Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Rare reclames over foto, inc combofix log

None
24 antwoorden
  • Ik heb sinds enkele dagen last van reclames die onderaan fotos verschijnen. Ik dacht eerst dat het alleen voorkwam bij photobucket of imageshackfotos maar het komt ook voor op betaalde webhosting fotos.

    Aangezien malwarebytes antimalware niets bijzonders vond (enkel wat keygens die al jaren op een backup schjf staan en nooit voor problemen hebben gezorgt)

    Heb ik maar even gelijk combofix eroverheen gehaald.

    [code:1:2ee4bf8365]

    ComboFix 12-07-31.05 - Rutger 03-08-2012 13:00:52.1.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.6143.3547 [GMT 2:00]
    Gestart vanuit: c:\users\Rutger\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\HCT1D50.tmp
    C:\HCT1D51.tmp
    C:\HCT1DBF.tmp
    C:\HCT1DC0.tmp
    c:\windows\msvcr71.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-03 to 2012-08-03 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-03 11:06 . 2012-08-03 11:06 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-03 11:06 . 2012-08-03 11:06 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-08-03 10:17 . 2012-08-03 10:17 69000 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C7587B8-6C9D-4ACB-AE31-B95CE0F138F1}\offreg.dll
    2012-08-03 09:13 . 2012-06-29 10:04 9133488 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C7587B8-6C9D-4ACB-AE31-B95CE0F138F1}\mpengine.dll
    2012-08-02 23:11 . 2012-08-02 23:11 9827016 —-a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-08-01 20:01 . 2012-08-01 20:01 ——– d—–w- c:\users\Rutger\AppData\Roaming\Malwarebytes
    2012-08-01 20:01 . 2012-08-01 20:01 ——– d—–w- c:\programdata\Malwarebytes
    2012-08-01 20:01 . 2012-08-01 20:01 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-01 20:01 . 2012-07-03 11:46 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-17 17:12 . 2012-07-17 17:12 ——– d—–w- c:\program files (x86)\Oracle
    2012-07-16 14:47 . 2012-07-16 14:47 ——– d—–w- c:\program files (x86)\Microsoft Games
    2012-07-16 07:23 . 2012-07-16 07:23 ——– d—–w- c:\windows\system32\SPReview
    2012-07-16 07:21 . 2012-07-16 07:21 ——– d—–w- c:\windows\system32\EventProviders
    2012-07-12 16:43 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 23:11 . 2012-04-05 20:43 426184 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 23:11 . 2012-03-16 16:51 70344 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-16 07:41 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2012-07-16 07:41 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2012-07-12 13:02 . 2012-03-15 23:37 59701280 —-a-w- c:\windows\system32\MRT.exe
    2012-07-05 20:06 . 2012-05-21 15:16 772544 —-a-w- c:\windows\SysWow64
    pDeployJava1.dll
    2012-07-05 20:06 . 2012-05-21 15:16 687544 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-03 16:21 . 2012-03-15 22:47 355856 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-03 16:21 . 2012-03-15 22:47 54072 —-a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-03 16:21 . 2012-03-15 22:47 958400 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21 . 2012-03-15 22:47 59728 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-03 16:21 . 2012-03-15 22:47 71064 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-03 16:21 . 2012-03-15 22:47 25232 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-03 16:21 . 2012-03-15 22:46 41224 —-a-w- c:\windows\avastSS.scr
    2012-07-03 16:21 . 2012-03-15 22:46 227648 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-03 16:21 . 2012-03-15 22:47 285328 —-a-w- c:\windows\system32\aswBoot.exe
    2012-06-20 07:48 . 2011-03-28 16:36 19736 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-02 22:19 . 2012-06-22 11:38 38424 —-a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 11:39 2428952 —-a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 11:39 57880 —-a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 11:39 44056 —-a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 11:38 701976 —-a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 11:39 2622464 —-a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 11:38 99840 —-a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-22 11:38 186752 —-a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-22 11:38 36864 —-a-w- c:\windows\system32\wuapp.exe
    2012-05-31 10:25 . 2012-03-15 22:57 279656 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DelReg"="c:\program files (x86)\MSI\OverclockingCenter\DelReg.exe" [2008-12-04 196608]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    "Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-05-27 413696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
    R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
    R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2010-04-12 44344]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-16 1038088]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-01 113120]
    R3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS
    etr28ux.sys [2009-06-10 867328]
    R3 RushTopDevice_J;RushTopDevice_J;c:\program files (x86)\MSI\OverclockingCenter\RushJ64.sys [2009-03-05 33080]
    R3 RushTopDevice2;RushTopDevice2;c:\program files (x86)\MSI\OverclockingCenter\RushTop64.sys [2008-12-19 75576]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-16 1255736]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-29 283200]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 nvda;nvda;c:\program files (x86)\NVDA
    vda_service.exe [2012-03-21 37616]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 RealtekCU;RealtekCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2012-02-29 382272]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [2012-02-10 986728]
    S3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\Drivers\rtlss.sys [2010-06-21 27240]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:11]
    .
    2012-08-02 c:\windows\Tasks\Epson Printer Software Downloader.job
    - c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 22:47]
    .
    2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 22:47]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Rutger\AppData\Roaming\Mozilla\Firefox\Profiles\vyy0dno6.default\
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-08-03 13:08:42
    ComboFix-quarantined-files.txt 2012-08-03 11:08
    .
    Pre-Run: 25.154.781.184 bytes beschikbaar
    Post-Run: 28.104.519.680 bytes beschikbaar
    .
    - - End Of File - - 786D6E2E153FF6553B792A2FC4BCE785
    [/code:1:2ee4bf8365]

    Hopelijk kan iemand dit analyseren.
  • Waarom denken mensen toch dat keygens onschuldig zijn?
    Probeer maar eens keygens via 7Zip e.d. te decomprimeren.
    Als je dan een wachtwoord nodig hebt daarvoor - weet dan dat er malware ingesloten is!

    Wil je alsnog de inhoud van het MBAM log posten en dit niet via "Code" doen!
  • [quote:93295eb185="Abraham54"]Waarom denken mensen toch dat keygens onschuldig zijn?
    Probeer maar eens keygens via 7Zip e.d. te decomprimeren.
    Als je dan een wachtwoord nodig hebt daarvoor - weet dan dat er malware ingesloten is!

    Wil je alsnog de inhoud van het MBAM log posten en dit niet via "Code" doen![/quote:93295eb185]

    Ik zal nooit beweren dat keygens onschuldig zijn. Echter als deze al meer dan 5 jaar probleemloos op de pc staat, en gebruikt is. Ga ik ervan uit dat dat niet het probleem veroorzaakt.
    Als ik nu toevallig kort geleden een keygen gedownload had en vanaf toen problemen, was het me duidelijk zat geweest lijkt me.
    Dan was dit topic ook niet nodig.

    Wat is er trouwens mis met een log in een code tag te zetten? nja dan maar als quote, vind t zelf namelijk wel handig als dit gescheiden is van de rest.:

    [quote:93295eb185]Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.08.01.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Rutger :: DESKTOP_RUTGER [administrator]

    1-8-2012 22:07:30
    mbam-log-2012-08-01 (22-07-30).txt

    Scantype: Volledige scan (C:\|E:\|F:\|G:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 620217
    Verstreken tijd: 1 uur/uren, 15 minuut/minuten, 34 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 9
    E:\compubackup\Adobe CS4 Master Collection Keygen.exe (Trojan.Agent.CK) -> Geen actie ondernomen.
    E:\compubackup\Adobe CS4 Master Collection\Adobe CS4 Master Collection Keygen.exe (Trojan.Agent.CK) -> Geen actie ondernomen.
    F:\t\Sony Vegas Pro 9 + Crack and KeyGen\crack vegas 9\Sony_VegasPro8_DVDArchitect45_SoundForge9_CRACK.exe (RiskWare.Tool.HCK) -> Geen actie ondernomen.
    G:\$RECYCLE.BIN\$ROSO42E\Keygen.exe (RiskWare.Tool.CK) -> Geen actie ondernomen.
    G:\$RECYCLE.BIN\$ROSO42E\SonyVegasPro Patch.exe (RiskWare.Tool.HCK) -> Geen actie ondernomen.
    E:\7setups\setup\adrenalin\ims.dll (Malware.Packer.Krunchy) -> Succesvol in quarantaine geplaatst en verwijderd.
    E:\compubackup\setupwavtomp3-c.exe (PUP.Installer.WH) -> Succesvol in quarantaine geplaatst en verwijderd.
    E:\compubackup\Documents
    avigatie\installer_xampp_1_6_8_Nederlands_Dutch.exe (PUP.SmsPay.pns) -> Succesvol in quarantaine geplaatst en verwijderd.
    E:\RECYCLER\S-1-5-21-1757981266-1644491937-682003330-1003\Dd67\bobleponge.exe (Adware.Onlinegames) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
    [/quote:93295eb185]

    Heb zelfs meer verwijderd dan ik eigenlijk wilde. ims.dll is namelijk een bestand dat al bijna 10 jaar op mijn pc te vinden is. en die had eigenlijk moeten blijven staan.
  • Ik zie dat je MBAM niet alles hebt laten verwijderen.

    Als je dat niet doet en niet wil doen dan blijft het dweilen met de kraan open en heeft een fix geen enkele zin.

    Ter informatie: [b:2f2be8241c]Trojan.Agent.CK[/b:2f2be8241c] is vaak gebundeld met [b:2f2be8241c]Bifrose Agent[/b:2f2be8241c].
    Oftewel een backdoor.
    Een backdoor wordt weer beschermd door rootkits en pleegt identiteitsdiefstal en meer.
  • die bestanden staan al meerdere jaren op de pc. Waarom zouden die nu ineens voor problemen zorgen?
  • Je wil het gewoon niet begrijpen, nietwaar?

    Jij laat moedwillig trojans in jouw Windows zitten omdat je schijnbaar zo gehecht bent aan het illegale gebruik van duizenden euro's kostende software.

    Vroeg of laat betaal je tol voor je gedrag.
    Let wel dat Banken allang bezig zijn om tot een andere regeling te komen als het gaat om geplunderde bankrekeningen te repareren!
  • Oh ik begrijp het wel hoor.
    Maar zoals verwacht heeft het verwijderen van de bestanden niets geholpen. Tevens ben ik niet zo stom om dat soort bestanden op dezelfde schijf te zetten als windows staat.
    Dweilen met de kraan open, is hier niet van toepassing. Want dan had t geholpen.

    In de dik 15 jaar computergebruik is dit pas t eerste waar ik "last" van heb.

    Wat mij opviel was dat MBAM niet alle files vond die ik de vorige keer heb laten staan.
    [quote:367bcc4d54]

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.08.01.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Rutger :: DESKTOP_RUTGER [administrator]

    4-8-2012 11:00:03
    mbam-log-2012-08-04 (11-00-03).txt

    Scantype: Volledige scan (C:\|E:\|F:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 608381
    Verstreken tijd: 1 uur/uren, 7 minuut/minuten, 32 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 3
    E:\compubackup\Adobe CS4 Master Collection Keygen.exe (Trojan.Agent.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
    E:\compubackup\Adobe CS4 Master Collection\Adobe CS4 Master Collection Keygen.exe (Trojan.Agent.CK) -> Succesvol in quarantaine geplaatst en verwijderd.
    F:\t\Sony Vegas Pro 9 + Crack and KeyGen\crack vegas 9\Sony_VegasPro8_DVDArchitect45_SoundForge9_CRACK.exe (RiskWare.Tool.HCK) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
    [/quote:367bcc4d54]
  • Dan gaan we nu eindelijk naar de volgende stap:

    [b:dbd1bffc78]Welk programma[/b:dbd1bffc78]: [b:dbd1bffc78]Emsisoft Emergency Kit 1.0[/b:dbd1bffc78][/color:dbd1bffc78]
    [b:dbd1bffc78]Waarvoor/waarom[/b:dbd1bffc78]: Detecteert en verwijdert malware
    [b:dbd1bffc78]Moeilijkheidsgraad[/b:dbd1bffc78]: geen.
    Download: [b:dbd1bffc78]Emsisoft Emergency Kit[/color:dbd1bffc78][/b:dbd1bffc78]

    [b:dbd1bffc78]Opmerkingen[/b:dbd1bffc78]:[list:dbd1bffc78][*:dbd1bffc78]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad.
    [*:dbd1bffc78]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:dbd1bffc78]

    [b:dbd1bffc78]Emsisoft Emergency Kit opstarten[/b:dbd1bffc78] door de map "[b:dbd1bffc78]EmsisoftEmergencyKit[/b:dbd1bffc78]" te openen
    [list:dbd1bffc78][list:dbd1bffc78][*:dbd1bffc78][b:dbd1bffc78]Windows 2000[/color:dbd1bffc78][/b:dbd1bffc78] en [b:dbd1bffc78]Windows XP[/b:dbd1bffc78][/color:dbd1bffc78]: dubbelklik op "Start.exe".
    [*:dbd1bffc78][b:dbd1bffc78]Windows Vista[/b:dbd1bffc78][/color:dbd1bffc78] en [b:dbd1bffc78]Windows 7[/b:dbd1bffc78][/color:dbd1bffc78]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:dbd1bffc78][/list:u:dbd1bffc78]

    [b:dbd1bffc78]Scannen[/b:dbd1bffc78]:
    [list:dbd1bffc78][*:dbd1bffc78] Klik nu in het keuzescherm op "[b:dbd1bffc78]Emergency Kit Scanner[/b:dbd1bffc78]" en aansluitend komt dan de melding,
    dat het is aanbevolen om eerst te updaten.

