Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Live Security Platinum virus....?

None
58 antwoorden
  • Hallo,
    Ik heb sinds gisteren bij het surfen opeens een "nieuw" en ongevraagd programma op m'n desktop computer gekregen met de naam "Live Security Platinum". Deze computer werkt nu alleen nog in veilige modus maar ik heb dan ondanks de keuze met netwerkverbinding toch geen internet verbinding. Ik wil heel graag van dit programma af want via internet ben ik er inmiddels achter dat dit GEEN security programma is. Weet ook niet hoe dit programma zo opeens op m'n computer is gekomen, wel dat het vervelend is want normaal afsluiten of programma's starten gaat niet meer (geen reactie meer met muis).
    Nu heb ik een aantal sites bezocht om het programma te verwijderen maar begrijp daar toch niet zo heel erg veel van dus ik hoop dat jullie me er in het duidelijk Nederlands vanaf kunnen helpen.
    Mijn computer loopt op Windows XP. Heb (nog) geen verstand van een hijackprogramma noch enige vorm van virussen verwijderen.
    Is er iemand die mij kan helpen dit programma voorgoed van mijn computer af te krijgen?
    Alvast bedankt.
  • Doe nu eerst het volgende:

    [b:d690e121f0]Stap •1•[/b:d690e121f0][/color:d690e121f0]
    [b:d690e121f0]controleer de Proxy instellingen van IE - Want deze zijn waarschijnlijk gemanipuleerd door de malware[/b:d690e121f0]
    [list:d690e121f0][*:d690e121f0] Configuratiescherm > Internet opties > tabje "verbindingen" > klik op LAN-instellingen.
    [*:d690e121f0] Haal het vinkje weg voor "Een proxyserver voor het LAN-netwerk gebruiken "
    [*:d690e121f0] klik OK
    [*:d690e121f0] sluit de vensters[/list:u:d690e121f0]

    [b:d690e121f0]Stap •2•[/b:d690e121f0][/color:d690e121f0]
    Download [b:d690e121f0]Rkill.com Download Link[/b:d690e121f0] naar je bureaublad.

    [list:d690e121f0][*:d690e121f0] Nadat het tool op je bureaublad is geland, erop dubbelklikken, zo dat het zal proberen de processen van de rogue te stoppen!
    [*:d690e121f0] Wanneer het tool klaar is, zal het zwarte venster verdwijnen en kan je de volgende stap gaan doen!
    [*:d690e121f0] Krijg je de waarschuwing dat Rkill een infektie is, dan is deze waarschuwing afkomstig van de malware.
    [*:d690e121f0] Wordt Rkill echter gestopt, dan is het de truc de waarschuwing op hetscherm te laten staan en Rkill opnieuw op te starten.
    [*:d690e121f0] Dus blijf geduldig proberen Rkill zijn werk te laten doen - alleen dan kan je door met de volgende stap.[/list:u:d690e121f0]

    Indien je problemenen ondervindt om Rkill te laten werken, dan kan je
    [b:d690e121f0]iE explore.exe[/b:d690e121f0] (Klik)
    of [b:d690e121f0]eXplorer.exe[/b:d690e121f0] (Klik)
    downloaden - dit zijn hernoemde Rkill bestanden.

    [b:d690e121f0]Start jouw computer niet opnieuw opnieuw nadat RKILL klaar is want dan starten de malware onderdelen weeer op.[/b:d690e121f0]

    [b:d690e121f0]Stap •3•[/b:d690e121f0][/color:d690e121f0]
    [b:d690e121f0]Welk programma[/b:d690e121f0]: [b:d690e121f0]Malwarebytes MBAM[/b:d690e121f0][/color:d690e121f0]
    [b:d690e121f0]Waarvoor/waarom[/b:d690e121f0]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:d690e121f0]Moeilijkheidsgraad[/b:d690e121f0]: geen.

    [b:d690e121f0]Download Malwarebytes MBAM via één van deze locaties[/b:d690e121f0]:
    [list:d690e121f0][*:d690e121f0][b:d690e121f0]Softpedia.com[/b:d690e121f0][*:d690e121f0][b:d690e121f0]Majorgeeks.com[/b:d690e121f0][/list:u:d690e121f0]
    [b:d690e121f0]Allereerst[/b:d690e121f0]:[list:d690e121f0][*:d690e121f0] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:d690e121f0] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:d690e121f0]
    [b:d690e121f0]Malwarebytes MBAM opstarten[/b:d690e121f0]:
    [list:d690e121f0][*:d690e121f0] [b:d690e121f0]Sluit nu eerst alle nog openstaande programmavensters![/color:d690e121f0][/b:d690e121f0]
    [list:d690e121f0][*:d690e121f0][b:d690e121f0]Windows 2000[/color:d690e121f0][/b:d690e121f0] en [b:d690e121f0]Windows XP[/b:d690e121f0][/color:d690e121f0]: dubbelklik op de MBAM -snelkoppeling.
    [*:d690e121f0][b:d690e121f0]Windows Vista[/b:d690e121f0][/color:d690e121f0] en [b:d690e121f0]Windows 7[/b:d690e121f0][/color:d690e121f0]: rechtsklik op de MBAM-snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:d690e121f0][/list:u:d690e121f0]
    [list:d690e121f0][*:d690e121f0][b:d690e121f0]Let op:[/b:d690e121f0]
    [list:d690e121f0][*:d690e121f0]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:d690e121f0]Bij de eerste start kijg je de mogelijkheid de gratis probeerversie van Malwarebytes AntiMalware tijdelijk te gebruiken.
    [*:d690e121f0]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan voor de gratis versie te gaan en dus het vinkje bij de probeerversie te verwijderen.
    [*:d690e121f0]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:d690e121f0]
    [img:d690e121f0]http://www.imgdumper.nl/uploads5/5006440296e1a/5006440291bd9-MBAM_4.jpg[/img:d690e121f0]

    [*:d690e121f0][b:d690e121f0]Doe ook nog het volgende:[/b:d690e121f0]
    [list:d690e121f0][*:d690e121f0]Zodra het programma gestart is, ga dan naar het tabblad "[b:d690e121f0]Instellingen[/b:d690e121f0]".
    [*:d690e121f0]Vink hier aan: "[b:d690e121f0]Sluit Internet Explorer tijdens verwijdering van malware[/b:d690e121f0]".[/list:u:d690e121f0][/list:u:d690e121f0]

    [b:d690e121f0]Scannen[/b:d690e121f0]:
    [list:d690e121f0][*:d690e121f0] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:d690e121f0]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:d690e121f0]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:d690e121f0]
    [b:d690e121f0]Infecties gevonden[/b:d690e121f0]:
    [list:d690e121f0][*:d690e121f0]Klik nu eerst op OK om de melding weg te klikken
    [*:d690e121f0]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:d690e121f0]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:d690e121f0]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:d690e121f0]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:d690e121f0]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:d690e121f0]
    [b:d690e121f0]MBAM-Log[/b:d690e121f0]:
    [list:d690e121f0][*:d690e121f0] Het log wordt automatisch bewaard door 'MBAM' en dat kan je terugvinden door in het hoofdmenu van 'MBAM' op de tab 'Logbestanden' te klikken.[/list:u:d690e121f0]
    [b:d690e121f0]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:d690e121f0][/color:d690e121f0]
  • Hoi Abraham 54,
    Heel erg bedankt voor je antwoord. Ik denk dat alles gelukt is wat je me opgedragen hebt.
    Hieronder vindt je het gevraagde log bestand.

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.08.22.05

    Windows XP Service Pack 3 x86 NTFS (Veilige modus/netwerkmogelijkheden)
    Internet Explorer 8.0.6001.18702
    HP_Administrator :: WILS [administrator]

    Realtime bescherming: Uitgeschakeld

    22-8-2012 17:32:59
    mbam-log-2012-08-22 (17-32-59).txt

    Scantype: Volledige scan (C:\|D:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 401550
    Verstreken tijd: 37 minuut/minuten, 24 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 1
    C:\WINDOWS\system32\chartify.dll (Trojan.Agent) -> Zal worden verwijderd tijdens het herstarten.

    Registersleutels gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|036DFF59B0385AC0000111D77B07D287 (Trojan.LameShield) -> Data: C:\Documents and Settings\All Users\Application Data\036DFF59B0385AC0000111D77B07D287\036DFF59B0385AC0000111D77B07D287.exe -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -> Data: C:\Documents and Settings\HP_Administrator\97c566ff-5679.exe -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 2
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

    Mappen gedetecteerd: 1
    C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Succesvol in quarantaine geplaatst en verwijderd.

    Ik heb inmiddels de Windows firewall weer ingeschakeld en Norton ook (dacht is ondanks dat er toch iets doorheen is gekomen wel handig….?)
    Is Kaspersky misschien een betere virus scanner of VGA?? of toch gewoon Norton blijven gebruiken??

    Is er nog iets wat ik kan doen om dit voortaan te voorkomen??
    Of was dit gewoon "bad luck"

    Nogmaals heel erg bedankt voor je duidelijke hulp.

    Laiverd
  • Hoi, je bent er nog niet hoor!

