22 02:44]
    .
    2011-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
    .
    2012-05-15 c:\windows\Tasks\DriverNavigator Scheduled Scan.job
    - c:\program files\Easeware\DriverNavigator\DriverNavigator.exe [2012-05-07 16:56]
    .
    2012-05-15 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 07:23]
    .
    2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce185a38be5ba.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42]
    .
    2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd08544131963a.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42]
    .
    2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 03:42]
    .
    2012-05-16 c:\windows\Tasks\User_Feed_Synchronization-{1CD3A718-4B83-444F-9C3D-CB870A64AC95}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.tijd.be/home
    uInternet Settings,ProxyOverride = *.local
    IE: PDF in Word openen (PDF Converter 3.0) - c:\program files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /700
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://sligachanhotel.remotemanager.co.uk/common/activex/MJPEGRender.ocx
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-16 13:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_d76cf65.dll"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'winlogon.exe'(776)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    - - - - - - - > 'explorer.exe'(1472)
    c:\program files\NVIDIA Corporation
    view
    view.dll
    c:\program files\NVIDIA Corporation
    view\NVWRSNL.DLL
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2012-05-16 13:49:22
    ComboFix-quarantined-files.txt 2012-05-16 11:49
    ComboFix2.txt 2012-05-15 06:28
    ComboFix3.txt 2011-12-31 10:24
    .
    Pre-Run: 206.958.080.000 bytes beschikbaar
    Post-Run: 206.949.658.624 bytes beschikbaar
    .
    - - End Of File - - FDFD67F298950A953C1BE0A5D6998446
  • Nu moet eerst iets geregeld gaan worden.
    Waarom?
    Twee geïnstalleerde antivirusprogramma's, te weten:
    AVG Free 2012
    Avira Antivir 2012.

    Dat is één antivirusprogramma teveel, het beveiligingsniveau zal zeer laag zijn, vooral ook omdat AVG zeer aggressief is naar ander andere antivirussoftware.
    Overigens: Windows zelf zal ook last hebben van de onderlinge conflicten.
    Laat weten welk van de twee eruit moet.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.