    [img:dbd1bffc78]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:dbd1bffc78]


    [*:dbd1bffc78]Doe dit dan ook door te klikken op "[b:dbd1bffc78]Ja[/b:dbd1bffc78]"
    [*:dbd1bffc78]Wanneer het updaten gereed is volgt de melding "[b:dbd1bffc78]Update proces is succesvol afgerond[/b:dbd1bffc78]"
    [*:dbd1bffc78]Klik nu op"[b:dbd1bffc78]Menu[/b:dbd1bffc78]" en dan op "[b:dbd1bffc78]Scan PC[/b:dbd1bffc78]"
    [*:dbd1bffc78] Selecteer de optie "[b:dbd1bffc78]Diep[/b:dbd1bffc78]" als deze niet standaard al zo is ingesteld.
    [*:dbd1bffc78] Klik aansluitend op de knop "[b:dbd1bffc78]Scan[/b:dbd1bffc78]"
    [list:dbd1bffc78][*:dbd1bffc78]Wees geduldig en doe verder niets met de computer gedurende de scan,
    daar de scan geruime tijd kan duren.[/list:u:dbd1bffc78]
    [*:dbd1bffc78] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is.


    [*:dbd1bffc78] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:dbd1bffc78]Verwijder geselecteerde[/b:dbd1bffc78]" - dan zal de volgende melding komen:

    [img:dbd1bffc78]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:dbd1bffc78]


    [*:dbd1bffc78]Klik aansluitend dus op "[b:dbd1bffc78]Ja[/b:dbd1bffc78]"
    [*:dbd1bffc78] Wanneer het verwijderen klaar is, klik dan op de knop "[b:dbd1bffc78]View report[/b:dbd1bffc78]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:dbd1bffc78]a2scan_110730-111615.txt[/b:dbd1bffc78]
    [*:dbd1bffc78] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:dbd1bffc78]
    [b:dbd1bffc78]Notabene:[/b:dbd1bffc78][/color:dbd1bffc78] Herstart nu de computer.
  • Ik heb even getest, ben in elk geval van t probleem af nu (voor zover nu bekend)
    Waar het in lag, geen idee.
    Maar het viel me op dat hij 1 bestand vond met hoog risico IN een oude combofix.exe bestand. Wellicht iets om mee te nemen ;)
    Bestand stond op een backup van een andere pc. Schijf is later van extern naar intern gegaan.
    Heb dat bestand even dikgedrukt.

    Vermoedelijke oorzaak zit denk ik in wat ik heb onderstreept. Omdat deze 2 bestanden in een map van google chrome zaten. Ik zou echter niet weten waar die vandaan zijn gekomen.

    logje:
    [quote:22a36f476e]

    Emsisoft Emergency Kit - Versie 2.0
    Laatste Update: 4-8-2012 15:25:38

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\, E:\, F:\
    Scan archieven: Aan
    ADS Scan: Aan

    Scan gestart: 4-8-2012 15:25:55

    c:\users\rutger\appdata\roaming\microsoft\windows\start menu\programs\bitlord Ontdekt: Trace.File.bitlord 1.1!E1
    c:\users\rutger\desktop\bitlord.lnk Ontdekt: Trace.File.bitlord 1.1!E1
    c:\users\rutger\appdata\roaming\microsoft\windows\start menu\programs\bitlord\bitlord.lnk Ontdekt: Trace.File.bitlord 1.1!E1
    Value: hkey_classes_root\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\classes\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Ontdekt: Trace.Registry.ares!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord –> displayicon Ontdekt: Trace.Registry.bitlord 1.1!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord –> displayname Ontdekt: Trace.Registry.bitlord 1.1!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord –> publisher Ontdekt: Trace.Registry.bitlord 1.1!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord –> uninstallstring Ontdekt: Trace.Registry.bitlord 1.1!E1
    C:\Users\Rutger\AppData\Roaming\.minecraft\Minecraft Beta Cracked.exe Ontdekt: possible-Threat.Crack.Minecraft!E2
    [u:22a36f476e]C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000af3 -> unnamed Ontdekt: Trojan.JS.Blacole!E2
    C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0033de -> unnamed Ontdekt: Trojan.JS.Blacole!E2[/u:22a36f476e]
    [b:22a36f476e]E:\compubackup\ComboFix.exe -> 32788R22FWJFW\pev.exe Ontdekt: Trojan-Downloader.Win32.Fosniw!E2[/b:22a36f476e]
    E:\compubackup\Music\muziek\Power DVD 5.0 Deluxe & WinDVD 6.0 Platinum.zip -> Power DVD 5.0 Deluxe & WinDVD 6.0 Platinum\WinDVD 6 Platinum\WinDVD Platinum v6.0.6.42 -Key Generator.exe Ontdekt: not-a-virus.Keygen.Vista-Xp!E2
    E:\compubackup\FontExpert 2009 Version 10 Release 1\FontExpert_2009_Version_10_Release_1.rar -> FontExpert 2009 Version 10 Release 1\Cracked-9v10r1\FontExpert.exe Ontdekt: not-a-virus.Crack.FontExpert!E2
    E:\compubackup\FontExpert 2009 Version 10 Release 1\FontExpert_2009_Version_10_Release_1\FontExpert 2009 Version 10 Release 1\Cracked-9v10r1\FontExpert.exe Ontdekt: Riskware.Crack.FontExpert!E2
    E:\compubackup\Downloadsbitlord\FontExpert 2009 Version 10 Release 1\FontExpert_2009_Version_10_Release_1.rar -> FontExpert 2009 Version 10 Release 1\Cracked-9v10r1\FontExpert.exe Ontdekt: not-a-virus.Crack.FontExpert!E2
    E:\compubackup\Downloadsbitlord\FontExpert 2009 Version 10 Release 1\FontExpert_2009_Version_10_Release_1\FontExpert 2009 Version 10 Release 1\Cracked-9v10r1\FontExpert.exe Ontdekt: Riskware.Crack.FontExpert!E2
    E:\compubackup\Downloads\Adobe_Design_Premium_keygen.rar -> keygen.exe Ontdekt: not-a-virus:Keygen.Adobe!E2
    E:\compubackup\Downloads\Google_SketchUp_Pro_7_Keygen.rar -> Google SketchUp Pro 7 Keygen\keygen.exe Ontdekt: possibleThreat.Keygen.GoogleSketchup!E2
    E:\compubackup\Downloads\AUTODATA_3.16\=CRACK=\DateFix\Auto.exe Ontdekt: Trojan.Bombocika.E!E2
    E:\compubackup\Downloads\Autodata 2007\Autodata CD 1\crack\3.18crack_2\addll.dll Ontdekt: possible-Threat.Crack.Autodata!E2
    E:\compubackup\Downloads\Autodata - 3.18_crack\3.18_crack\3.18crack_2\addll.dll Ontdekt: possible-Threat.Crack.Autodata!E2
    E:\compubackup\Downloads\Autodata - 3.18_crack\3.18_crack\3.18crack_2\SCAPIInterface.DLL Ontdekt: possible-Threat.Patch.ADCDA2!E2
    E:\compubackup\Documents
    avigatie\AUTODESK_KEY_2010.rar -> x86\xf-a2010.exe Ontdekt: not-a-virus.Patch.ACAD!E2
    E:\compubackup\Documents
    avigatie\AUTODESK_KEY_2010.rar -> x64\xf-a2010.exe Ontdekt: not-a-virus.Patch.ACAD!E2
    E:\compubackup\ADCDA2\Auto.exe Ontdekt: Trojan.Bombocika.E!E2

    Gescand 880109
    Gevonden 27

    Scan geëindigd: 4-8-2012 16:59:47
    Scantijd: 1:33:52

    E:\compubackup\Documents
    avigatie\AUTODESK_KEY_2010.rar -> x86\xf-a2010.exe Verwijderd not-a-virus.Patch.ACAD!E2
    E:\compubackup\Downloads\Autodata - 3.18_crack\3.18_crack\3.18crack_2\SCAPIInterface.DLL Verwijderd possible-Threat.Patch.ADCDA2!E2
    E:\compubackup\Downloads\Autodata 2007\Autodata CD 1\crack\3.18crack_2\addll.dll Verwijderd possible-Threat.Crack.Autodata!E2
    E:\compubackup\Downloads\Autodata - 3.18_crack\3.18_crack\3.18crack_2\addll.dll Verwijderd possible-Threat.Crack.Autodata!E2
    E:\compubackup\Downloads\AUTODATA_3.16\=CRACK=\DateFix\Auto.exe Verwijderd Trojan.Bombocika.E!E2
    E:\compubackup\ADCDA2\Auto.exe Verwijderd Trojan.Bombocika.E!E2
    E:\compubackup\Downloads\Google_SketchUp_Pro_7_Keygen.rar -> Google SketchUp Pro 7 Keygen\keygen.exe Verwijderd possibleThreat.Keygen.GoogleSketchup!E2
    E:\compubackup\Downloads\Adobe_Design_Premium_keygen.rar -> keygen.exe Verwijderd not-a-virus:Keygen.Adobe!E2
    E:\compubackup\FontExpert 2009 Version 10 Release 1\FontExpert_2009_Version_10_Release_1\FontExpert 2009 Version 10 Release 1\Cracked-9v10r1\FontExpert.exe Verwijderd Riskware.Crack.FontExpert!E2
    E:\compubackup\Downloadsbitlord\FontExpert 2009 Version 10 Release 1\FontExpert_2009_Version_10_Release_1\FontExpert 2009 Version 10 Release 1\Cracked-9v10r1\FontExpert.exe Verwijderd Riskware.Crack.FontExpert!E2
    E:\compubackup\FontExpert 2009 Version 10 Release 1\FontExpert_2009_Version_10_Release_1.rar -> FontExpert 2009 Version 10 Release 1\Cracked-9v10r1\FontExpert.exe Verwijderd not-a-virus.Crack.FontExpert!E2
    E:\compubackup\Downloadsbitlord\FontExpert 2009 Version 10 Release 1\FontExpert_2009_Version_10_Release_1.rar -> FontExpert 2009 Version 10 Release 1\Cracked-9v10r1\FontExpert.exe Verwijderd not-a-virus.Crack.FontExpert!E2
    E:\compubackup\Music\muziek\Power DVD 5.0 Deluxe & WinDVD 6.0 Platinum.zip -> Power DVD 5.0 Deluxe & WinDVD 6.0 Platinum\WinDVD 6 Platinum\WinDVD Platinum v6.0.6.42 -Key Generator.exe Verwijderd not-a-virus.Keygen.Vista-Xp!E2
    [b:22a36f476e]E:\compubackup\ComboFix.exe -> 32788R22FWJFW\pev.exe Verwijderd Trojan-Downloader.Win32.Fosniw!E2[/b:22a36f476e]
    [u:22a36f476e]C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000af3 -> unnamed Verwijderd Trojan.JS.Blacole!E2
    C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0033de -> unnamed Verwijderd Trojan.JS.Blacole!E2[/u:22a36f476e]
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord –> displayicon Verwijderd Trace.Registry.bitlord 1.1!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord –> displayname Verwijderd Trace.Registry.bitlord 1.1!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord –> publisher Verwijderd Trace.Registry.bitlord 1.1!E1
    Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bitlord –> uninstallstring Verwijderd Trace.Registry.bitlord 1.1!E1
    Value: hkey_classes_root\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Verwijderd Trace.Registry.ares!E1
    Value: hkey_local_machine\software\classes\clsid\{3e0fa044-926c-42d9-ba12-ef16e980913b}\inprocserver32 –> threadingmodel Verwijderd Trace.Registry.ares!E1
    c:\users\rutger\appdata\roaming\microsoft\windows\start menu\programs\bitlord Verwijderd Trace.File.bitlord 1.1!E1
    c:\users\rutger\desktop\bitlord.lnk Verwijderd Trace.File.bitlord 1.1!E1

    Verwijderd 24
    [/quote:22a36f476e]
  • Heb je nu die hele back-up verwijderd?