    [b:adc1ed7057]Welk programma[/b:adc1ed7057]: [b:adc1ed7057]ComboFix[/b:adc1ed7057][/color:adc1ed7057]
    [b:adc1ed7057]Waarvoor/waarom[/b:adc1ed7057]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
    [b:adc1ed7057]Moeilijkheidsgraad[/b:adc1ed7057]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:adc1ed7057]Downloadlokatie[/b:adc1ed7057]: Dit programma absoluut naar het bureaublad downloaden!
    [b:adc1ed7057]Download ComboFix via één van deze locaties[/b:adc1ed7057]:
    [list:adc1ed7057][*:adc1ed7057][b:adc1ed7057]Bleepingcomputer[/b:adc1ed7057]
    [*:adc1ed7057][b:adc1ed7057]ForoSpyware[/b:adc1ed7057]
    [*:adc1ed7057][b:adc1ed7057]Geekstogo[/b:adc1ed7057][/list:u:adc1ed7057]
    [b:adc1ed7057]Hier[/color:adc1ed7057][/b:adc1ed7057] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
    [b:adc1ed7057]Hier[/color:adc1ed7057][/b:adc1ed7057] en [b:adc1ed7057]hier[/color:adc1ed7057][/b:adc1ed7057] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:adc1ed7057]Opmerkingen[/b:adc1ed7057]:
    [list:adc1ed7057][*:adc1ed7057] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:adc1ed7057]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
    [*:adc1ed7057]Indien ComboFix een melding geeft over Zero-acces, meld dat vervolgens erbij in je nieuwe bericht.[/list:u:adc1ed7057]
    [b:adc1ed7057]ComboFix opstarten[/b:adc1ed7057]:
    [list:adc1ed7057][*:adc1ed7057][b:adc1ed7057]Windows 2000[/color:adc1ed7057][/b:adc1ed7057] en [b:adc1ed7057]Windows XP[/b:adc1ed7057][/color:adc1ed7057]: dubbelklik op ComboFix.exe.
    [*:adc1ed7057][b:adc1ed7057]Windows Vista[/b:adc1ed7057][/color:adc1ed7057] en [b:adc1ed7057]Windows 7[/b:adc1ed7057][/color:adc1ed7057]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:adc1ed7057]
    [b:adc1ed7057]ComboFix is opgestart[/b:adc1ed7057]:
    [list:adc1ed7057][*:adc1ed7057]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:adc1ed7057]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:adc1ed7057]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:adc1ed7057]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:adc1ed7057]Post de inhoud van dit logbestand in je volgende bericht.
    [*:adc1ed7057]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:adc1ed7057]
    [b:adc1ed7057]Belangrijke opmerking[/b:adc1ed7057]:
    [list:adc1ed7057][*:adc1ed7057][b:adc1ed7057]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:adc1ed7057][/b:adc1ed7057]
    [*:adc1ed7057][b:adc1ed7057]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:adc1ed7057][/b:adc1ed7057]
    [*:adc1ed7057][b:adc1ed7057]Start dan de computer opnieuw op.[/color:adc1ed7057][/b:adc1ed7057][/list:u:adc1ed7057]
  • Hoi Abraham54,
    Ja, sorry ik dacht nou ik ben er zo wel vanaf maar je hebt gelijk ik ben er nog lang niet.
    Ik heb nog een online free scan laten maken door Kaspersky waarvan ik nogal schrok (zie log hieronder) en toen MBAM nog 2 keer laten scannen maar dan een volledige scan en nu niet in veilige modus (want dacht dat hoeft niet meer…),
    zie log hieronder waarbij de 3-de keer er geen rare dingen meer werden gevonden.

    Log Kaspersky:
    Kaspersky scan

    Computer protection (0)
    Information about anti-virus software and firewalls installed on the computer.
    Kaspersky recommends Malware (57)
    Information about malware detected on the computer.
    Kaspersky recommends HEUR:Backdoor.Win64.Generic
    data0000.res
    C:\Documents and Settings\HP_Administrator\Bureaublad\rkill.com/
    2. HEUR:Trojan.Win32.Generic
    13a36cbf-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    3. HEUR:Trojan.Win32.Generic
    13bb1019-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    4. HEUR:Trojan.Win32.Generic
    1ba75361-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    5. HEUR:Trojan.Win32.Generic
    4d733328-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    6. HEUR:Trojan.Win32.Generic
    4feca72f-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    7. HEUR:Trojan.Win32.Generic
    5190944c-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    8. HEUR:Trojan.Win32.Generic
    54ad6460-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    9. HEUR:Trojan.Win32.Generic
    56789a74-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    10. HEUR:Trojan.Win32.Generic
    5f6ea519-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    11. HEUR:Trojan.Win32.Generic
    594d69cd-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    12. HEUR:Trojan.Win32.Generic
    702cd5f5-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    13. HEUR:Trojan.Win32.Generic
    7bd1de2c-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    14. HEUR:Trojan.Win32.Generic
    7c5fba1-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    15. HEUR:Trojan.Win32.Generic
    7debb669-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    16. HEUR:Trojan.Win32.Generic
    95b1f869-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    17. HEUR:Trojan.Win32.Generic
    9a8b2a1f-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    18. HEUR:Trojan.Win32.Generic
    56b92703-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    19. HEUR:Trojan.Win32.Generic
    b5679435-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    20. HEUR:Trojan.Win32.Generic
    b5ed8935-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    21. HEUR:Trojan.Win32.Generic
    86b516cd-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    22. HEUR:Trojan.Win32.Generic
    b6bb6263-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    23. HEUR:Trojan.Win32.Generic
    d330fa13-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    24. HEUR:Trojan.Win32.Generic
    d8d9b662-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    25. HEUR:Trojan.Win32.Generic
    df0ff621-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    26. HEUR:Trojan.Win32.Generic
    ded4a3a-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    27. HEUR:Trojan.Win32.Generic
    ded7b6dc-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    28. HEUR:Trojan.Win32.Generic
    e324048-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    29. HEUR:Trojan.Win32.Generic
    ec6c82fc-5679.tmp
    C:\Documents and Settings\HP_Administrator\Local Settings\Temp
    30. UDS:DangerousObject.Multi.Generic
    director2.htm
    C:\Program Files\HP\Digital Imaging\bbfe\director
    31. UDS:DangerousObject.Multi.Generic
    bldmenu.js
    C:\Program Files\HP\Digital Imaging\bbfe\director\js
    32. UDS:DangerousObject.Multi.Generic
    dir.js
    C:\Program Files\HP\Digital Imaging\bbfe\director\js
    33. UDS:DangerousObject.Multi.Generic
    menu.js
    C:\Program Files\HP\Digital Imaging\bbfe\director\js
    34. UDS:DangerousObject.Multi.Generic
    dir-strings.txt
    C:\Program Files\HP\Digital Imaging\bbfe\director\loc
    35. UDS:DangerousObject.Multi.Generic
    hpqprjfx_dummy.dll
    C:\Program Files\HP\Digital Imaging\bin
    36. UDS:DangerousObject.Multi.Generic
    director.ini
    C:\Program Files\HP\Digital Imaging\data
    37. UDS:DangerousObject.Multi.Generic
    cproj.dll
    C:\Program Files\HP\Digital Imaging\data\projectsspecs
    38. UDS:DangerousObject.Multi.Generic
    cproj.dll
    C:\Program Files\HP\Digital Imaging\data\projectstemplates
    39. UDS:DangerousObject.Multi.Generic
    Ut_Copy.dll
    C:\Program Files\HP\Digital Imaging\help
    40. UDS:DangerousObject.Multi.Generic
    SkinsHP1_cp.dll
    C:\Program Files\HP\Digital Imaging\Skins\hp1\cp
    41. HEUR:Trojan.Win32.Generic
    A0118485.exe
    C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP1800
    42. HEUR:Trojan.Win32.Generic
    A0118491.dll
    C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP1800
    43. HEUR:Trojan.Win32.Generic
    A0118488.exe
    C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP1800
    44. HEUR:Trojan.Win32.Generic
    150ff280-5679.tmp
    C:\WINDOWS\Temp
    45. HEUR:Trojan.Win32.Generic
    27bbde8c-5679.tmp
    C:\WINDOWS\Temp
    46. HEUR:Trojan.Win32.Generic
    414351fe-5679.tmp
    C:\WINDOWS\Temp
    47. HEUR:Trojan.Win32.Generic
    50933041-5679.tmp
    C:\WINDOWS\Temp
    48. HEUR:Trojan.Win32.Generic
    545e90a6-5679.tmp
    C:\WINDOWS\Temp
    49. HEUR:Trojan.Win32.Generic
    65784e45-5679.tmp
    C:\WINDOWS\Temp
    50. HEUR:Trojan.Win32.Generic
    6b956c1d-5679.tmp
    C:\WINDOWS\Temp
    51. HEUR:Trojan.Win32.Generic
    822300d9-5679.tmp
    C:\WINDOWS\Temp
    52. HEUR:Trojan.Win32.Generic
    8279c732-5679.tmp
    C:\WINDOWS\Temp
    53. HEUR:Trojan.Win32.Generic
    d0922a9b-5679.tmp
    C:\WINDOWS\Temp
    54. HEUR:Trojan.Win32.Generic
    dca2fd31-5679.tmp
    C:\WINDOWS\Temp
    55. HEUR:Trojan.Win32.Generic
    ec130128-5679.tmp
    C:\WINDOWS\Temp
    56. HEUR:Trojan.Win32.Generic
    fecbc256-5679.tmp
    C:\WINDOWS\Temp
    57. HEUR:Trojan.Win32.Generic
    ff03e0e3-5679.tmp
    C:\WINDOWS\Temp
    Vulnerabilities (5)
    Information about applications and operating system components in which vulnerabilities have been detected.
    1. C:\Program Files\Adobe\Adobe Flash CS3\Players\Debug\FlashPlayer.exe
    2. C:\Program Files\iTunes\iTunes.exe
    3. C:\Program Files\Java\jre6\bin\java.exe
    4. C:\Program Files\QuickTime\QuickTimePlayer.exe
    5. C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
    Other issues (12)
    Information about vulnerabilities associated with the settings of installed applications and the operating system.
    1. "Autorun from hard drives is allowed"
    2. "Autorun from network drives is enabled"
    3. "CD/DVD autorun is enabled"
    4. "Removable media autorun is enabled"
    5. "Microsoft Internet Explorer: clear history of typed URLs"
    6. "Microsoft Internet Explorer - disable caching data received via protected channel"
    7. "Microsoft Internet Explorer: disable sending error reports"
    8. "Microsoft Internet Explorer: clear the list of trusted domains"
    9. "Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
    10. "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
    11. "Windows Explorer: display of known file types extensions is disabled"
    12. "Microsoft Internet Explorer: start page reset"