    En dan dit: [b:b9c7f0dbc8]C:\Users\Rutger\AppData\Roaming\.minecraft\Minecraft Beta Cracked.exe Ontdekt: possible-Threat.Crack.Minecraft!E2[/b:b9c7f0dbc8] heb je weer niet laten verwijderen.

    Die game kost een 20 euro, ben je zo arm?

    Wat betreft pev.exe: malware maakt altijd graag gebruik van beveiligingslekken in oude software, om erin te hoeken!

    Posten van logs - niet via code, noch quoten!
    Gewoon in je normale bericht plakken en er niks bijzonders mee doen.
    Dat leest en dus analyseert een stuk makkelijker!

    [b:b9c7f0dbc8]Welk programma[/b:b9c7f0dbc8]: [b:b9c7f0dbc8]ComboFix[/b:b9c7f0dbc8][/color:b9c7f0dbc8]
    [b:b9c7f0dbc8]Waarvoor/waarom[/b:b9c7f0dbc8]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:b9c7f0dbc8]Moeilijkheidsgraad[/b:b9c7f0dbc8]: Lees alles eerst goed vanwege de voorbereidingsfase.
    [b:b9c7f0dbc8]Downloadlokatie[/b:b9c7f0dbc8]: Dit programma absoluut naar het bureaublad downloaden!
    [b:b9c7f0dbc8]Download ComboFix via één van deze locaties[/b:b9c7f0dbc8]:
    [list:b9c7f0dbc8][*:b9c7f0dbc8][b:b9c7f0dbc8]Bleepingcomputer[/b:b9c7f0dbc8]
    [*:b9c7f0dbc8][b:b9c7f0dbc8]ForoSpyware[/b:b9c7f0dbc8]
    [*:b9c7f0dbc8][b:b9c7f0dbc8]Geekstogo[/b:b9c7f0dbc8][/list:u:b9c7f0dbc8]
    [b:b9c7f0dbc8]Hier[/b:b9c7f0dbc8] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:b9c7f0dbc8]Hier[/color:b9c7f0dbc8][/b:b9c7f0dbc8] of [b:b9c7f0dbc8]hier[/b:b9c7f0dbc8][/color:b9c7f0dbc8] kan je lezen hoe je dat doet.

    [b:b9c7f0dbc8]Opmerkingen[/b:b9c7f0dbc8]:
    [list:b9c7f0dbc8][*:b9c7f0dbc8]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
    [*:b9c7f0dbc8]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.[/list:u:b9c7f0dbc8]
    [b:b9c7f0dbc8]ComboFix is opgestart[/b:b9c7f0dbc8]:
    [list:b9c7f0dbc8][*:b9c7f0dbc8]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:b9c7f0dbc8]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:b9c7f0dbc8]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:b9c7f0dbc8]Wanneer ComboFix gereed is, zal het een logbestand voor je maken.
    [*:b9c7f0dbc8]Post de inhoud van dit logbestand in je volgende bericht.
    [*:b9c7f0dbc8]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:b9c7f0dbc8]
    [b:b9c7f0dbc8]Belangrijke opmerking[/b:b9c7f0dbc8]:
    [list:b9c7f0dbc8][*:b9c7f0dbc8][b:b9c7f0dbc8]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:b9c7f0dbc8][/b:b9c7f0dbc8]
    [*:b9c7f0dbc8][b:b9c7f0dbc8]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:b9c7f0dbc8][/b:b9c7f0dbc8]
    [*:b9c7f0dbc8][b:b9c7f0dbc8]Start dan de computer opnieuw op.[/color:b9c7f0dbc8][/b:b9c7f0dbc8][/list:u:b9c7f0dbc8]
  • Ten eerste wil ik even aangeven dat het probleem er nog steeds is. Alleen minder vaak aanwezig.

    Je verwijt me dat ik niet alles heb verwijderd: ik heb dit wel degelijk gedaan. Waarom dit niet terug te zien is in de log: het programma gaf aan enkele bestanden niet te kunnen verwijderen. Ik vind het echter vreemd dat dit niet in de log terug te vinden is. Ik heb alles aangevinkt en vervolgens verwijderd.

    Minecraft heb ik 5 minuten later compleet verwijderd toevallig. Speelde het toch al niet. (ik betaal pas als ik weet of ik een spel wat vind)

    Ik zet de logs in een quote enkel omdat ik daar zelf belang bij heb. Dat jij je automatische analyse er niet op los kunt laten is niet mijn probleem.

    Nee ik heb niet de complete backup verwijderd. Waarom zou ik dat doen?

    Copy-paste van je combofixverhaal had je kunnen besparen: eerste post al gedaan, dus een vraag of ik nog een keer kon scannen was voldoende geweest. Zal wel dezelfde reden hebben als het niet willen van quote om een log heen waarom je dat niet doet.

    log 2x maal combofix:

    [quote:b103354691]
    ComboFix 12-08-04.02 - Rutger 04-08-2012 21:11:42.2.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.6143.4037 [GMT 2:00]
    Gestart vanuit: c:\users\Rutger\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-04 to 2012-08-04 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-04 19:15 . 2012-08-04 19:15 ——– d—–w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-04 19:15 . 2012-08-04 19:15 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-08-04 13:56 . 2012-08-04 13:56 348160 —-a-w- c:\windows\SysWow64\msvcr71.dll
    2012-08-04 13:55 . 2012-08-04 13:55 ——– d—–w- c:\users\Rutger\AppData\Roaming\dll-files.com
    2012-08-04 13:55 . 2012-08-04 13:55 ——– d—–w- c:\program files (x86)\Dll-Files.com Fixer
    2012-08-03 10:17 . 2012-08-04 13:24 69000 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C7587B8-6C9D-4ACB-AE31-B95CE0F138F1}\offreg.dll
    2012-08-03 09:13 . 2012-06-29 10:04 9133488 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C7587B8-6C9D-4ACB-AE31-B95CE0F138F1}\mpengine.dll
    2012-08-02 23:11 . 2012-08-02 23:11 9827016 —-a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-08-01 20:01 . 2012-08-01 20:01 ——– d—–w- c:\users\Rutger\AppData\Roaming\Malwarebytes
    2012-08-01 20:01 . 2012-08-01 20:01 ——– d—–w- c:\programdata\Malwarebytes
    2012-08-01 20:01 . 2012-08-01 20:01 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-01 20:01 . 2012-07-03 11:46 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-17 17:12 . 2012-07-17 17:12 ——– d—–w- c:\program files (x86)\Oracle
    2012-07-16 14:47 . 2012-07-16 14:47 ——– d—–w- c:\program files (x86)\Microsoft Games
    2012-07-16 07:23 . 2012-07-16 07:23 ——– d—–w- c:\windows\system32\SPReview
    2012-07-16 07:21 . 2012-07-16 07:21 ——– d—–w- c:\windows\system32\EventProviders
    2012-07-12 16:43 . 2012-06-12 03:08 3148800 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 23:11 . 2012-04-05 20:43 426184 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 23:11 . 2012-03-16 16:51 70344 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-16 07:41 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2012-07-16 07:41 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2012-07-12 13:02 . 2012-03-15 23:37 59701280 —-a-w- c:\windows\system32\MRT.exe
    2012-07-05 20:06 . 2012-05-21 15:16 772544 —-a-w- c:\windows\SysWow64
    pDeployJava1.dll
    2012-07-05 20:06 . 2012-05-21 15:16 687544 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-03 16:21 . 2012-03-15 22:47 355856 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-03 16:21 . 2012-03-15 22:47 54072 —-a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-03 16:21 . 2012-03-15 22:47 958400 —-a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-03 16:21 . 2012-03-15 22:47 59728 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-03 16:21 . 2012-03-15 22:47 71064 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-03 16:21 . 2012-03-15 22:47 25232 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-03 16:21 . 2012-03-15 22:46 41224 —-a-w- c:\windows\avastSS.scr
    2012-07-03 16:21 . 2012-03-15 22:46 227648 —-a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-03 16:21 . 2012-03-15 22:47 285328 —-a-w- c:\windows\system32\aswBoot.exe
    2012-06-20 07:48 . 2011-03-28 16:36 19736 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-02 22:19 . 2012-06-22 11:38 38424 —-a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 11:39 2428952 —-a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 11:39 57880 —-a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 11:39 44056 —-a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 11:38 701976 —-a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 11:39 2622464 —-a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 11:38 99840 —-a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-22 11:38 186752 —-a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-22 11:38 36864 —-a-w- c:\windows\system32\wuapp.exe
    2012-05-31 10:25 . 2012-03-15 22:57 279656 ——w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-03_11.06.16 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-08-03 10:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-04 19:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-08-03 10:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-04 19:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-03 10:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-04 19:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 05:10 . 2012-08-04 15:07 30660 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-03-15 22:04 . 2012-08-04 17:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-15 22:04 . 2012-08-02 23:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-15 22:04 . 2012-08-02 23:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-15 22:04 . 2012-08-04 17:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-02 23:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-04 17:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-15 22:20 . 2012-08-04 15:07 9824 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3989186595-3747889370-2269235794-1000_UserData.bin
    - 2012-03-15 22:28 . 2012-07-26 20:49 1713 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2012-03-15 22:28 . 2012-08-04 15:04 1713 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2012-08-04 15:05 . 2012-08-04 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-26 22:01 . 2012-07-26 22:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-04 15:05 . 2012-08-04 15:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-26 22:01 . 2012-07-26 22:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-03-17 17:40 . 2012-08-04 12:24 309538 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    - 2009-07-14 05:01 . 2012-07-26 20:49 399996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-08-04 15:04 399996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-03-15 23:59 . 2012-08-04 15:04 5787436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3989186595-3747889370-2269235794-1000-12288.dat
    + 2012-03-15 23:59 . 2012-08-04 15:04 10491612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3989186595-3747889370-2269235794-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
    "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DelReg"="c:\program files (x86)\MSI\OverclockingCenter\DelReg.exe" [2008-12-04 196608]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
    "Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-05-27 413696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
    R2 nvda;nvda;c:\program files (x86)\NVDA
    vda_service.exe [2012-03-21 37616]
    R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
    R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2010-04-12 44344]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-16 1038088]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 136176]
    R3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS
    etr28ux.sys [2009-06-10 867328]
    R3 RushTopDevice_J;RushTopDevice_J;c:\program files (x86)\MSI\OverclockingCenter\RushJ64.sys [2009-03-05 33080]
    R3 RushTopDevice2;RushTopDevice2;c:\program files (x86)\MSI\OverclockingCenter\RushTop64.sys [2008-12-19 75576]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-16 1255736]
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Rutger\Downloads\EmsisoftEmergencyKit (1)\Run\a2ddax64.sys [2012-08-04 23208]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-29 283200]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    S2 RealtekCU;RealtekCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe [2012-02-29 382272]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [2012-02-10 986728]
    S3 rtlss;Service for enabling selective suspend to RTL device;c:\windows\system32\Drivers\rtlss.sys [2010-06-21 27240]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:11]
    .
    2012-08-04 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
    - c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-08-04 12:12]
    .
    2012-08-04 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
    - c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-08-04 12:12]
    .
    2012-08-03 c:\windows\Tasks\Epson Printer Software Downloader.job
    - c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 22:47]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15 22:47]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-08-04 21:17:28
    ComboFix-quarantined-files.txt 2012-08-04 19:17
    ComboFix2.txt 2012-08-03 11:08
    .
    Pre-Run: 24.229.994.496 bytes beschikbaar
    Post-Run: 24.296.165.376 bytes beschikbaar
    .
    - - End Of File - - 45E9B02D8B7B81762EFDF5D67AA08EBB[/quote:b103354691]

    Edit: moeilijk he, zaken laten staan?
  • Log ziet er inmiddels goed uit.