    1-ste volledige scan log:
    Het logbestand na verwijdering.
    Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.08.22.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP_Administrator :: WILS [administrator]

    Realtime bescherming: Ingeschakeld

    22-8-2012 21:16:28
    mbam-log-2012-08-22 (21-16-28).txt

    Scantype: Volledige scan (C:\|D:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 406146
    Verstreken tijd: 1 uur/uren, 6 minuut/minuten, 49 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 2
    C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP1800\A0118485.exe (Trojan.LameShield) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\System Volume Information\_restore{91722856-1EE5-4CF5-9506-1BE04AA827F5}\RP1800\A0118491.dll (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
    2-de volledige scan MBAM log:
    Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.08.22.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP_Administrator :: WILS [administrator]

    Realtime bescherming: Ingeschakeld

    22-8-2012 22:42:11
    mbam-log-2012-08-22 (22-42-11).txt

    Scantype: Volledige scan (C:\|D:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 406173
    Verstreken tijd: 1 uur/uren, 9 minuut/minuten, 49 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    Toen Norton geupdated naar Norton 360 V6
    Toen keek ik nog eens naar het forum en zag daar ik jouw nieuwe bericht.
    Heb Combofix volgens de instructies gedownload en vanochtend laten scannen.
    Ik ben alleen bang dat ik met het uitzetten van Norton en de nu Norton Firewall ook internet heb uitgezet want de uiterst belangrijke WINDOWS RECOVERY CONSOLE kon niet gedownload worden. (geen internet verbinding) Combofix is toen verder gegaan zonder deze te hebben geïnstalleerd en dit is geloof ik wel goed gegaan want alles doet het nog….?

    Hier het log van de scan:

    ComboFix 12-08-22.03 - HP_Administrator 23-08-2012 14:07:20.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1022.322 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\HP_Administrator\Bureaublad\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\HP_Administrator\Mijn documenten\DPE.DUS
    c:\documents and settings\HP_Administrator\WINDOWS
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\SET1004.tmp
    c:\windows\system32\SET1009.tmp
    c:\windows\system32\SETF61.tmp
    c:\windows\system32\SETF62.tmp
    c:\windows\system32\SETF63.tmp
    c:\windows\system32\SETF64.tmp
    c:\windows\system32\SETF65.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    D:\Autorun.inf
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-23 to 2012-08-23 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-23 00:56 . 2012-08-23 00:56 60872 —-a-w- c:\windows\system32\S32EVNT1.DLL
    2012-08-23 00:56 . 2012-08-23 00:56 141944 —-a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-08-23 00:56 . 2012-08-23 00:56 ——– d—–w- c:\program files\Symantec
    2012-08-23 00:51 . 2012-08-23 00:51 ——– d—–w- c:\windows\system32\drivers\N360
    2012-08-23 00:51 . 2012-08-23 00:51 ——– d—–w- c:\program files\Norton 360
    2012-08-23 00:45 . 2012-08-23 00:45 ——– d—–w- c:\documents and settings\All Users\Application Data\PCSettings
    2012-08-22 16:58 . 2012-08-22 16:58 ——– d—–w- c:\program files\Kaspersky Lab
    2012-08-22 15:31 . 2012-08-22 15:31 ——– d—–w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
    2012-08-22 15:31 . 2012-08-22 15:31 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-08-22 15:31 . 2012-08-22 15:31 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-22 15:31 . 2012-07-03 11:46 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-17 12:09 . 2012-08-17 12:09 ——– d—–w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Installer5576
    2012-08-17 09:28 . 2012-08-17 09:30 ——– d—–w- c:\documents and settings\All Users\Application Data\036DFF59B0385AC0000111D77B07D287
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 13:58 . 2004-09-02 11:00 78336 —-a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2004-09-02 11:00 139784 —-a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 18:23 . 2004-09-02 11:00 1866240 —-a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:38 . 2004-09-02 11:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:38 . 2004-09-02 11:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:38 . 2004-09-02 11:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2004-09-02 11:00 385024 —-a-w- c:\windows\system32\html.iec
    2012-06-05 15:49 . 2008-09-22 21:06 1372672 ——w- c:\windows\system32\msxml6.dll
    2012-06-05 15:49 . 2004-09-02 11:00 1172480 —-a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2004-09-02 11:00 152576 —-a-w- c:\windows\system32\schannel.dll
    2012-06-02 13:19 . 2007-06-21 03:15 18456 —-a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 13:19 . 2004-09-02 11:00 329240 —-a-w- c:\windows\system32\wucltui.dll
    2012-06-02 13:19 . 2004-09-02 11:00 219160 —-a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 13:19 . 2004-09-02 11:00 210968 —-a-w- c:\windows\system32\wuweb.dll
    2012-06-02 13:19 . 2005-05-26 03:16 45080 —-a-w- c:\windows\system32\wups2.dll
    2012-06-02 13:19 . 2004-09-02 11:00 97304 —-a-w- c:\windows\system32\cdm.dll
    2012-06-02 13:19 . 2004-09-02 11:00 53784 —-a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 13:19 . 2004-09-02 11:00 35864 —-a-w- c:\windows\system32\wups.dll
    2012-06-02 13:19 . 2007-06-21 03:15 15896 —-a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 13:19 . 2007-06-21 03:15 15896 —-a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 13:19 . 2004-09-02 11:00 577048 —-a-w- c:\windows\system32\wuapi.dll
    2012-06-02 13:19 . 2007-06-21 03:15 24088 —-a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 13:19 . 2004-09-02 11:00 1933848 —-a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 13:19 . 2009-09-09 14:18 18160 —-a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 13:18 . 2009-09-09 14:18 275696 —-a-w- c:\windows\system32\mucltui.dll
    2012-06-02 13:18 . 2008-10-16 12:07 214256 —-a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2004-09-02 11:00 602624 —-a-w- c:\windows\system32\crypt32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
    "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
    "MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
    "KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
    "nwiz"="nwiz.exe" [2006-10-31 1622016]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-10-3 295606]
    Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
    Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-6-19 118784]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-3 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-3 27136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0603000.00E\SymDS.sys [23-8-2012 2:53 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0603000.00E\SymEFA.sys [23-8-2012 2:53 924320]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120803.001\BHDrvx86.sys [23-8-2012 11:56 821920]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0603000.00E\ccSetx86.sys [23-8-2012 2:53 132768]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0603000.00E\Ironx86.sys [23-8-2012 2:53 149624]
    R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [25-4-2012 19:53 202296]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22-8-2012 17:31 655944]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [23-8-2012 2:52 138272]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 14:21 92592]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [3-1-2006 3:24 2829696]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23-8-2012 2:57 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120822.001\IDSXpx86.sys [22-8-2012 2:09 373216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22-8-2012 17:31 22344]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3-1-2006 3:24 468768]
    S2 5679;5679;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\5679.sys –> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\5679.sys [?]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6-1-2010 21:33 135664]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6-1-2010 21:33 135664]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    2012-08-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-20 16:58]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:32]
    .
    2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:32]
    .
    2012-06-28 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 2400 seriesA3652443A372B157BFD83129692C2C2475483DE7172652666.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 17:50]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 192.168.1.1
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
    DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eu7jwltm.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-PCDrProfiler - (no file)
    HKLM-Run-DXDllRegExe - dxdllreg.exe
    HKLM-Run-MsgCenterExe - c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-23 14:26
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(5996)
    c:\windows\system32
    view.dll
    c:\windows\system32\NVWRSNL.DLL
    c:\windows\system32
    vwddi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\rundll32.exe
    c:\windows\system32
    vsvc32.exe
    c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Java\jre6\bin\jucheck.exe
    c:\hp\KBD\KBD.EXE
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-08-23 14:35:22 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-08-23 12:35
    .
    Pre-Run: 121.101.213.696 bytes beschikbaar
    Post-Run: 121.697.832.960 bytes beschikbaar
    .
    - - End Of File - - AE6E8F4613BABD5131FF3CDFABF4F60E

    Nu zit ik te denken of het misschien handig is om de Recovery Console toch maar te downloaden, internet doet het nu n.l. weer alleen is het wel raar dat ik niet naar Google kan.

    Dit is een lange beschrijving geworden hoop dat je me verder kunt helpen met het schoonmaken van mijn computer.

    M.vr.gr.
    Laiverd
  • We gaan nu OTL gebruiken.
    Mede om alle nu onbetrouwbare systeemhestelpunten te wissen.
    En er wordt ook een nieuw herstelpunt aangemaakt.
    Is dat gedaan - dan mag je daarna de Kaspersky Onlinescanner weer gebruiken.
    En dan graag zowel het OTL-log alsook het Kaspersky-log weer posten.


    [b:928450962c]Welk programma[/b:928450962c]: [b:928450962c]OTL.com[/b:928450962c][/color:928450962c]
    [b:928450962c]Waarvoor/waarom[/b:928450962c]: multifunktioneel tool - analyse en fix
    [b:928450962c]Moeilijkheidsgraad[/b:928450962c]: geen.
    [b:928450962c]Download[/b:928450962c]: [b:928450962c]OTL[/color:928450962c][/b:928450962c] en plaats het bestand op het bureaublad.


    [b:928450962c]Sluit voordat OTL[/color:928450962c] de fix gaat doen, eerst alle andere openstaande vensters![/b:928450962c]

    [list:928450962c][*:928450962c]Dubblklik op [img:928450962c]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:928450962c]
    [*:928450962c]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het kader onder [img:928450962c]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:928450962c]

    [b:928450962c]
    :OTL


    :Services


    :Reg


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [emptyjava]
    [emptyflash]
    [ClearAllRestorePoints]
    [reboot][/color:928450962c][/b:928450962c]


    [*:928450962c]Klik daarna bovenaan op [img:928450962c]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:928450962c]
    [*:928450962c]Laat het programma ongestoord zijn werk doen.
    [*:928450962c][b:928450962c]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:928450962c][/color:928450962c]
    [*:928450962c]Klik op [b:928450962c]OK[/b:928450962c]
    [*:928450962c]Na het opnieuw opstarten wordt enkel een nieuw log geopend.
    [*:928450962c]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:928450962c]
  • Hoi Abraham54,
    Ik heb nu toch wel een probleempje denk ik.
    Ik heb via jouw linkje OTL gedownload en op het bureaublad gezet.
    Dit programma heet OTL.com. Het laat alleen niet het icoontje zien wat jij als afbeelding hebt maar een DOS icoontje.
    Daar heb ik op gedubbelklikt en het laten uitvoeren.
    Kreeg zoals in jouw uitleg dezelfde afbeelding van het programma.
    Toen netjes alle blauwe vetgedrukte tekst in het daarvoor bestemde vak geplakt en alles nog eens gedubbelchecked op eventuele missende punten, komma's etc.
    en toen netjes op RunFix geklikt.
    In het venster onderaan kwam de text: Do not interrupt etc.
    Ik ben hier rond middernacht mee begonnen, heb af en toe eens gekeken maar het leek alsof er niets gebeurde. Vanochtend stond OTL nog net zo als gisteravond maar kon niets meer doen met de muis.
    Heb de comuter uitgezet en weer aan en OTL verwijderd van het tabblad.
    Via internet naar Geeks.com gegaan.
    Je hebt blijkt OTL's met verschillende extinties. Nu heb ik .exe en .com op het bureaublad gezet.
    Bij de .com versie zegt Norton dat het veilig is. Bij de .exe versie zegt Norton niets maar deze heeft wel het icoontje zoals in jouw uitleg.
    Nu is mijn vraag: zijn het dezelfde programma's en maakt het verder niet uit welke ik gebruik? en wat ging er mis met mijn vorige poging??
    En zal ik het nog een keer proberen en zo ja met welke van de 2?
    Alvast bedankt voor je uitleg/hulp.
    M.vr.gr.
    Laiverd
  • Download OTL via mijn aanklikbare regel.
    Voordat je OTL dan opstart, deaktiveer je Norton.
    En voer dan nogmaals de opdracht uit en zorg er voor dat er geen programma's door jou worden opgestart tijdens het proces!
  • Hoi Abraham54,
    Heb alle 2 de OTL's van m'n bureaublad verwijderd en daarna jouw link weer gebruikt.
    Norton voor 1 uur uitgezet (virusscanner en firewall) en ook MBAM uitgezet.
    Alle programma's gesloten.
    Dik gedrukte blauwe script gekopieerd, Dubbelgeklikt op icontje van OTL.com en geplakt in OTL in het daarvoor bestemde vak.
    Op RunFix geklikt en daarna de muis losgelaten.
    Onderin window staat: Killing processes DO NOT INTERRUPT
    Dit is zo'n 6 minuten geleden geweest.
    Computer geeft nu een blauw scherm met alleen OTL er nog op.
    Zo te zien gebeurd er verder niets.
    Hoe lang moet dit programma ongeveer duren??
    Of ben ik nu alles kwijt?

    M.vr.gr.
    Laiverd
  • Er klopt gewoon iets niet.

    Doe de ComboFix scan nogmaals.
    Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

    - of ComboFix wil geupdated worden;
    - of ComboFix wil opnieuw gedownload worden.

    Krijg je dus zo'n melding, dan dit ook uitvoeren.
    Post de inhoud van het log wederom via de kleurcodeerder.

    Post wederom de inhoud van het ComboFix-log.
  • Hoi Abraham54,
    Ben ik weer. Heb'de computer na een uur van wachten uit en toen weer aangezet.
    Alles doet het weer maar OTL is niet aan het werk geweest.
    Wat doe ik fout??
    Heb nu alles in het startmenu uitgezet (van HPprinter tot TomTom).
    Volgens mij draait er nu niets, heb ook na het weer aanzetten geen programma meer opgestart.
    Zal ik Norton weer uitzetten (maar nu tot nader order) en MBAM en het nog eens proberen?

    M.vr.gr.
    Laiverd
  • Oeps krijg na mijn post je bericht.
    Ga Combofix zoals je voorsteld weer laten scannen en dan meld ik me weer.
    M.vr.gr.
    Laiverd
  • Nou, Combofix scant weer. Weet denk ik nu ook waar het foutje lag waarom OTL niet scande….
    Had Norton toch niet helemaal afgesloten denk ik….?
    Kreeg wel weer de melding dat de Windows Recovery Console niet gedownload kon worden.
    Heb overigens geprobeerd dat zelf te doen maar begreep de instructies op Microsoft.com niet al te goed. (raakte door de mogelijkheden en niet mogelijkheden het overzicht kwijt)

    M.vr.gr.
    Laiverd
  • Hoi Abraham54,
    Nou, de Combofix scan is gelukt. En deze keer deed de scan er een stuk minder lang over.
    Hieronder de ComboFix logfile.

    ComboFix 12-08-22.03 - HP_Administrator 24-08-2012 14:31:35.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1006.188 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\HP_Administrator\Bureaublad\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-24 to 2012-08-24 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-23 23:36 . 2012-08-23 23:36 ——– d—–w- C:\_OTL
    2012-08-23 00:56 . 2012-08-23 00:56 60872 —-a-w- c:\windows\system32\S32EVNT1.DLL
    2012-08-23 00:56 . 2012-08-23 00:56 141944 —-a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-08-23 00:56 . 2012-08-23 00:56 ——– d—–w- c:\program files\Symantec
    2012-08-23 00:51 . 2012-08-23 00:51 ——– d—–w- c:\windows\system32\drivers\N360
    2012-08-23 00:51 . 2012-08-23 00:51 ——– d—–w- c:\program files\Norton 360
    2012-08-23 00:45 . 2012-08-23 00:45 ——– d—–w- c:\documents and settings\All Users\Application Data\PCSettings
    2012-08-22 16:58 . 2012-08-22 16:58 ——– d—–w- c:\program files\Kaspersky Lab
    2012-08-22 15:31 . 2012-08-22 15:31 ——– d—–w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
    2012-08-22 15:31 . 2012-08-22 15:31 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-08-22 15:31 . 2012-08-22 15:31 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-22 15:31 . 2012-07-03 11:46 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-17 12:09 . 2012-08-17 12:09 ——– d—–w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Installer5576
    2012-08-17 09:28 . 2012-08-17 09:30 ——– d—–w- c:\documents and settings\All Users\Application Data\036DFF59B0385AC0000111D77B07D287
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 13:58 . 2004-09-02 11:00 78336 —-a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05 . 2004-09-02 11:00 139784 —-a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 18:23 . 2004-09-02 11:00 1866240 —-a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:38 . 2004-09-02 11:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:38 . 2004-09-02 11:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:38 . 2004-09-02 11:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05 . 2004-09-02 11:00 385024 —-a-w- c:\windows\system32\html.iec
    2012-06-05 15:49 . 2008-09-22 21:06 1372672 ——w- c:\windows\system32\msxml6.dll
    2012-06-05 15:49 . 2004-09-02 11:00 1172480 —-a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2004-09-02 11:00 152576 —-a-w- c:\windows\system32\schannel.dll
    2012-06-02 13:19 . 2007-06-21 03:15 18456 —-a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 13:19 . 2004-09-02 11:00 329240 —-a-w- c:\windows\system32\wucltui.dll
    2012-06-02 13:19 . 2004-09-02 11:00 219160 —-a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 13:19 . 2004-09-02 11:00 210968 —-a-w- c:\windows\system32\wuweb.dll
    2012-06-02 13:19 . 2005-05-26 03:16 45080 —-a-w- c:\windows\system32\wups2.dll
    2012-06-02 13:19 . 2004-09-02 11:00 97304 —-a-w- c:\windows\system32\cdm.dll
    2012-06-02 13:19 . 2004-09-02 11:00 53784 —-a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 13:19 . 2004-09-02 11:00 35864 —-a-w- c:\windows\system32\wups.dll
    2012-06-02 13:19 . 2007-06-21 03:15 15896 —-a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 13:19 . 2007-06-21 03:15 15896 —-a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 13:19 . 2004-09-02 11:00 577048 —-a-w- c:\windows\system32\wuapi.dll
    2012-06-02 13:19 . 2007-06-21 03:15 24088 —-a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 13:19 . 2004-09-02 11:00 1933848 —-a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 13:19 . 2009-09-09 14:18 18160 —-a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 13:18 . 2009-09-09 14:18 275696 —-a-w- c:\windows\system32\mucltui.dll
    2012-06-02 13:18 . 2008-10-16 12:07 214256 —-a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2004-09-02 11:00 602624 —-a-w- c:\windows\system32\crypt32.dll
    2012-07-14 00:15 . 2012-08-23 14:31 136672 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-23_12.24.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-08-24 12:06 . 2012-08-24 12:06 16384 c:\windows\Temp\Perflib_Perfdata_b2c.dat
    + 2012-08-24 11:59 . 2012-08-24 11:59 16384 c:\windows\Temp\Perflib_Perfdata_980.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
    "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
    "MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
    "KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
    "nwiz"="nwiz.exe" [2006-10-31 1622016]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-10-3 295606]
    Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
    Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-6-19 118784]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    c:\documents and settings\Default User\Menu Start\Programma's\Opstarten\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-1-3 27136]
    PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-1-3 27136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0603000.00E\SymDS.sys [23-8-2012 2:53 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0603000.00E\SymEFA.sys [23-8-2012 2:53 924320]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120803.001\BHDrvx86.sys [23-8-2012 11:56 821920]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0603000.00E\ccSetx86.sys [23-8-2012 2:53 132768]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0603000.00E\Ironx86.sys [23-8-2012 2:53 149624]
    R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [25-4-2012 19:53 202296]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22-8-2012 17:31 655944]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [23-8-2012 2:52 138272]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-4-2011 14:21 92592]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [3-1-2006 3:24 2829696]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23-8-2012 2:57 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120823.001\IDSXpx86.sys [24-8-2012 10:45 373216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22-8-2012 17:31 22344]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [3-1-2006 3:24 468768]
    S2 5679;5679;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\5679.sys –> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\5679.sys [?]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6-1-2010 21:33 135664]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6-1-2010 21:33 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [23-8-2012 16:31 113120]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    .
    2012-08-24 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-20 16:58]
    .
    2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:32]
    .
    2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:32]
    .
    2012-06-28 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 2400 seriesA3652443A372B157BFD83129692C2C2475483DE7172652666.job
    - c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 17:50]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.nu.nl/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    TCP: DhcpNameServer = 213.46.228.196 62.179.104.196 192.168.1.1
    DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab
    DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eu7jwltm.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-24 14:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(5064)
    c:\windows\system32
    view.dll
    c:\windows\system32\NVWRSNL.DLL
    c:\windows\system32
    vwddi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2012-08-24 14:46:19
    ComboFix-quarantined-files.txt 2012-08-24 12:46
    ComboFix2.txt 2012-08-23 12:35
    .
    Pre-Run: 121.614.532.608 bytes beschikbaar
    Post-Run: 121.625.620.480 bytes beschikbaar
    .
    - - End Of File - - DC79A1831D996613404D2A2DA00F29A9