    Doe maar het volgende: download AdwCleaner by Xplode naar het bureaublad.

    [list:7a5972651f][*:7a5972651f]Sluit alle openstaande vensters
    [*:7a5972651f]Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren…
    [*:7a5972651f]Klik vervolgens op Delete
    [*:7a5972651f]Klik bij AdwCleaner – Information op OK
    [*:7a5972651f]Klik bij AdwCleaner – Restart Required op OK[/list:u:7a5972651f]

    Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal.
    Nadat de PC opnieuw is opgestart, opent een logfile.
    Post aansluitend de inhoud van dit log in je volgende bericht.
  • Probleem helaas nog niet opgelost
    even een screenshot gemaakt van de reclames die ik krijg. het is overigens altijd zo'n kadertje.

    -foto verwijderd-

    log:
    [quote:7ed23b0d18]
    # AdwCleaner v1.800 - Logfile created 08/05/2012 at 00:59:59
    # Updated 01/08/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Rutger - DESKTOP_RUTGER
    # Running from : C:\Users\Rutger\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKLM\SOFTWARE\DT Soft

    ***** [Registre - GUID] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v [Unable to get version]

    Profile name : default
    File : C:\Users\Rutger\AppData\Roaming\Mozilla\Firefox\Profiles\vyy0dno6.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v21.0.1180.60

    File : C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted : "path": "C:\\Users\\Rutger\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\
    pUnity3D32.dll",

    *************************

    AdwCleaner[S1].txt - [278 octets] - [05/08/2012 00:48:15]
    AdwCleaner[S2].txt - [1056 octets] - [05/08/2012 00:59:59]

    ########## EOF - C:\AdwCleaner[S2].txt - [1184 octets] ##########[/quote:7ed23b0d18]
  • Doe het volgende:

    [b:221f9a6dad]Welk programma[/b:221f9a6dad]: [b:221f9a6dad]OTL.com[/b:221f9a6dad][/color:221f9a6dad]
    [b:221f9a6dad]Waarvoor/waarom[/b:221f9a6dad]: multifunktioneel tool - analyse en fix
    [b:221f9a6dad]Moeilijkheidsgraad[/b:221f9a6dad]: geen.
    [b:221f9a6dad]Download[/b:221f9a6dad]: [b:221f9a6dad]OTL[/color:221f9a6dad][/b:221f9a6dad] en plaats het bestand op het bureaublad.

    [b:221f9a6dad]OTL.com[/color:221f9a6dad] gebruiken[/b:221f9a6dad]:
    [list:221f9a6dad][*:221f9a6dad] [b:221f9a6dad]Sluit nu eerst alle nog openstaande programmavensters![/color:221f9a6dad][/b:221f9a6dad]
    [list:221f9a6dad][*:221f9a6dad]Dubblklik op [img:221f9a6dad]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:221f9a6dad]
    [/list:u:221f9a6dad][/list:u:221f9a6dad]
    [list:221f9a6dad][*:221f9a6dad]Zet een vinkje bij [b:221f9a6dad]Scan All Users[/b:221f9a6dad][/color:221f9a6dad].
    [*:221f9a6dad]Klik op [img:221f9a6dad]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:221f9a6dad].
    [*:221f9a6dad]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:221f9a6dad]De scan zal niet heel erg lang duren.
    [list:221f9a6dad][*:221f9a6dad]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:221f9a6dad]OTL.Txt[/b:221f9a6dad] en [b:221f9a6dad]Extras.txt[/b:221f9a6dad].
    [*:221f9a6dad]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:221f9a6dad]
    [*:221f9a6dad][b:221f9a6dad]Notabene:[/b:221f9a6dad][/color:221f9a6dad] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:221f9a6dad]
  • Ik ben helaas vergeten scan all users aan te vinken. Mijn account is het enige account op de pc. Ik neem aan dat het dus niet zo heel erg is?
    OTL.txt
    [quote:e63724cd37]
    OTL logfile created on: 5-8-2012 20:58:58 - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rutger\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    6,00 Gb Total Physical Memory | 4,66 Gb Available Physical Memory | 77,64% Memory free
    12,00 Gb Paging File | 10,54 Gb Available in Paging File | 87,84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 74,52 Gb Total Space | 22,77 Gb Free Space | 30,55% Space Free | Partition Type: NTFS
    Drive E: | 465,76 Gb Total Space | 198,17 Gb Free Space | 42,55% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 926,73 Gb Free Space | 99,49% Space Free | Partition Type: NTFS
    Drive H: | 700,93 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: DESKTOP_RUTGER | User Name: Rutger | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:e63724cd37]

    PRC - [2012-08-05 20:58:32 | 000,596,480 | —- | M] (OldTimer Tools) – C:\Users\Rutger\Downloads\OTL.com
    PRC - [2012-07-03 18:21:30 | 004,273,976 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012-07-03 18:21:29 | 000,044,808 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012-03-21 05:48:58 | 000,037,616 | —- | M] (NV Access Limited) – C:\Program Files (x86)\NVDA
    vda_service.exe
    PRC - [2012-03-01 02:02:00 | 002,348,352 | —- | M] (NVIDIA Corporation) – C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012-02-29 14:26:46 | 000,382,272 | —- | M] (NVIDIA Corporation) – C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe
    PRC - [2012-02-21 20:39:30 | 002,043,904 | —- | M] (Realtek Semiconductor Corp.) – C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
    PRC - [2012-02-13 10:06:52 | 002,602,304 | —- | M] (DT Soft Ltd) – C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
    PRC - [2010-11-20 14:17:41 | 001,174,016 | —- | M] (Microsoft Corporation) – C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    PRC - [2010-04-16 17:10:58 | 000,036,864 | —- | M] (Realtek) – C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
    PRC - [2009-04-07 10:13:10 | 000,673,616 | —- | M] (SEIKO EPSON CORPORATION) – C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    PRC - [2008-06-11 23:43:26 | 000,640,376 | —- | M] (Adobe Systems Inc.) – C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2007-09-02 14:58:52 | 000,495,616 | —- | M] () – C:\Program Files (x86)\RocketDock\RocketDock.exe


    ========== Modules (No Company Name) ==========[/color:e63724cd37]

    MOD - [2009-03-12 16:45:32 | 000,135,168 | —- | M] () – C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    MOD - [2008-11-21 14:58:42 | 000,057,344 | —- | M] () – C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
    MOD - [2007-09-02 14:58:52 | 000,495,616 | —- | M] () – C:\Program Files (x86)\RocketDock\RocketDock.exe
    MOD - [2007-09-02 14:57:36 | 000,069,632 | —- | M] () – C:\Program Files (x86)\RocketDock\RocketDock.dll


    ========== Win32 Services (SafeList) ==========[/color:e63724cd37]

    SRV:[b:e63724cd37]64bit:[/b:e63724cd37] - File not found [Disabled | Unknown] – C:\Program Files\AVAST Software\Avast\afwServ.exe – (avast! Firewall)
    SRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-07-03 18:21:29 | 000,044,808 | —- | M] (AVAST Software) [Auto | Running] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)
    SRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-03-16 03:24:16 | 001,038,088 | —- | M] (Acresso Software Inc.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe – (FLEXnet Licensing Service 64)
    SRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-07-14 03:41:27 | 001,011,712 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
    SRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-07-14 03:40:01 | 000,193,536 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\appmgmts.dll – (AppMgmt)
    SRV - [2012-08-03 01:11:11 | 000,250,056 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-03-21 05:48:58 | 000,037,616 | —- | M] (NV Access Limited) [Auto | Running] – C:\Program Files (x86)\NVDA
    vda_service.exe – (nvda)
    SRV - [2012-03-16 03:21:55 | 000,655,624 | —- | M] (Acresso Software Inc.) [On_Demand | Stopped] – C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)
    SRV - [2012-03-01 02:02:00 | 002,348,352 | —- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe – (nvUpdatusService)
    SRV - [2012-02-29 14:26:46 | 000,382,272 | —- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    vSCPAPISvr.exe – (Stereo Service)
    SRV - [2012-01-25 09:56:30 | 009,690,112 | —- | M] () [On_Demand | Stopped] – c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe – (wampmysqld)
    SRV - [2011-09-26 10:06:54 | 000,021,504 | —- | M] (Apache Software Foundation) [On_Demand | Stopped] – c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe – (wampapache)
    SRV - [2010-04-16 17:10:58 | 000,036,864 | —- | M] (Realtek) [Auto | Running] – C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe – (RealtekCU)
    SRV - [2010-03-18 14:16:28 | 000,130,384 | —- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe – (clr_optimization_v4.0.30319_32)
    SRV - [2009-06-10 23:23:09 | 000,066,384 | —- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========[/color:e63724cd37]

    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-07-03 18:21:52 | 000,958,400 | —- | M] (AVAST Software) [File_System | System | Running] – C:\Windows\SysNative\drivers\aswSnx.sys – (aswSnx)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-07-03 18:21:52 | 000,355,856 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswSP.sys – (aswSP)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-07-03 18:21:52 | 000,071,064 | —- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswMonFlt.sys – (aswMonFlt)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-07-03 18:21:52 | 000,059,728 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswTdi.sys – (aswTdi)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-07-03 18:21:52 | 000,054,072 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswRdr2.sys – (aswRdr)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-07-03 18:21:51 | 000,025,232 | —- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswFsBlk.sys – (aswFsBlk)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-03-29 23:44:08 | 000,283,200 | —- | M] (DT Soft Ltd) [Kernel | System | Running] – C:\Windows\SysNative\drivers\dtsoftbus01.sys – (dtsoftbus01)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-03-07 02:02:45 | 000,028,504 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswKbd.sys – (aswKbd)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-03-01 08:46:16 | 000,023,408 | —- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] – C:\Windows\SysNative\drivers\fs_rec.sys – (Fs_Rec)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2012-02-10 17:36:44 | 000,986,728 | —- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\rtwlanu.sys – (RTL8192cu)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2011-06-10 06:34:52 | 000,539,240 | —- | M] (Realtek ) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Rt64win7.sys – (RTL8167)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2011-03-11 08:41:12 | 000,107,904 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsata.sys – (amdsata)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2011-03-11 08:41:12 | 000,027,008 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amdxata.sys – (amdxata)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2010-11-20 15:33:35 | 000,078,720 | —- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\HpSAMD.sys – (HpSAMD)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2010-11-20 13:07:05 | 000,059,392 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\TsUsbFlt.sys – (TsUsbFlt)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2010-06-21 18:56:20 | 000,027,240 | —- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\rtlss.sys – (rtlss)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-12-22 03:26:36 | 000,038,456 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\usbfilter.sys – (usbfilter)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-07-14 03:52:20 | 000,194,128 | —- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsbs.sys – (amdsbs)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-07-14 03:48:04 | 000,065,600 | —- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lsi_sas2.sys – (LSI_SAS2)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-07-14 03:45:55 | 000,024,656 | —- | M] (Promise Technology) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\stexstor.sys – (stexstor)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-07-13 23:59:33 | 005,020,672 | —- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\atikmdag.sys – (atikmdag)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-06-10 22:35:36 | 000,867,328 | —- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers
    etr28ux.sys – (netr28ux)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-06-10 22:34:33 | 003,286,016 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\evbda.sys – (ebdrv)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-06-10 22:34:28 | 000,468,480 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\bxvbda.sys – (b06bdrv)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-06-10 22:34:23 | 000,270,848 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\b57nd60a.sys – (b57nd60a)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-06-10 22:31:59 | 000,031,232 | —- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\hcw85cir.sys – (hcw85cir)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2009-05-05 03:00:28 | 000,016,440 | —- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\AtiPcie.sys – (AtiPcie)
    DRV:[b:e63724cd37]64bit:[/b:e63724cd37] - [2008-06-27 08:51:10 | 000,088,632 | —- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\adfs.sys – (adfs)
    DRV - [2012-08-04 14:37:16 | 000,023,208 | —- | M] (Emsi Software GmbH) [Kernel | System | Running] – C:\Users\Rutger\Downloads\EmsisoftEmergencyKit (1)\Run\a2ddax64.sys – (A2DDA)
    DRV - [2010-04-12 12:36:26 | 000,044,344 | —- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] – C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys – (DualCoreCenter)
    DRV - [2009-07-14 03:19:10 | 000,019,008 | —- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysWOW64\drivers\wimmount.sys – (WIMMount)
    DRV - [2009-03-05 23:55:20 | 000,033,080 | —- | M] (Your Corporation) [Kernel | On_Demand | Stopped] – C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys – (RushTopDevice_J)
    DRV - [2008-12-19 05:17:36 | 000,075,576 | —- | M] (Your Corporation) [Kernel | On_Demand | Stopped] – C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys – (RushTopDevice2)
    DRV - [2008-08-14 08:57:42 | 000,074,720 | —- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] – C:\Windows\SysWow64\drivers\adfs.sys – (adfs)