    Ik wacht op antwoord voor de volgende stap??

    M.vr.gr.

    Laiverd
  • Wil jij nu proberen of het volgende wel wil:

    [b:ebdbc74a56]Welk programma[/b:ebdbc74a56]: [b:ebdbc74a56]OTL.com[/b:ebdbc74a56][/color:ebdbc74a56]
    [b:ebdbc74a56]Waarvoor/waarom[/b:ebdbc74a56]: multifunktioneel tool - analyse en fix
    [b:ebdbc74a56]Moeilijkheidsgraad[/b:ebdbc74a56]: geen.
    [b:ebdbc74a56]Download[/b:ebdbc74a56]: [b:ebdbc74a56]OTL[/color:ebdbc74a56][/b:ebdbc74a56] en plaats het bestand op het bureaublad.

    [b:ebdbc74a56]OTL.com[/color:ebdbc74a56] gebruiken[/b:ebdbc74a56]:
    [list:ebdbc74a56][*:ebdbc74a56] [b:ebdbc74a56]Sluit nu eerst alle nog openstaande programmavensters![/color:ebdbc74a56][/b:ebdbc74a56]
    [list:ebdbc74a56][*:ebdbc74a56]Dubblklik op [img:ebdbc74a56]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:ebdbc74a56]
    [/list:u:ebdbc74a56][/list:u:ebdbc74a56]
    [list:ebdbc74a56][*:ebdbc74a56]Zet een vinkje bij [b:ebdbc74a56]Scan All Users[/b:ebdbc74a56][/color:ebdbc74a56].
    [*:ebdbc74a56]Klik op [img:ebdbc74a56]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:ebdbc74a56].
    [*:ebdbc74a56]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:ebdbc74a56]De scan zal niet heel erg lang duren.
    [list:ebdbc74a56][*:ebdbc74a56]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:ebdbc74a56]OTL.Txt[/b:ebdbc74a56] en [b:ebdbc74a56]Extras.txt[/b:ebdbc74a56].
    [*:ebdbc74a56]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:ebdbc74a56]
    [*:ebdbc74a56][b:ebdbc74a56]Notabene:[/b:ebdbc74a56][/color:ebdbc74a56] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:ebdbc74a56]
  • Hoi Abraham54,
    Hier het OTL.txt log van de OTL scan.
    Daaronder volgt de Extras.txt


    OTL logfile created on: 27-8-2012 14:57:49 - Run 1
    OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\HP_Administrator\Bureaublad
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1022,38 Mb Total Physical Memory | 306,18 Mb Available Physical Memory | 29,95% Memory free
    2,40 Gb Paging File | 1,72 Gb Available in Paging File | 71,76% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 226,87 Gb Total Space | 113,16 Gb Free Space | 49,88% Space Free | Partition Type: NTFS
    Drive D: | 6,00 Gb Total Space | 0,89 Gb Free Space | 14,87% Space Free | Partition Type: FAT32

    Computer Name: WILS | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:7fe680a7e2]

    PRC - [2012-08-24 12:31:48 | 000,596,480 | —- | M] (OldTimer Tools) – C:\Documents and Settings\HP_Administrator\Bureaublad\OTL.com
    PRC - [2012-07-03 13:46:44 | 000,655,944 | —- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012-07-03 13:46:44 | 000,462,920 | —- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012-06-15 20:24:20 | 000,138,272 | R— | M] (Symantec Corporation) – C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
    PRC - [2012-04-25 19:53:38 | 000,202,296 | —- | M] (Kaspersky Lab ZAO) – C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    PRC - [2011-11-14 13:02:04 | 000,435,672 | —- | M] (TomTom) – C:\Program Files\MyTomTom 3\MyTomTomSA.exe
    PRC - [2011-04-22 14:21:10 | 000,092,592 | —- | M] (TomTom) – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2009-10-07 01:47:34 | 000,154,136 | —- | M] (Logitech Inc.) – C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008-04-14 19:02:58 | 001,037,312 | —- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
    PRC - [2007-10-03 19:36:52 | 000,654,848 | —- | M] (Macrovision Europe Ltd.) – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2007-02-22 18:32:12 | 000,118,784 | —- | M] (OLYMPUS IMAGING CORP.) – C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
    PRC - [2006-10-22 23:24:02 | 000,620,152 | —- | M] (Adobe Systems Inc.) – C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    PRC - [2006-07-06 15:15:00 | 000,151,552 | —- | M] (Intel Corporation) – C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006-07-06 15:14:30 | 000,090,112 | —- | M] (Intel Corporation) – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2006-06-02 00:25:00 | 000,180,224 | —- | M] (Intel Corporation) – C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
    PRC - [2006-04-13 03:05:00 | 000,090,112 | —- | M] (Sonic Solutions) – C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe


    ========== Modules (No Company Name) ==========[/color:7fe680a7e2]

    MOD - [2012-04-25 19:52:28 | 001,270,160 | —- | M] () – C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
    MOD - [2012-04-25 19:52:26 | 007,422,352 | —- | M] () – C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
    MOD - [2012-04-25 19:52:24 | 000,795,024 | —- | M] () – C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
    MOD - [2012-04-25 19:52:24 | 000,192,912 | —- | M] () – C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
    MOD - [2012-04-25 19:52:22 | 002,453,904 | —- | M] () – C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
    MOD - [2012-04-25 19:52:22 | 002,126,224 | —- | M] () – C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
    MOD - [2011-11-14 13:02:08 | 000,202,712 | —- | M] () – C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
    MOD - [2011-11-14 13:02:06 | 000,063,960 | —- | M] () – C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
    MOD - [2011-11-14 13:01:52 | 007,964,160 | —- | M] () – C:\Program Files\MyTomTom 3\QtGui4.dll
    MOD - [2011-11-14 13:01:52 | 002,648,064 | —- | M] () – C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
    MOD - [2011-11-14 13:01:52 | 002,302,464 | —- | M] () – C:\Program Files\MyTomTom 3\QtCore4.dll
    MOD - [2011-11-14 13:01:52 | 000,980,480 | —- | M] () – C:\Program Files\MyTomTom 3\QtNetwork4.dll
    MOD - [2011-11-14 13:01:52 | 000,357,888 | —- | M] () – C:\Program Files\MyTomTom 3\QtXml4.dll
    MOD - [2011-10-14 18:38:00 | 000,456,192 | —- | M] () – C:\WINDOWS\system32\encdec.dll
    MOD - [2011-02-04 18:48:30 | 000,291,840 | —- | M] () – C:\WINDOWS\system32\sbe.dll
    MOD - [2009-09-04 23:15:06 | 000,067,872 | —- | M] () – C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2008-04-14 19:02:30 | 000,014,336 | —- | M] () – C:\WINDOWS\system32\msdmo.dll
    MOD - [2006-10-31 14:35:00 | 001,470,464 | —- | M] () – C:\WINDOWS\system32
    view.dll
    MOD - [2006-10-31 14:35:00 | 000,466,944 | —- | M] () – C:\WINDOWS\system32
    vshell.dll
    MOD - [2006-10-31 14:35:00 | 000,196,608 | —- | M] () – C:\WINDOWS\system32
    vapi.dll
    MOD - [2006-10-09 16:12:30 | 000,224,256 | —- | M] () – C:\WINDOWS\system32\psisrndr.ax
    MOD - [2006-10-09 16:12:14 | 000,235,008 | —- | M] () – C:\WINDOWS\system32\psisdecd.dll
    MOD - [2005-08-18 07:56:52 | 000,167,936 | —- | M] () – C:\WINDOWS\system32\wstpager.ax
    MOD - [2005-08-18 07:56:52 | 000,159,744 | —- | M] () – C:\WINDOWS\system32\VBICodec.ax
    MOD - [2005-08-18 07:56:52 | 000,062,976 | —- | M] () – C:\WINDOWS\system32\mpeg2data.ax
    MOD - [2005-08-18 06:02:16 | 000,165,376 | —- | M] () – C:\WINDOWS\system32\mpg2splt.ax
    MOD - [2005-08-18 06:01:34 | 000,064,512 | —- | M] () – C:\WINDOWS\system32\msnp.ax
    MOD - [2005-07-30 21:00:40 | 000,114,688 | —- | M] () – C:\WINDOWS\system32\OdiOlDVR.dll
    MOD - [2004-06-21 10:14:54 | 000,053,248 | —- | M] () – C:\WINDOWS\system32\OdiAPI.dll
    MOD - [2003-08-11 08:44:18 | 000,565,248 | R— | M] () – C:\WINDOWS\system32\hpotscl.dll