    ========== Standard Registry (SafeList) ==========[/color:e63724cd37]


    ========== Internet Explorer ==========[/color:e63724cd37]

    IE:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 12 47 0D E8 4E CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========[/color:e63724cd37]

    FF - user.js - File not found

    FF:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director
    p32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin
    pgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64
    pDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2
    pjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    pnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    pnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
    prpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
    prphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rutger\AppData\LocalLow\Unity\WebPlayer\loader
    pUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-06 00:33:00 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-31 14:35:46 | 000,000,000 | —D | M]

    [2012-03-16 10:37:29 | 000,000,000 | —D | M] (No name found) – C:\Users\Rutger\AppData\Roaming\mozilla\Extensions
    [2012-08-01 22:49:19 | 000,000,000 | —D | M] (No name found) – C:\Users\Rutger\AppData\Roaming\mozilla\Firefox\Profiles\vyy0dno6.default\extensions
    [2012-08-01 22:49:19 | 000,000,000 | —D | M] (No name found) – C:\Users\Rutger\AppData\Roaming\mozilla\Firefox\Profiles\vyy0dno6.default\extensions\trash
    [2012-07-06 00:33:00 | 000,000,000 | —D | M] (avast! WebRep) – C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012-07-29 23:05:24 | 000,340,684 | —- | M] () (No name found) – C:\USERS\RUTGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VYY0DNO6.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI

    ========== Chrome ==========[/color:e63724cd37]

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
    p-mswmp.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser
    ppdf32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin
    pgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111
    pGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0
    pctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    pnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision
    pnv3dvstreaming.dll
    CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6
    ppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6
    prpjplug.dll
    CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
    prphtml5videoshim.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6
    prjplug.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
    prpchromebrowserrecordext.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director
    p32dsw.dll
    CHR - Extension: YouTube = C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Zoeken = C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
    CHR - Extension: avast! WebRep = C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Fast save = C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Extensions
    cifpmcecomedbjlpicpmljejbhpdooc\1.1_0\
    CHR - Extension: Gmail = C:\Users\Rutger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-08-03 13:06:12 | 000,000,027 | —- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:[b:e63724cd37]64bit:[/b:e63724cd37] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe ()
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
    O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:[b:e63724cd37]64bit:[/b:e63724cd37] - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:[b:e63724cd37]64bit:[/b:e63724cd37] - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:[b:e63724cd37]64bit:[/b:e63724cd37] - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:[b:e63724cd37]64bit:[/b:e63724cd37] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C61BEBFC-7F36-4518-BCA5-709D40D351D9}: DhcpNameServer = 192.168.0.1
    O18:[b:e63724cd37]64bit:[/b:e63724cd37] - Protocol\Handler\livecall - No CLSID value found
    O18:[b:e63724cd37]64bit:[/b:e63724cd37] - Protocol\Handler\ms-help - No CLSID value found
    O18:[b:e63724cd37]64bit:[/b:e63724cd37] - Protocol\Handler\msnim - No CLSID value found
    O18:[b:e63724cd37]64bit:[/b:e63724cd37] - Protocol\Handler\wlpg - No CLSID value found
    O20:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003-11-16 18:14:09 | 000,000,000 | —D | M] - H:\Autorun – [ CDFS ]
    O32 - AutoRun File - [2003-10-28 16:10:00 | 000,117,248 | R— | M] (TODO: <Company name>) - H:\Autorun.exe – [ CDFS ]
    O32 - AutoRun File - [2003-11-15 15:44:02 | 000,000,029 | R— | M] () - H:\autorun.inf – [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\..comfile [open] – "%1" %*
    O35:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\..exefile [open] – "%1" %*
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\…com [@ = ComFile] – "%1" %*
    O37:[b:e63724cd37]64bit:[/b:e63724cd37] - HKLM\…exe [@ = exefile] – "%1" %*
    O37 - HKLM\…com [@ = ComFile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========[/color:e63724cd37]

    [2012-08-05 18:43:10 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{AAB66EA5-6B54-4D63-AB7B-F3F787EBEDFD}
    [2012-08-05 18:43:00 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{96293F25-70CC-45BA-A213-711EE71E0005}
    [2012-08-05 01:01:46 | 000,000,000 | -HSD | C] – C:\$RECYCLE.BIN
    [2012-08-04 21:17:30 | 000,000,000 | —D | C] – C:\Windows\temp
    [2012-08-04 15:55:53 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Roaming\dll-files.com
    [2012-08-04 15:55:42 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files.com Fixer
    [2012-08-04 15:55:40 | 000,000,000 | —D | C] – C:\Program Files (x86)\Dll-Files.com Fixer
    [2012-08-04 11:24:44 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{9BA1AC2A-9708-4C7C-BCC5-67394EACA032}
    [2012-08-03 23:49:21 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012-08-03 23:48:38 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sim City 4 - Rush Hour
    [2012-08-03 23:48:38 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sim City 4 - Rush Hour
    [2012-08-03 23:24:12 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{9415FDF0-C173-46B2-878C-20BBF49282EB}
    [2012-08-03 23:23:57 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{E1FB848A-A0E2-4ED0-A69E-6686CA0FA52C}
    [2012-08-03 12:58:54 | 000,518,144 | —- | C] (SteelWerX) – C:\Windows\SWREG.exe
    [2012-08-03 12:58:54 | 000,406,528 | —- | C] (SteelWerX) – C:\Windows\SWSC.exe
    [2012-08-03 12:58:54 | 000,060,416 | —- | C] (NirSoft) – C:\Windows\NIRCMD.exe
    [2012-08-03 12:58:21 | 000,000,000 | —D | C] – C:\Qoobox
    [2012-08-03 12:57:56 | 000,000,000 | —D | C] – C:\Windows\erdnt
    [2012-08-03 11:23:29 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{8AB98C10-1297-42DB-B24E-4E7F703EF9A6}
    [2012-08-03 11:23:14 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{942D23DE-B7F2-4A0A-ADAC-9A8C26D0816D}
    [2012-08-02 23:22:58 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{C219747C-D89E-4DA4-BA48-23DFA3E439A9}
    [2012-08-02 23:22:43 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{294B5A5B-197C-476D-A7CE-DB9AE9FC34B1}
    [2012-08-02 17:29:01 | 000,000,000 | —D | C] – C:\Users\Rutger\Documents\fotos
    [2012-08-02 11:22:26 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{DE6CF8C2-3DFB-4103-A709-2C786B44FFCF}
    [2012-08-02 11:22:11 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{965B53A9-7B26-4D6C-AF42-B40BB4CD3E62}
    [2012-08-01 23:21:41 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{321740E7-F026-4D9D-A994-FB93BA907DF8}
    [2012-08-01 23:21:25 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{7B25163A-C120-4185-B5FF-85B2CFDD7A5C}
    [2012-08-01 22:01:47 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Roaming\Malwarebytes
    [2012-08-01 22:01:28 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012-08-01 22:01:28 | 000,000,000 | —D | C] – C:\ProgramData\Malwarebytes
    [2012-08-01 22:01:27 | 000,024,904 | —- | C] (Malwarebytes Corporation) – C:\Windows\SysNative\drivers\mbam.sys
    [2012-08-01 22:01:27 | 000,000,000 | —D | C] – C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012-08-01 11:20:59 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{87D005FD-EDF7-4B45-B0F5-0D08FCC59074}
    [2012-08-01 11:20:43 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{797BC7C4-42F8-4F09-9132-2714B6CA2F4E}
    [2012-07-31 23:20:27 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{E74B8205-07C0-4F68-A064-FB001BA24D65}
    [2012-07-31 23:20:11 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{FD2BF7FD-773A-4026-B282-3BD8810927E2}
    [2012-07-31 11:19:54 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{758072BC-7025-4075-B891-8695BC217136}
    [2012-07-31 11:19:03 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{7EF2A17F-1655-4F28-B7F6-B0BBD85D3B04}
    [2012-07-30 15:37:39 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{F725F4B0-FE58-4839-8E7D-0EAD0F14E006}
    [2012-07-30 15:37:05 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{3B83BBAA-8C64-470F-9BE9-3D9D84864F62}
    [2012-07-30 01:08:16 | 000,000,000 | —D | C] – C:\Users\Rutger\Documents\echterkermisoud
    [2012-07-29 15:09:50 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{8BD77A1D-3053-4B3D-9B12-B6630F3B3B69}
    [2012-07-29 15:09:27 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{44D5C456-4833-41D4-A6F2-F47A15D06378}
    [2012-07-28 14:02:51 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{FFA0C7CA-5394-4AF8-83B6-115A9DA17EA4}
    [2012-07-28 00:56:56 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{B8C7DD90-B80B-43FB-A19E-66C946E33A18}
    [2012-07-28 00:56:42 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{06D49C4C-CF46-4C95-A650-781137A20B3F}
    [2012-07-27 17:16:53 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gerstlauer Suspended Polyp 3D-Simulation
    [2012-07-27 00:54:47 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{3EAC1B7A-2F90-4DD7-8B2A-2E9E3791EF0F}
    [2012-07-27 00:54:32 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{14A84292-B0B3-431D-9CE0-B942DB34908B}
    [2012-07-26 12:54:03 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{AD7D57CF-21A9-42AB-9CCE-D8931203AD40}
    [2012-07-26 12:53:49 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{657602AA-2860-4623-ACB1-02B37F66D605}
    [2012-07-26 00:53:33 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{11D3D4D5-213B-464F-8E6D-74DDFAD91A0D}
    [2012-07-26 00:53:18 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{326435C6-776D-4F3E-A99C-DCC9E83130DE}
    [2012-07-25 12:53:02 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{F550D815-D00B-4A8F-9C50-E7A615C4F5AE}
    [2012-07-25 12:52:47 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{2161FA5F-2E37-46C8-A5FC-1B92D6B96333}
    [2012-07-25 00:52:31 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{075E02D0-2FE4-4D5C-A89E-37444E8CD82B}
    [2012-07-25 00:51:58 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{F8BB56F6-B22A-467D-8777-D5436D76C505}
    [2012-07-24 12:51:42 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{C707E1C4-B85E-4EA6-AE62-5B00246B98C9}
    [2012-07-24 12:51:27 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{7B9BA826-F65E-4715-BF09-CAF9A9EF132D}
    [2012-07-24 00:51:08 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{BC10FE7D-A6C6-4D1B-AA07-003342E58A65}
    [2012-07-24 00:50:55 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{D9F23C22-0478-42EF-A2C1-B04EB67CF653}
    [2012-07-23 11:53:53 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{062D0F2F-8BBF-4276-A90F-9502EBA3FE55}
    [2012-07-23 11:53:42 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{502F96D9-8FB3-48FF-8EC3-31AFB65C2AF9}
    [2012-07-22 18:04:54 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{DBAE2B08-5B23-433D-8A6B-684BC35B507C}
    [2012-07-22 18:04:30 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{4785584C-B184-4AB4-BADC-B9A7871C8AC7}
    [2012-07-21 22:13:11 | 000,000,000 | —D | C] – C:\Users\Rutger\Documents\SimCity 4
    [2012-07-21 22:12:30 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
    [2012-07-21 17:32:52 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{CC20196A-491B-4882-8FDC-55AB69D79685}
    [2012-07-21 17:32:32 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{E281692D-34EF-4AF1-9799-FE96BB39C6C2}
    [2012-07-21 01:30:21 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{06027CBB-61BA-4E1F-B0CD-0D0B82AAAEF3}
    [2012-07-21 01:30:06 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{9C601CC7-B99D-4EF7-ABC9-73C6793540B5}
    [2012-07-20 13:29:50 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{6E010A2C-E5DF-47D2-A390-89AEBCAA8B39}
    [2012-07-20 13:29:35 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{8D36D352-A936-472F-AF3A-E1B230EBACE7}
    [2012-07-20 01:29:18 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{759AED77-0413-4D7D-A79E-FDBD2466FEED}
    [2012-07-20 01:28:46 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{8FB61BF5-1FF1-4D41-8AA9-27A001AB3AC8}
    [2012-07-19 13:28:27 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{21831A49-4C22-4CAD-90A9-B5A3F206CA86}
    [2012-07-19 13:28:07 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{8B20EB28-4DEE-4601-9437-72B454C0DD03}
    [2012-07-18 22:42:28 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{86676C0A-BB0B-4018-A7B1-8BE8713B8D37}
    [2012-07-18 22:42:13 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{E1C7C97B-B790-4566-A35A-ACF689A00295}
    [2012-07-18 10:07:42 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{9F4BA666-FD97-4EBC-8BB0-031D46BD29C1}
    [2012-07-18 10:07:13 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{7A81BA2E-47E6-436D-A457-8DF18DA4DF17}
    [2012-07-17 19:12:57 | 000,000,000 | —D | C] – C:\Program Files (x86)\Oracle
    [2012-07-17 10:44:04 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{6DAFB23E-51F4-4597-825B-FE77498BFAAE}
    [2012-07-17 10:43:45 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{B079D609-1F18-462F-BB7A-00C1B5814308}
    [2012-07-16 16:47:12 | 000,000,000 | —D | C] – C:\Program Files (x86)\Microsoft Games
    [2012-07-16 09:23:30 | 000,000,000 | —D | C] – C:\Windows\SysNative\SPReview
    [2012-07-16 09:21:21 | 000,000,000 | —D | C] – C:\Windows\SysNative\EventProviders
    [2012-07-16 09:04:59 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{504892DA-E227-4B7E-BC24-8FC0D58BD704}
    [2012-07-16 09:04:44 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{CF7FA0A9-7723-4E28-AC98-C206420422ED}
    [2012-07-15 19:11:49 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{06F8D0A1-7569-49B3-9374-FA67AF4B7956}
    [2012-07-14 21:09:52 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{CD987164-E7D9-4567-84AB-57F27CF46E96}
    [2012-07-14 21:09:37 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{597E3EE7-DD19-42A9-80A5-D1F812B8CCE3}
    [2012-07-14 09:09:00 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{BA842B5B-389D-4A13-928F-E8F6C780A61A}
    [2012-07-14 09:08:37 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{0948A7BB-BECE-4B8C-8A5B-6D851CC9427E}
    [2012-07-13 13:02:06 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{19EA6963-7313-4243-87C5-FC69A67B23DB}
    [2012-07-13 13:01:54 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{F427D3F8-AE77-4259-B633-3655303B02C6}
    [2012-07-12 14:52:11 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{A2667579-07CD-41A5-A221-F42E12D4B5A1}
    [2012-07-12 14:51:56 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{1CB674BE-862B-4FBB-AE29-93EC435523D4}
    [2012-07-12 02:51:40 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{E5D859DC-4069-47A3-A7EC-A1DD2956577A}
    [2012-07-12 02:51:25 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{AD4690D0-F266-49AD-A430-C45896E90403}
    [2012-07-11 14:51:02 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{43EF16E7-A56F-4FD9-83C7-97349409D2C1}
    [2012-07-11 14:50:29 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{E4F6DC5E-AA9F-4C9E-90D4-3978978DE39B}
    [2012-07-10 16:01:37 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{703D360D-2E84-485C-8363-6F8E1C3BF05D}
    [2012-07-10 16:01:15 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{88026163-7C39-4660-88E5-E71B12ADB105}
    [2012-07-10 01:47:57 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{DDCE613F-8769-427B-AC61-31C90BF87F09}
    [2012-07-10 01:47:42 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{12EDE146-1DC7-405F-BC31-15239C7CB1C8}
    [2012-07-09 13:47:09 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{C4838A50-2DDE-458B-B6E6-EABEB87DA53A}
    [2012-07-09 13:46:48 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{5FC3424F-F188-4179-9C9C-ADA61FFA11C4}
    [2012-07-08 23:41:38 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{14424A45-ADDE-422C-AF82-BC85F30FAC83}
    [2012-07-08 23:41:23 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{13B3997B-D4E9-4964-BC5F-282446B58D84}
    [2012-07-08 11:41:05 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{3AAE94A1-7E93-457C-89E1-76C8FC9E04E6}
    [2012-07-08 11:40:44 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{7AFB97B9-1493-4FA5-8F6D-87DD07719C87}
    [2012-07-07 21:10:05 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{97BD3D84-7B23-463F-B92C-69765C4F4E04}
    [2012-07-07 21:09:50 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{21BA71EE-4B6E-4E54-9EDB-98BF0C9CE5C5}
    [2012-07-07 09:09:19 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{591FB591-3787-4914-B30E-177EC16865C7}
    [2012-07-07 09:08:58 | 000,000,000 | —D | C] – C:\Users\Rutger\AppData\Local\{7DDB1D3D-3CF9-4E14-95E5-9EE2618BFBD1}