    ========== Win32 Services (SafeList) ==========[/color:7fe680a7e2]

    SRV - File not found [Auto | Stopped] – C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe – (Planner voor Automatische LiveUpdate)
    SRV - [2012-07-14 02:13:54 | 000,113,120 | —- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)
    SRV - [2012-07-03 13:46:44 | 000,655,944 | —- | M] (Malwarebytes Corporation) [Auto | Running] – C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe – (MBAMService)
    SRV - [2012-06-15 20:24:20 | 000,138,272 | R— | M] (Symantec Corporation) [Auto | Running] – C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe – (N360)
    SRV - [2012-04-25 19:53:38 | 000,202,296 | —- | M] (Kaspersky Lab ZAO) [Auto | Running] – C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe – (KSS)
    SRV - [2011-04-22 14:21:10 | 000,092,592 | —- | M] (TomTom) [Auto | Running] – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe – (TomTomHOMEService)
    SRV - [2009-10-07 01:47:34 | 000,154,136 | —- | M] (Logitech Inc.) [Auto | Running] – C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe – (LVPrcSrv)
    SRV - [2007-10-03 19:36:52 | 000,654,848 | —- | M] (Macrovision Europe Ltd.) [On_Demand | Running] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)
    SRV - [2007-03-20 16:41:24 | 000,153,792 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe – (Adobe Version Cue CS3)
    SRV - [2006-07-06 15:14:30 | 000,090,112 | —- | M] (Intel Corporation) [Auto | Running] – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe – (IAANTMON)
    SRV - [2006-06-02 00:25:00 | 000,180,224 | —- | M] (Intel Corporation) [Auto | Running] – C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe – (ELService)


    ========== Driver Services (SafeList) ==========[/color:7fe680a7e2]

    DRV - File not found [Kernel | On_Demand | Stopped] – – (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] – – (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] – – (PCIDump)
    DRV - File not found [Kernel | System | Stopped] – – (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] – – (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] – – (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys – (catchme)
    DRV - File not found [Kernel | Auto | Stopped] – C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\5679.sys – (5679)
    DRV - [2012-08-23 02:56:03 | 000,141,944 | —- | M] (Symantec Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\SYMEVENT.SYS – (SymEvent)
    DRV - [2012-08-22 02:09:50 | 000,373,216 | —- | M] (Symantec Corporation) [Kernel | On_Demand | Running] – C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120824.001\IDSXpx86.sys – (IDSxpx86)
    DRV - [2012-08-22 01:00:00 | 001,601,184 | —- | M] (Symantec Corporation) [Kernel | On_Demand | Running] – C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120826.009\NAVEX15.SYS – (NAVEX15)
    DRV - [2012-08-22 01:00:00 | 000,376,480 | —- | M] (Symantec Corporation) [Kernel | System | Running] – C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys – (eeCtrl)
    DRV - [2012-08-22 01:00:00 | 000,106,656 | —- | M] (Symantec Corporation) [Kernel | On_Demand | Running] – C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys – (EraserUtilRebootDrv)
    DRV - [2012-08-22 01:00:00 | 000,092,704 | —- | M] (Symantec Corporation) [Kernel | On_Demand | Running] – C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120826.009\NAVENG.SYS – (NAVENG)
    DRV - [2012-07-05 20:17:58 | 000,574,112 | R— | M] (Symantec Corporation) [File_System | On_Demand | Running] – C:\WINDOWS\system32\drivers\N360\0603000.00E\srtsp.sys – (SRTSP)
    DRV - [2012-07-05 20:17:58 | 000,032,928 | R— | M] (Symantec Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\N360\0603000.00E\srtspx.sys – (SRTSPX)
    DRV - [2012-07-03 13:46:44 | 000,022,344 | —- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] – C:\WINDOWS\system32\drivers\mbam.sys – (MBAMProtector)
    DRV - [2012-06-18 19:02:26 | 000,821,920 | —- | M] (Symantec Corporation) [Kernel | System | Running] – C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120803.001\BHDrvx86.sys – (BHDrvx86)
    DRV - [2012-06-06 22:43:44 | 000,132,768 | R— | M] (Symantec Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\N360\0603000.00E\ccSetx86.sys – (ccSet_N360)
    DRV - [2012-05-21 19:37:12 | 000,924,320 | R— | M] (Symantec Corporation) [File_System | Boot | Running] – C:\WINDOWS\system32\drivers\N360\0603000.00E\SymEFA.sys – (SymEFA)
    DRV - [2012-04-17 20:13:32 | 000,388,216 | R— | M] (Symantec Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\N360\0603000.00E\symtdi.sys – (SYMTDI)
    DRV - [2012-04-17 20:13:22 | 000,340,088 | R— | M] (Symantec Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\N360\0603000.00E\SymDS.sys – (SymDS)
    DRV - [2012-04-17 19:42:14 | 000,149,624 | R— | M] (Symantec Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\N360\0603000.00E\Ironx86.sys – (SymIRON)
    DRV - [2009-10-07 01:46:36 | 000,025,752 | —- | M] () [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\LVPr2Mon.sys – (LVPr2Mon)
    DRV - [2009-04-30 22:55:58 | 002,687,512 | —- | M] (Logitech Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\LV302V32.SYS – (PID_PEPI)
    DRV - [2008-04-13 20:46:22 | 000,015,232 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\mpe.sys – (MPE)
    DRV - [2008-04-13 20:45:34 | 000,046,592 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\irbus.sys – (IrBus)
    DRV - [2008-02-10 11:54:51 | 000,043,672 | —- | M] (Oak Technology Inc.) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\AFS2K.SYS – (AFS2K)
    DRV - [2006-07-25 01:15:04 | 004,353,024 | —- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService)
    DRV - [2006-05-09 23:36:44 | 000,009,728 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ELacpi.sys – (ELacpi)
    DRV - [2006-05-09 23:36:42 | 000,007,040 | —- | M] (Intel Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\Elmon.sys – (ELmon)
    DRV - [2006-05-09 23:36:22 | 000,006,912 | —- | M] (Intel Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\Elkbd.sys – (ELkbd)
    DRV - [2006-05-09 23:36:20 | 000,006,400 | —- | M] (Intel Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\Elmou.sys – (ELmou)
    DRV - [2006-05-09 23:36:18 | 000,010,112 | —- | M] (Intel Corporation) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\Elhid.sys – (ELhid)
    DRV - [2006-04-12 05:36:56 | 002,829,696 | —- | M] (ASUSTek) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\3xHybrid.sys – (3xHybrid)
    DRV - [2006-04-07 17:06:38 | 000,038,496 | —- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\VNUSB.sys – (VNUSB)
    DRV - [2005-12-13 02:27:00 | 000,019,072 | —- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\PS2.sys – (Ps2)
    DRV - [2005-10-05 19:44:06 | 000,468,768 | —- | M] (Liteon Technology Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\wn5301.sys – (WN5301)
    DRV - [2005-06-29 18:03:18 | 000,175,104 | —- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\ftsata2.sys – (ftsata2)
    DRV - [2004-08-03 23:31:34 | 000,020,992 | —- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139)
    DRV - [2003-11-05 08:45:12 | 000,017,408 | —- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\bb-run.sys – (bb-run)


    ========== Standard Registry (SafeList) ==========[/color:7fe680a7e2]


    ========== Internet Explorer ==========[/color:7fe680a7e2]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com
    esults.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nu.nl/
    IE - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com
    esults.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========[/color:7fe680a7e2]

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.0.73 - 1
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director
    p32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins
    pitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin
    pgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32
    pdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2
    pjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0
    pwrapper.dll (Panda Security)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115
    pGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\IPSFFPlgn\ [2012-08-23 02:57:55 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\coFFPlgn\ [2012-08-27 13:53:37 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-08-23 16:31:13 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-08-23 16:31:10 | 000,000,000 | —D | M]

    [2010-06-06 12:13:54 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
    [2010-06-06 12:13:54 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2009-11-18 11:49:57 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eu7jwltm.default\extensions
    [2012-08-24 18:16:18 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions
    [2012-08-24 18:16:18 | 000,000,000 | —D | M] (Java Console) – C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
    [2012-07-14 02:15:45 | 000,136,672 | —- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012-07-14 02:37:45 | 000,002,252 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012-07-14 02:37:45 | 000,001,892 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
    [2012-07-14 02:37:45 | 000,004,558 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
    [2012-07-14 02:37:45 | 000,001,049 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

    O1 HOSTS File: ([2012-08-23 14:23:47 | 000,000,027 | —- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.3.0.14\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.3.0.14\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
    O3 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.3.0.14\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
    O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
    O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32
    wiz.exe ()
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
    O4 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
    O4 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\Default User\Menu Start\Programma's\Opstarten\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O9 - Extra 'Tools' menuitem : Verbindingshelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab (CKAVWebScan Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
    O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252233966884 (MUWebControl Class)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} http://www.cyclomedia.nl/download/components/CycloScopeLite.cab (CycloScopeLite Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5292/mcfscan.cab (McFreeScan Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.228.196 62.179.104.196 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{920091FE-0A27-4BA0-A1D9-FA54AAC371D0}: DhcpNameServer = 213.46.228.196 62.179.104.196 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA885009-9ED3-4E26-9CFF-4E629664614E}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006-01-27 12:32:56 | 000,000,000 | —- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
    O32 - AutoRun File - [2001-07-27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT – [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37 - HKLM\…com [@ = ComFile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========[/color:7fe680a7e2]

    [2012-08-24 18:18:12 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Sun
    [2012-08-24 18:13:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\McAfee
    [2012-08-24 12:31:46 | 000,596,480 | —- | C] (OldTimer Tools) – C:\Documents and Settings\HP_Administrator\Bureaublad\OTL.com
    [2012-08-24 01:36:08 | 000,000,000 | —D | C] – C:\_OTL
    [2012-08-23 16:31:20 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Mozilla
    [2012-08-23 16:31:19 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Maintenance Service
    [2012-08-23 16:28:44 | 000,000,000 | —D | C] – C:\Documents and Settings\HP_Administrator\Mijn documenten\Downloads
    [2012-08-23 14:00:33 | 000,518,144 | —- | C] (SteelWerX) – C:\WINDOWS\SWREG.exe
    [2012-08-23 14:00:33 | 000,406,528 | —- | C] (SteelWerX) – C:\WINDOWS\SWSC.exe
    [2012-08-23 14:00:33 | 000,212,480 | —- | C] (SteelWerX) – C:\WINDOWS\SWXCACLS.exe
    [2012-08-23 14:00:33 | 000,060,416 | —- | C] (NirSoft) – C:\WINDOWS\NIRCMD.exe
    [2012-08-23 02:56:04 | 000,141,944 | —- | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2012-08-23 02:56:04 | 000,060,872 | —- | C] (Symantec Corporation) – C:\WINDOWS\System32\S32EVNT1.DLL
    [2012-08-23 02:56:03 | 000,000,000 | —D | C] – C:\Program Files\Symantec
    [2012-08-23 02:53:19 | 000,388,216 | R— | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\N360\0603000.00E\symtdi.sys
    [2012-08-23 02:53:19 | 000,345,208 | R— | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\N360\0603000.00E\symtdiv.sys
    [2012-08-23 02:53:18 | 000,924,320 | R— | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymEFA.sys
    [2012-08-23 02:53:18 | 000,318,584 | R— | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\N360\0603000.00E\symnets.sys
    [2012-08-23 02:53:17 | 000,340,088 | R— | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymDS.sys
    [2012-08-23 02:53:17 | 000,032,928 | R— | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\N360\0603000.00E\srtspx.sys
    [2012-08-23 02:53:16 | 000,574,112 | R— | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\N360\0603000.00E\srtsp.sys
    [2012-08-23 02:53:16 | 000,149,624 | R— | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\N360\0603000.00E\Ironx86.sys
    [2012-08-23 02:53:16 | 000,132,768 | R— | C] (Symantec Corporation) – C:\WINDOWS\System32\drivers\N360\0603000.00E\ccSetx86.sys
    [2012-08-23 02:51:56 | 000,000,000 | —D | C] – C:\WINDOWS\System32\drivers\N360
    [2012-08-23 02:51:56 | 000,000,000 | —D | C] – C:\WINDOWS\System32\drivers\N360\0603000.00E
    [2012-08-23 02:51:49 | 000,000,000 | —D | C] – C:\Program Files\Norton 360
    [2012-08-23 02:51:49 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programma's\Norton 360
    [2012-08-23 02:45:44 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\PCSettings
    [2012-08-23 01:17:44 | 000,000,000 | —D | C] – C:\Qoobox
    [2012-08-23 01:17:37 | 000,000,000 | R–D | C] – C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\Systeembeheer
    [2012-08-23 01:17:26 | 000,000,000 | —D | C] – C:\WINDOWS\erdnt
    [2012-08-23 01:10:08 | 004,736,524 | R— | C] (Swearware) – C:\Documents and Settings\HP_Administrator\Bureaublad\ComboFix.exe
    [2012-08-22 18:59:21 | 000,000,000 | —D | C] – C:\Documents and Settings\HP_Administrator\Menu Start\Programma's\Kaspersky Security Scan
    [2012-08-22 18:58:29 | 000,000,000 | —D | C] – C:\Program Files\Kaspersky Lab
    [2012-08-22 17:31:23 | 000,000,000 | —D | C] – C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
    [2012-08-22 17:31:14 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
    [2012-08-22 17:31:14 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012-08-22 17:31:13 | 000,022,344 | —- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
    [2012-08-22 17:31:13 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes' Anti-Malware
    [2012-08-22 17:26:45 | 010,652,120 | —- | C] (Malwarebytes Corporation ) – C:\Documents and Settings\HP_Administrator\Bureaublad\mbam-setup-1.62.0.1300.exe
    [2012-08-22 16:37:44 | 001,610,656 | —- | C] (Bleeping Computer, LLC) – C:\Documents and Settings\HP_Administrator\Bureaublad\rkill.com
    [2012-08-18 12:23:52 | 000,000,000 | -HSD | C] – C:\WINDOWS\CSC
    [2012-08-17 14:09:16 | 000,000,000 | —D | C] – C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Installer5576
    [2012-08-17 11:28:58 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\036DFF59B0385AC0000111D77B07D287
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========[/color:7fe680a7e2]

    [2012-08-27 14:36:01 | 000,001,044 | —- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012-08-27 14:00:02 | 000,000,187 | —- | M] () – C:\WINDOWS\System\hpsysdrv.DAT
    [2012-08-27 13:55:48 | 000,001,158 | —- | M] () – C:\WINDOWS\System32\wpa.dbl
    [2012-08-27 13:53:23 | 000,002,337 | —- | M] () – C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Acrobat Speed Launcher.lnk
    [2012-08-27 13:53:22 | 000,095,957 | —- | M] () – C:\WINDOWS\System32
    vapps.xml
    [2012-08-27 13:53:18 | 000,001,040 | —- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012-08-27 13:53:16 | 000,002,048 | –S- | M] () – C:\WINDOWS\bootstat.dat
    [2012-08-27 13:53:12 | 1072,115,712 | -HS- | M] () – C:\hiberfil.sys
    [2012-08-24 15:08:00 | 000,048,808 | —- | M] () – C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    [2012-08-24 12:31:48 | 000,596,480 | —- | M] (OldTimer Tools) – C:\Documents and Settings\HP_Administrator\Bureaublad\OTL.com
    [2012-08-23 16:31:21 | 000,000,753 | —- | M] () – C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012-08-23 16:31:21 | 000,000,735 | —- | M] () – C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
    [2012-08-23 14:23:47 | 000,000,027 | —- | M] () – C:\WINDOWS\System32\drivers\etc\hosts
    [2012-08-23 11:56:34 | 000,008,942 | —- | M] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\VT20120731.038
    [2012-08-23 02:56:43 | 000,650,014 | —- | M] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\Cat.DB
    [2012-08-23 02:56:03 | 000,141,944 | —- | M] (Symantec Corporation) – C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2012-08-23 02:56:03 | 000,060,872 | —- | M] (Symantec Corporation) – C:\WINDOWS\System32\S32EVNT1.DLL
    [2012-08-23 02:56:03 | 000,007,468 | —- | M] () – C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2012-08-23 02:56:03 | 000,000,806 | —- | M] () – C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2012-08-23 02:55:50 | 000,001,821 | —- | M] () – C:\Documents and Settings\All Users\Bureaublad\Norton 360.LNK
    [2012-08-23 02:50:52 | 000,000,770 | —- | M] () – C:\Documents and Settings\HP_Administrator\Bureaublad\Norton-installatiebestanden.lnk
    [2012-08-23 01:10:16 | 004,736,524 | R— | M] (Swearware) – C:\Documents and Settings\HP_Administrator\Bureaublad\ComboFix.exe
    [2012-08-22 19:09:19 | 000,002,413 | —- | M] () – C:\Documents and Settings\All Users\Bureaublad\Skype.lnk
    [2012-08-22 18:59:05 | 000,000,825 | —- | M] () – C:\Documents and Settings\HP_Administrator\Bureaublad\Kaspersky Security Scan.lnk
    [2012-08-22 18:21:04 | 000,002,509 | —- | M] () – C:\Documents and Settings\HP_Administrator\Bureaublad\Microsoft Word.lnk
    [2012-08-22 17:31:14 | 000,000,795 | —- | M] () – C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
    [2012-08-22 17:26:45 | 010,652,120 | —- | M] (Malwarebytes Corporation ) – C:\Documents and Settings\HP_Administrator\Bureaublad\mbam-setup-1.62.0.1300.exe
    [2012-08-22 16:37:48 | 001,610,656 | —- | M] (Bleeping Computer, LLC) – C:\Documents and Settings\HP_Administrator\Bureaublad\rkill.com
    [2012-08-17 10:57:06 | 001,600,728 | —- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
    [2012-08-15 23:51:18 | 000,001,374 | —- | M] () – C:\WINDOWS\imsins.BAK
    [2012-08-13 13:21:33 | 000,002,481 | —- | M] () – C:\Documents and Settings\HP_Administrator\Bureaublad\Microsoft Excel.lnk
    [2012-08-10 15:40:19 | 000,000,172 | —- | M] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\isolate.ini
    [2012-08-05 12:06:09 | 000,002,263 | —- | M] () – C:\Documents and Settings\HP_Administrator\Bureaublad\Skype.lnk
    [2012-08-04 10:23:01 | 000,000,284 | —- | M] () – C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========[/color:7fe680a7e2]