    ========== Files - Modified Within 30 Days ==========[/color:e63724cd37]

    [2012-08-05 20:52:00 | 000,001,056 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012-08-05 20:49:58 | 000,013,648 | -H– | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-08-05 20:49:58 | 000,013,648 | -H– | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-08-05 20:42:59 | 000,001,052 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012-08-05 20:41:54 | 000,067,584 | –S- | M] () – C:\Windows\bootstat.dat
    [2012-08-05 20:41:50 | 536,223,743 | -HS- | M] () – C:\hiberfil.sys
    [2012-08-05 20:11:00 | 000,000,940 | —- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-08-05 18:26:19 | 000,785,776 | —- | M] () – C:\Users\Rutger\Documents\IMAG0190.jpg
    [2012-08-05 01:01:26 | 000,000,294 | —- | M] () – C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
    [2012-08-05 01:01:26 | 000,000,278 | —- | M] () – C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
    [2012-08-05 00:44:29 | 000,000,254 | —- | M] () – C:\Windows\tasks\Epson Printer Software Downloader.job
    [2012-08-04 15:55:44 | 000,002,016 | —- | M] () – C:\Users\Rutger\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
    [2012-08-03 23:48:38 | 000,000,820 | —- | M] () – C:\Users\Rutger\Desktop\SimCity4 - Rush Hour.lnk
    [2012-08-03 23:42:22 | 000,000,218 | —- | M] () – C:\Users\Rutger\.recently-used.xbel
    [2012-08-03 13:22:42 | 000,962,290 | —- | M] () – C:\Users\Rutger\Documents\IMAG0189.jpg
    [2012-08-03 13:06:12 | 000,000,027 | —- | M] () – C:\Windows\SysNative\drivers\etc\hosts
    [2012-08-01 22:01:29 | 000,001,113 | —- | M] () – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-08-01 21:38:06 | 000,002,344 | —- | M] () – C:\Users\Public\Desktop\Google Chrome.lnk
    [2012-07-30 00:57:55 | 001,549,262 | —- | M] () – C:\Windows\SysNative\PerfStringBackup.INI
    [2012-07-30 00:57:55 | 000,701,326 | —- | M] () – C:\Windows\SysNative\perfh013.dat
    [2012-07-30 00:57:55 | 000,615,810 | —- | M] () – C:\Windows\SysNative\perfh009.dat
    [2012-07-30 00:57:55 | 000,133,358 | —- | M] () – C:\Windows\SysNative\perfc013.dat
    [2012-07-30 00:57:55 | 000,106,190 | —- | M] () – C:\Windows\SysNative\perfc009.dat
    [2012-07-28 23:01:52 | 001,108,197 | —- | M] () – C:\Users\Rutger\Documents\tellerplatenmt.ai
    [2012-07-28 17:42:18 | 005,389,822 | —- | M] () – C:\Users\Rutger\Documents\tryout.psd
    [2012-07-27 17:16:53 | 000,000,601 | —- | M] () – C:\Users\Rutger\Desktop\Gerstlauer Suspended Polyp.lnk
    [2012-07-21 22:12:30 | 000,000,685 | —- | M] () – C:\Users\Public\Desktop\SimCity 4.lnk
    [2012-07-21 22:10:36 | 000,021,144 | —- | M] () – C:\Users\Rutger\Documents\UntitledHD.veg
    [2012-07-21 20:51:48 | 000,011,338 | —- | M] () – C:\Users\Rutger\Documents\polotreffen.arl
    [2012-07-17 10:41:02 | 002,956,968 | —- | M] () – C:\Windows\SysNative\FNTCACHE.DAT
    [2012-07-16 09:14:27 | 000,007,597 | —- | M] () – C:\Users\Rutger\AppData\Local\Resmon.ResmonCfg

    ========== Files Created - No Company Name ==========[/color:e63724cd37]

    [2012-08-05 18:26:02 | 000,785,776 | —- | C] () – C:\Users\Rutger\Documents\IMAG0190.jpg
    [2012-08-04 15:56:04 | 000,000,294 | —- | C] () – C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
    [2012-08-04 15:56:02 | 000,000,278 | —- | C] () – C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
    [2012-08-04 15:55:44 | 000,002,016 | —- | C] () – C:\Users\Rutger\Application Data\Microsoft\Internet Explorer\Quick Launch\DLL-Files.com FIXER.lnk
    [2012-08-03 23:48:38 | 000,000,820 | —- | C] () – C:\Users\Rutger\Desktop\SimCity4 - Rush Hour.lnk
    [2012-08-03 23:42:22 | 000,000,218 | —- | C] () – C:\Users\Rutger\.recently-used.xbel
    [2012-08-03 13:22:24 | 000,962,290 | —- | C] () – C:\Users\Rutger\Documents\IMAG0189.jpg
    [2012-08-03 12:58:54 | 000,256,000 | —- | C] () – C:\Windows\PEV.exe
    [2012-08-03 12:58:54 | 000,208,896 | —- | C] () – C:\Windows\MBR.exe
    [2012-08-03 12:58:54 | 000,098,816 | —- | C] () – C:\Windows\sed.exe
    [2012-08-03 12:58:54 | 000,080,412 | —- | C] () – C:\Windows\grep.exe
    [2012-08-03 12:58:54 | 000,068,096 | —- | C] () – C:\Windows\zip.exe
    [2012-08-01 22:01:29 | 000,001,113 | —- | C] () – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-07-28 23:01:49 | 001,108,197 | —- | C] () – C:\Users\Rutger\Documents\tellerplatenmt.ai
    [2012-07-28 00:32:30 | 005,389,822 | —- | C] () – C:\Users\Rutger\Documents\tryout.psd
    [2012-07-27 17:16:53 | 000,000,601 | —- | C] () – C:\Users\Rutger\Desktop\Gerstlauer Suspended Polyp.lnk
    [2012-07-21 22:12:30 | 000,000,685 | —- | C] () – C:\Users\Public\Desktop\SimCity 4.lnk
    [2012-07-16 10:15:47 | 000,000,940 | —- | C] () – C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-03-24 00:02:30 | 000,000,097 | —- | C] () – C:\Windows\SysWow64\PICSDK.ini
    [2012-03-24 00:02:29 | 000,111,932 | —- | C] () – C:\Windows\SysWow64\EPPICPrinterDB.dat
    [2012-03-24 00:02:29 | 000,031,053 | —- | C] () – C:\Windows\SysWow64\EPPICPattern131.dat
    [2012-03-24 00:02:29 | 000,027,417 | —- | C] () – C:\Windows\SysWow64\EPPICPattern121.dat
    [2012-03-24 00:02:29 | 000,026,154 | —- | C] () – C:\Windows\SysWow64\EPPICPattern1.dat
    [2012-03-24 00:02:29 | 000,024,903 | —- | C] () – C:\Windows\SysWow64\EPPICPattern3.dat
    [2012-03-24 00:02:29 | 000,021,390 | —- | C] () – C:\Windows\SysWow64\EPPICPattern5.dat
    [2012-03-24 00:02:29 | 000,020,148 | —- | C] () – C:\Windows\SysWow64\EPPICPattern2.dat
    [2012-03-24 00:02:29 | 000,011,811 | —- | C] () – C:\Windows\SysWow64\EPPICPattern4.dat
    [2012-03-24 00:02:29 | 000,004,943 | —- | C] () – C:\Windows\SysWow64\EPPICPattern6.dat
    [2012-03-24 00:02:29 | 000,001,146 | —- | C] () – C:\Windows\SysWow64\EPPICPresetData_DU.dat
    [2012-03-24 00:02:29 | 000,001,139 | —- | C] () – C:\Windows\SysWow64\EPPICPresetData_PT.dat
    [2012-03-24 00:02:29 | 000,001,139 | —- | C] () – C:\Windows\SysWow64\EPPICPresetData_BP.dat
    [2012-03-24 00:02:29 | 000,001,136 | —- | C] () – C:\Windows\SysWow64\EPPICPresetData_ES.dat
    [2012-03-24 00:02:29 | 000,001,129 | —- | C] () – C:\Windows\SysWow64\EPPICPresetData_FR.dat
    [2012-03-24 00:02:29 | 000,001,129 | —- | C] () – C:\Windows\SysWow64\EPPICPresetData_CF.dat
    [2012-03-24 00:02:29 | 000,001,120 | —- | C] () – C:\Windows\SysWow64\EPPICPresetData_IT.dat
    [2012-03-24 00:02:29 | 000,001,107 | —- | C] () – C:\Windows\SysWow64\EPPICPresetData_GE.dat
    [2012-03-24 00:02:29 | 000,001,104 | —- | C] () – C:\Windows\SysWow64\EPPICPresetData_EN.dat
    [2012-03-16 01:55:24 | 000,007,597 | —- | C] () – C:\Users\Rutger\AppData\Local\Resmon.ResmonCfg
    [2012-03-16 00:38:19 | 000,451,072 | —- | C] () – C:\Windows\SysWow64\ISSRemoveSP.exe
    [2012-03-16 00:23:39 | 000,217,088 | —- | C] () – C:\Windows\NVGfxOgl.dll
    [2012-03-16 00:01:15 | 000,000,000 | —- | C] () – C:\Windows\ativpsrm.bin
    [2012-02-29 14:26:56 | 000,416,064 | —- | C] () – C:\Windows\SysWow64
    vStreaming.exe

    ========== LOP Check ==========[/color:e63724cd37]

    [2012-08-04 15:59:14 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\.minecraft
    [2012-08-03 23:42:23 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\BitLord
    [2012-03-29 23:46:10 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\DAEMON Tools Lite
    [2012-08-04 15:55:53 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\dll-files.com
    [2012-07-16 16:43:58 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\DVDVideoSoft
    [2012-03-25 01:20:10 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\Epson
    [2012-03-31 00:04:00 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming
    vda
    [2012-03-16 20:37:13 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\Publish Providers
    [2012-03-16 19:44:44 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\Python-Eggs
    [2012-03-16 20:01:13 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\Sony
    [2012-05-29 17:07:55 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\systweak
    [2012-03-16 03:02:30 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\Thinstall
    [2012-04-25 21:18:22 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\Unity
    [2012-06-29 00:57:43 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\Utherverse
    [2012-05-29 17:18:45 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\Wondershare Video Converter Platinum
    [2012-05-29 17:27:55 | 000,000,000 | —D | M] – C:\Users\Rutger\AppData\Roaming\Wondershare Video Converter Ultimate
    [2012-08-05 01:01:26 | 000,000,278 | —- | M] () – C:\Windows\Tasks\DLL-files.com Fixer_MONTHLY.job
    [2012-08-05 01:01:26 | 000,000,294 | —- | M] () – C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
    [2012-08-05 00:44:29 | 000,000,254 | —- | M] () – C:\Windows\Tasks\Epson Printer Software Downloader.job
    [2009-07-14 07:08:49 | 000,014,840 | —- | M] () – C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========[/color:e63724cd37]



    < End of report >
    [/quote:e63724cd37]

    Extras.txt
    [quote:e63724cd37]

    OTL Extras logfile created on: 5-8-2012 20:58:58 - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rutger\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    6,00 Gb Total Physical Memory | 4,66 Gb Available Physical Memory | 77,64% Memory free
    12,00 Gb Paging File | 10,54 Gb Available in Paging File | 87,84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 74,52 Gb Total Space | 22,77 Gb Free Space | 30,55% Space Free | Partition Type: NTFS
    Drive E: | 465,76 Gb Total Space | 198,17 Gb Free Space | 42,55% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 926,73 Gb Free Space | 99,49% Space Free | Partition Type: NTFS
    Drive H: | 700,93 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: DESKTOP_RUTGER | User Name: Rutger | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:e63724cd37]


    ========== File Associations ==========[/color:e63724cd37]

    [b:e63724cd37]64bit:[/b:e63724cd37] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] – C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] – Reg Error: Key error. File not found

    ========== Shell Spawning ==========[/color:e63724cd37]

    [b:e63724cd37]64bit:[/b:e63724cd37] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Key error.
    htmlfile [edit] – Reg Error: Key error.
    htmlfile [print] – rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] – "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" – "%1" (Google Inc.)
    inffile [install] – %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] – "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] – "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] – Reg Error: Value error.
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Key error.
    htmlfile [edit] – Reg Error: Key error.
    https [open] – "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" – "%1" (Google Inc.)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] – Reg Error: Value error.
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:e63724cd37]

    [b:e63724cd37]64bit:[/b:e63724cd37] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [b:e63724cd37]64bit:[/b:e63724cd37] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [b:e63724cd37]64bit:[/b:e63724cd37] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [b:e63724cd37]64bit:[/b:e63724cd37] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========[/color:e63724cd37]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========[/color:e63724cd37]

    [b:e63724cd37]64bit:[/b:e63724cd37] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [b:e63724cd37]64bit:[/b:e63724cd37] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [b:e63724cd37]64bit:[/b:e63724cd37] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========[/color:e63724cd37]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========[/color:e63724cd37]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0054917C-11D3-4146-8F3B-714BFC5976F4}" = lport=445 | protocol=6 | dir=in | app=system |
    "{016E5470-DE7D-4874-99B2-88B5449D44D1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{063DB570-22E3-4D2B-935F-1125FBB652BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{0950B6C7-FC44-4CEC-A322-5D492102C09A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{10C62294-086E-4FDE-93E3-9CF67F240B5F}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
    "{16606D3D-AB28-43AF-A093-4CC27FCD4DFE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{20695B1C-A664-4F80-A97D-0B218D999458}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2AD3BD96-E2FA-491F-BADF-B8378984DDBB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2CE8DCE3-E15A-4E25-8FAC-D03003A861F9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2FC60FD0-533C-448C-8EB6-792C162F18C8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{3217F8FF-B2D9-4644-8F51-1465FAF63A36}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{34EE77BE-54F9-4FB6-A86B-D7386A84D23E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{3B06E40F-B7ED-4B52-9F6D-02E5B87953D9}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
    "{409DD58F-4EAD-4C7A-B650-C920B3A99C36}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
    "{4A2F9682-E986-410E-AED3-B9B98E30EB56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4C5EB458-4D53-43F3-92F5-23DFF382CF65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{53638C44-3A33-4282-8BD0-FD608489C8F9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{58340DAF-347A-4845-981A-44BAC597523B}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
    "{5DE0DC39-294D-4BAB-AD99-4ADAE52FE6FF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{6427081F-3A1A-496D-A39F-1A4899ACF5C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7BF86FFB-5F19-490C-BD1C-A3FB2AF0C728}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7C7A6F9B-CBA2-462C-9B80-5ADFEFEBEC9A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{7CA7A2EB-7164-
  • Extra's log is niet compleet.
    Wat betreft die reclamepopups: in welke browser gebeurt dat?
  • [quote:be2e69d060="Abraham54"]Extra's log is niet compleet.
    Wat betreft die reclamepopups: in welke browser gebeurt dat?[/quote:be2e69d060]
    Excuus, niet in de gaten gehad,
    Reclamepopups zitten in google chrome. Maar andere browsers nog niet dusdanig gecheckt of het daar ook in is.

    [quote:be2e69d060]

    OTL Extras logfile created on: 5-8-2012 20:58:58 - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rutger\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    6,00 Gb Total Physical Memory | 4,66 Gb Available Physical Memory | 77,64% Memory free
    12,00 Gb Paging File | 10,54 Gb Available in Paging File | 87,84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 74,52 Gb Total Space | 22,77 Gb Free Space | 30,55% Space Free | Partition Type: NTFS
    Drive E: | 465,76 Gb Total Space | 198,17 Gb Free Space | 42,55% Space Free | Partition Type: NTFS
    Drive F: | 931,51 Gb Total Space | 926,73 Gb Free Space | 99,49% Space Free | Partition Type: NTFS
    Drive H: | 700,93 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: DESKTOP_RUTGER | User Name: Rutger | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:be2e69d060]


    ========== File Associations ==========[/color:be2e69d060]

    [b:be2e69d060]64bit:[/b:be2e69d060] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] – C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] – Reg Error: Key error. File not found

    ========== Shell Spawning ==========[/color:be2e69d060]

    [b:be2e69d060]64bit:[/b:be2e69d060] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Key error.
    htmlfile [edit] – Reg Error: Key error.
    htmlfile [print] – rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] – "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" – "%1" (Google Inc.)
    inffile [install] – %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] – "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] – "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] – Reg Error: Value error.
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Key error.
    htmlfile [edit] – Reg Error: Key error.
    https [open] – "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" – "%1" (Google Inc.)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] – Reg Error: Value error.
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:be2e69d060]

    [b:be2e69d060]64bit:[/b:be2e69d060] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [b:be2e69d060]64bit:[/b:be2e69d060] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [b:be2e69d060]64bit:[/b:be2e69d060] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [b:be2e69d060]64bit:[/b:be2e69d060] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========[/color:be2e69d060]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========[/color:be2e69d060]

    [b:be2e69d060]64bit:[/b:be2e69d060] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [b:be2e69d060]64bit:[/b:be2e69d060] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [b:be2e69d060]64bit:[/b:be2e69d060] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========[/color:be2e69d060]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========[/color:be2e69d060]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0054917C-11D3-4146-8F3B-714BFC5976F4}" = lport=445 | protocol=6 | dir=in | app=system |
    "{016E5470-DE7D-4874-99B2-88B5449D44D1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{063DB570-22E3-4D2B-935F-1125FBB652BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{0950B6C7-FC44-4CEC-A322-5D492102C09A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{10C62294-086E-4FDE-93E3-9CF67F240B5F}" = lport=53 | protocol=17 | dir=in | name=rtldns-port-2 |
    "{16606D3D-AB28-43AF-A093-4CC27FCD4DFE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{20695B1C-A664-4F80-A97D-0B218D999458}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2AD3BD96-E2FA-491F-BADF-B8378984DDBB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2CE8DCE3-E15A-4E25-8FAC-D03003A861F9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2FC60FD0-533C-448C-8EB6-792C162F18C8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{3217F8FF-B2D9-4644-8F51-1465FAF63A36}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{34EE77BE-54F9-4FB6-A86B-D7386A84D23E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{3B06E40F-B7ED-4B52-9F6D-02E5B87953D9}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
    "{409DD58F-4EAD-4C7A-B650-C920B3A99C36}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
    "{4A2F9682-E986-410E-AED3-B9B98E30EB56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4C5EB458-4D53-43F3-92F5-23DFF382CF65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{53638C44-3A33-4282-8BD0-FD608489C8F9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{58340DAF-347A-4845-981A-44BAC597523B}" = lport=67 | protocol=17 | dir=in | name=rtldhcp-port |
    "{5DE0DC39-294D-4BAB-AD99-4ADAE52FE6FF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{6427081F-3A1A-496D-A39F-1A4899ACF5C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7BF86FFB-5F19-490C-BD1C-A3FB2AF0C728}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7C7A6F9B-CBA2-462C-9B80-5ADFEFEBEC9A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{7CA7A2EB-7164-4EE5-80D3-48D1BA8721F6}" = rport=137 | protocol=17 | dir=out | app=system |
    "{7E304EC9-A96D-4723-BAFC-09AFABB458CB}" = rport=139 | protocol=6 | dir=out | app=system |
    "{966F3FEE-6810-468B-B000-2D5FBF189007}" = lport=139 | protocol=6 | dir=in | app=system |
    "{A32CFACB-B314-4554-995D-09D0934057D4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A884AF03-7B4D-4B3F-BC54-3E3D74F852BF}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{AB05F671-F301-4632-A454-1E7EA4FB29CB}" = lport=53 | protocol=6 | dir=in | name=rtldns-port |
    "{AE62A243-511B-456C-8EB2-4AF5DD794FDF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B282C0C3-A030-47D7-A723-1EAC983BF76E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{C0FB97F2-E1F2-4786-86CF-83CDBFA05C04}" = rport=445 | protocol=6 | dir=out | app=system |
    "{C528B025-7EDF-47CF-8EC5-6EF2A9B866C5}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C5370F3E-30C6-458F-86F9-A32E64E766C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DB5D5C71-0165-4FD8-AF26-E174B3DB61CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DCA961FC-1C01-4AE7-9A6B-7A8EE26F786E}" = lport=68 | protocol=17 | dir=in | name=rtldhcp-port-2 |
    "{E4942E89-CC68-4A05-ABDC-618878615106}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
    "{E5651154-C1A9-408C-9852-3887EC3EF193}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
    "{F2B5F47E-A166-436C-9A45-9013392EAEEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F2CA34C3-9BEB-405C-9479-C3ABBBD80C02}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

    ========== Vista Active Application Exception List ==========[/color:be2e69d060]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01B439ED-E186-4B7B-AF34-740FB9FA4D1E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{112268AD-081B-4D4B-94CF-E8040301D360}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{18187389-ED42-43CA-9B6D-6005ED6686F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{19B1AB6D-3CAB-44C4-A4DA-16B74454B528}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{22EF13EB-4F9F-4DB8-B8BE-784972AF7C84}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{30EF8B3D-FB8B-485E-9968-830A68D5CAE6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{35453AAC-ADF2-40E0-9EB8-11884404D76E}" = dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtldhcp.exe |
    "{3894D992-32F4-4A3E-9E18-C8C5D521B914}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
    "{4650B512-FE45-4EA3-8C9D-2F44FE3EDFBD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{4E97F928-C543-40D2-8873-2C123BC47443}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{63DC5AC9-9137-4E9A-9C52-263754E2E147}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
    "{68D28C3A-2D92-48DA-A131-682BCD4CE7F8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{6D0B3B1C-E55D-422A-8735-4739F6D98A5F}" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
    "{6D4B627A-5165-488E-BAB2-BC9063F92A7A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{701BEA82-3F64-415C-BCEE-721E90C05C8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8ECC80D6-B08D-4790-AEE8-D5F48255413E}" = protocol=6 | dir=out | app=system |
    "{93CB6B28-955E-4254-A332-56C0457BAC39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{947B0739-DF86-4991-8B12-7A356F1D9819}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B894BE29-E564-4E20-97F1-577586C85746}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{BCCDD0CC-10E1-488F-A10A-2799039C0E97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BFA3662A-2108-48A0-8EF2-DAD959EB4A70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{D711733E-8283-4B52-B178-60077FD51CCE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E0A2D9A0-92B5-407D-8418-49A9CA65AF08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E29F483B-DA79-4532-9977-4EF3495D0A8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EF3AFEA5-3C2C-4487-88CE-722898E7D7F0}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{F06A8C67-35D4-4C18-B128-53C784A638B4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{F0969B24-D72F-472B-8378-EA520A4B957F}" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord 2\bitlord files\bitlord.exe |
    "{F2A6506B-F989-4314-95AD-61330A12582B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F4ACCDB0-FB00-417F-B717-E0ADBB3F21A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{FAAC873A-5E5C-4EFA-BE4C-C025582AB324}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{3576472D-322A-46D0-8301-DAA8086EC69B}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |
    "TCP Query User{54B41129-87A0-4DCC-AF35-EAF77DF01159}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{ADDC5723-265D-4077-B760-03397C624487}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{E1F2B5CC-56F9-471A-B540-97B4D5E4C95C}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe |
    "UDP Query User{5D3AE716-C9C0-4417-9018-75E6F617D5BA}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe |
    "UDP Query User{5D3C6B9D-821A-4D1A-8665-9091902E5BB2}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{A95A8AD8-1416-4F1C-A978-8C8FF1B7CD58}C:\program files (x86)\Epson Software\Event Manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{C0997A4D-5C5F-42FD-AD73-A1FBCC2BF7E5}C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:be2e69d060]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
    "KLiteCodecPack64_is1" = K-Lite Codec Pack 5.9.0 (64-bit)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
    "{90120000-0015-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
    "{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
    "{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
    "{90120000-0019-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
    "{90120000-001A-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
    "{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0413-1000-0000000FF1CE}_PROPLUS_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
    "{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
    "{90120000-0044-0413-0000-0000000FF1CE}_PROPLUS_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
    "{90120000-006E-0413-0000-0000000FF1CE}_PROPLUS_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C049499-055C-4A0C-A916-1D12314F45EB}" = REALTEK Wireless LAN Driver and Utility
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "Arles Image Web Page Creator_is1" = Arles Image Web Page Creator 5.5
    "avast" = avast! Free Antivirus
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
    "Epson Printer Software Downloader" = Epson Printer Software Downloader
    "EPSON Scanner" = EPSON Scan
    "Epson Stylus SX110_TX110 Gebruikershandleiding" = Epson Stylus SX110_TX110 Handboek
    "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
    "Google Chrome" = Google Chrome
    "KRISTAL Audio Engine" = KRISTAL Audio Engine
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.62.0.1300
    "NVDA" = NVDA 2012.1
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OverclockingCenter_is1" = OverclockingCenter
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "RocketDock_is1" = RocketDock 1.3.5
    "Sim City 4 - Rush Hour" = Sim City 4 - Rush Hour
    "Smart File Advisor_is1" = Smart File Advisor 1.1.1
    "SpeedFan" = SpeedFan (remove only)
    "TinyCAD" = TinyCAD 2.80.03
    "WampServer 2_is1" = WampServer 2.2
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR

    ========== HKEY_CURRENT_USER Uninstall List ==========[/color:be2e69d060]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Future Dance Simulatie v.2" = Future Dance Simulatie v.2
    "Gerstlauer Suspended Polyp 3D-Simulation" = Gerstlauer Suspended Polyp 3D-Simulation
    "Power Wave Simulatie" = Power Wave Simulatie
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========[/color:be2e69d060]

    [ Application Events ]
    Error - 18-7-2012 7:40:43 | Computer Name = DESKTOP_RUTGER | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 22-7-2012 15:41:07 | Computer Name = DESKTOP_RUTGER | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 26-7-2012 10:55:08 | Computer Name = DESKTOP_RUTGER | Source = Application Hang | ID = 1002
    Description = Het programma E_IARNFBE.EXE, versie 5.0.5.0 reageert niet meer op
    Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
    beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
    in het Configuratiescherm. Proces-id: 1898 Starttijd: 01cd6b3dddbddd04 Eindtijd: 8

    Toepassingspad:
    C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNFBE.EXE Rapport-id: df4aa1a9-d731-11e1-994f-00158315a310


    Error - 1-8-2012 7:28:58 | Computer Name = DESKTOP_RUTGER | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 1-8-2012 18:00:10 | Computer Name = DESKTOP_RUTGER | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 3-8-2012 6:19:59 | Computer Name = DESKTOP_RUTGER | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 3-8-2012 9:22:59 | Computer Name = DESKTOP_RUTGER | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: SimCity 4.exe, versie: 1.0.272.0, tijdstempel:
    0x3e83a368 Naam van module met fout: SimCity 4.exe, versie: 1.0.272.0, tijdstempel:
    0x3e83a368 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00059ee9 Id van proces met
    fout: 0x4fa8 Starttijd van toepassing met fout: 0x01cd717a2eba69ac Pad naar toepassing
    met fout: F:\simcity\Apps\SimCity 4.exe Pad naar module met fout: F:\simcity\Apps\SimCity
    4.exe Rapport-id: 57db237a-dd6e-11e1-9d68-00158315a310

    Error - 3-8-2012 9:23:04 | Computer Name = DESKTOP_RUTGER | Source = | ID = 0
    Description =

    Error - 3-8-2012 9:23:04 | Computer Name = DESKTOP_RUTGER | Source = | ID = 0
    Description =

    Error - 4-8-2012 13:05:30 | Computer Name = DESKTOP_RUTGER | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'C:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    [ System Events ]
    Error - 4-8-2012 15:13:53 | Computer Name = DESKTOP_RUTGER | Source = Service Control Manager | ID = 7030
    Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
    Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
    toegestaan. Deze service werkt mogelijk niet juist.

    Error - 4-8-2012 15:16:01 | Computer Name = DESKTOP_RUTGER | Source = Service Control Manager | ID = 7030
    Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
    Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
    toegestaan. Deze service werkt mogelijk niet juist.

    Error - 4-8-2012 19:01:56 | Computer Name = DESKTOP_RUTGER | Source = Service Control Manager | ID = 7009
    Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
    deze service: nvda.

    Error - 4-8-2012 19:01:56 | Computer Name = DESKTOP_RUTGER | Source = Service Control Manager | ID = 7000
    Description = De nvda-service kan vanwege de volgende fout niet worden gestart:
    %%1053

    Error - 5-8-2012 9:54:57 | Computer Name = DESKTOP_RUTGER | Source = EventLog | ID = 6008
    Description = De vorige afsluiting van het systeem om 15:52:22 op ?5-?8-?2012 is
    onverwacht gebeurd.

    Error - 5-8-2012 9:54:58 | Computer Name = DESKTOP_RUTGER | Source = BugCheck | ID = 1001
    Description =

    Error - 5-8-2012 9:55:43 | Computer Name = DESKTOP_RUTGER | Source = Microsoft-Windows-WHEA-Logger | ID = 18
    Description = Er is een onherstelbare hardwarefout opgetreden. Gerapporteerd door
    onderdeel: Processorcore Foutbron: 3 Fouttype: 9 Processor-id: 0 Zie de detailweergave
    van deze vermelding voor aanvullende informatie.

    Error - 5-8-2012 9:55:48 | Computer Name = DESKTOP_RUTGER | Source = Service Control Manager | ID = 7011
    Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: RealtekCU.

    Error - 5-8-2012 14:41:59 | Computer Name = DESKTOP_RUTGER | Source = EventLog | ID = 6008
    Description = De vorige afsluiting van het systeem om 20:17:26 op ?5-?8-?2012 is
    onverwacht gebeurd.

    Error - 5-8-2012 14:42:59 | Computer Name = DESKTOP_RUTGER | Source = Service Control Manager | ID = 7011
    Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: RealtekCU.


    < End of report >
    [/quote:be2e69d060]
  • Hoi, ik vermoed dat het deze plug-in in Chrome is: [b:088cc6c9ea]Fast save[/b:088cc6c9ea].

    Schakel die plugin eens uit en wacht af wat er gebeurt tijdens het surfen.

    Indien je niet weet hoe dat te doen, kik dan hier:
    http://www.pcwebplus.nl/phpbb/viewtopic.php?f=222&t=5673
  • probleem opgelost (even een tijdje getest nu)

    maar hoe ik aan die plugin kom en waarom die niet als malware o.i.d. wordt gezien snap ik niet?
  • Hoi, fijn dat alles weer normaal gaat.
    Meestal krijg je dat soort dingen mee geïnstalleerd met software.
    En indien je ook via Softonic download, dan is het zelfs zo, dat je niet alleen de software gedownload krijgt, want die zit verpakt in een "wrapper".
    Daardoor kan Softonic een spywareprogrammetje jouw Windows laten onderzoeken en krijg je ongevraagd rotzooi in je browsers geïnstalleerd!

    Voordat we nu gaan opruimen, graag het volgende doen: een test, om te kijken hoe goed de veiligheidssituatie in Windows is.

    Download naar je bureaublad [b:b2658e7388]Security Check[/color:b2658e7388][/b:b2658e7388].
    [list:b2658e7388][*:b2658e7388] Klik/dubbelklik op [b:b2658e7388]SecurityCheck.exe[/b:b2658e7388] en let op de instrukties in het zwarte venster.
    [*:b2658e7388] Een Kladblok document genaamd [b:b2658e7388]checkup.txt[/b:b2658e7388] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:b2658e7388] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:b2658e7388]
    Post de inhoud van [b:b2658e7388]checkup.txt [/b:b2658e7388]in je volgende post.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.