    [2012-08-23 16:31:21 | 000,000,741 | —- | C] () – C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox.lnk
    [2012-08-23 14:00:33 | 000,256,000 | —- | C] () – C:\WINDOWS\PEV.exe
    [2012-08-23 14:00:33 | 000,208,896 | —- | C] () – C:\WINDOWS\MBR.exe
    [2012-08-23 14:00:33 | 000,098,816 | —- | C] () – C:\WINDOWS\sed.exe
    [2012-08-23 14:00:33 | 000,080,412 | —- | C] () – C:\WINDOWS\grep.exe
    [2012-08-23 14:00:33 | 000,068,096 | —- | C] () – C:\WINDOWS\zip.exe
    [2012-08-23 12:01:58 | 000,008,942 | —- | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\VT20120731.038
    [2012-08-23 02:56:12 | 000,650,014 | —- | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\Cat.DB
    [2012-08-23 02:56:04 | 000,007,468 | —- | C] () – C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2012-08-23 02:56:04 | 000,000,806 | —- | C] () – C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2012-08-23 02:55:50 | 000,001,821 | —- | C] () – C:\Documents and Settings\All Users\Bureaublad\Norton 360.LNK
    [2012-08-23 02:52:10 | 000,001,469 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymNetV.inf
    [2012-08-23 02:52:10 | 000,001,441 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymNet.inf
    [2012-08-23 02:52:09 | 000,003,435 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymEFA.inf
    [2012-08-23 02:52:09 | 000,002,852 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymDS.inf
    [2012-08-23 02:52:09 | 000,001,388 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\srtspx.inf
    [2012-08-23 02:52:09 | 000,001,388 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\srtsp.inf
    [2012-08-23 02:52:09 | 000,000,742 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\Iron.inf
    [2012-08-23 02:52:08 | 000,000,827 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\ccSetx86.inf
    [2012-08-23 02:52:05 | 000,008,942 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymVTcer.dat
    [2012-08-23 02:51:57 | 000,007,877 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\symnetv.cat
    [2012-08-23 02:51:57 | 000,007,492 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymDS.cat
    [2012-08-23 02:51:57 | 000,007,458 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymNet.cat
    [2012-08-23 02:51:57 | 000,007,450 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\iron.cat
    [2012-08-23 02:51:57 | 000,007,446 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\ccsetx86.cat
    [2012-08-23 02:51:57 | 000,007,434 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\SymEFA.cat
    [2012-08-23 02:51:57 | 000,007,398 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\srtspx.cat
    [2012-08-23 02:51:57 | 000,007,380 | R— | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\srtsp.cat
    [2012-08-23 02:51:56 | 000,000,172 | —- | C] () – C:\WINDOWS\System32\drivers\N360\0603000.00E\isolate.ini
    [2012-08-22 19:09:19 | 000,002,413 | —- | C] () – C:\Documents and Settings\All Users\Bureaublad\Skype.lnk
    [2012-08-22 18:59:21 | 000,000,825 | —- | C] () – C:\Documents and Settings\HP_Administrator\Bureaublad\Kaspersky Security Scan.lnk
    [2012-08-22 18:23:29 | 1072,115,712 | -HS- | C] () – C:\hiberfil.sys
    [2012-08-22 17:31:14 | 000,000,795 | —- | C] () – C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
    [2012-08-17 14:10:14 | 000,001,111 | —- | C] () – C:\Documents and Settings\All Users\Menu Start\Programma's\Adobe ExtendScript Toolkit 2.lnk
    [2012-02-15 05:26:30 | 000,003,072 | —- | C] () – C:\WINDOWS\System32\iacenc.dll
    [2011-04-11 18:41:54 | 000,064,328 | -H– | C] () – C:\WINDOWS\System32\mlfcache.dat
    [2007-02-20 11:21:36 | 000,048,808 | —- | C] () – C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
    [2007-02-11 23:37:05 | 000,000,139 | —- | C] () – C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat

    ========== LOP Check ==========[/color:7fe680a7e2]

    [2012-08-17 11:30:49 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\036DFF59B0385AC0000111D77B07D287
    [2011-03-04 12:12:30 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\Cisco Systems
    [2012-08-23 02:45:44 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\PCSettings
    [2007-02-20 12:54:30 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\SBT
    [2010-04-03 12:49:41 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009-09-19 10:41:18 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009-05-26 23:02:04 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

    ========== Purity Check ==========[/color:7fe680a7e2]



    < End of report >

    Hier de Extras.txt logfile

    OTL Extras logfile created on: 27-8-2012 14:57:49 - Run 1
    OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\HP_Administrator\Bureaublad
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1022,38 Mb Total Physical Memory | 306,18 Mb Available Physical Memory | 29,95% Memory free
    2,40 Gb Paging File | 1,72 Gb Available in Paging File | 71,76% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 226,87 Gb Total Space | 113,16 Gb Free Space | 49,88% Space Free | Partition Type: NTFS
    Drive D: | 6,00 Gb Total Space | 0,89 Gb Free Space | 14,87% Space Free | Partition Type: FAT32

    Computer Name: WILS | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:7fe680a7e2]


    ========== File Associations ==========[/color:7fe680a7e2]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========[/color:7fe680a7e2]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] – "%1" %*
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:7fe680a7e2]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========[/color:7fe680a7e2]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========[/color:7fe680a7e2]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

    ========== Authorized Applications List ==========[/color:7fe680a7e2]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server – (Adobe Systems Incorporated)
    "C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid – (Logitech Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:7fe680a7e2]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000413-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{00040413-78E1-11D2-B60F-006097C998E7}" = Cd 2 van Microsoft Office 2000
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{06380048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Winkler Prins Encyclopedie 2006
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
    "{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
    "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
    "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = De klantenbelevenis verbeteren
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
    "{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
    "{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image 2006 Standard Edition Editor
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{642a22b1-7ab8-44b5-84b9-e58eecf8ece2}" = 2400_2500Help
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image 2006 Standard Edition Library
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Eenvoudige Internetaanmelding
    "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
    "{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
    "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
    "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
    "{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
    "{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
    "{88DE4F59-CD55-46E8-8126-8BB31D957E3F}" = Works-upgrade
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{911B0413-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
    "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
    "{9441cb44-9729-4962-9ce1-c7752350fe52}" = 23_24_2500Tour
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98e3d87f-6946-468d-b34e-9f89ac8da70a}" = 2400
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
    "{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A2A0A82F-025F-458d-A0CD-9BB2320804B5}" = Microsoft Works
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A943C312-1EC6-431C-9A38-1B89CED11C01}" = CycloMedia CycloScopeLite
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{ABB868F3-5655-4651-B642-6CA93D757B9D}" = Microsoft Works Suite-invoegtoepassing Microsoft Word
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1043-7B44-A70500000002}" = Adobe Reader 7.0.5 - Nederlands
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "
  • Hoi Abraham54,

    Zag dat niet het gehele log is gepost.
    Hier volgt nog een poging van het Extras.txt log.

    OTL Extras logfile created on: 27-8-2012 14:57:49 - Run 1
    OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\HP_Administrator\Bureaublad
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1022,38 Mb Total Physical Memory | 306,18 Mb Available Physical Memory | 29,95% Memory free
    2,40 Gb Paging File | 1,72 Gb Available in Paging File | 71,76% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 226,87 Gb Total Space | 113,16 Gb Free Space | 49,88% Space Free | Partition Type: NTFS
    Drive D: | 6,00 Gb Total Space | 0,89 Gb Free Space | 14,87% Space Free | Partition Type: FAT32

    Computer Name: WILS | User Name: HP_Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:9e5b6e642d]


    ========== File Associations ==========[/color:9e5b6e642d]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========[/color:9e5b6e642d]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] – "%1" %*
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:9e5b6e642d]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========[/color:9e5b6e642d]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========[/color:9e5b6e642d]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
    "50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

    ========== Authorized Applications List ==========[/color:9e5b6e642d]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server – (Adobe Systems Incorporated)
    "C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid – (Logitech Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:9e5b6e642d]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000413-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
    "{00040413-78E1-11D2-B60F-006097C998E7}" = Cd 2 van Microsoft Office 2000
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{06380048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Winkler Prins Encyclopedie 2006
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
    "{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
    "{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1CAD83B0-87A3-4206-BF70-644546808731}" = Overland
    "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = De klantenbelevenis verbeteren
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
    "{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
    "{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image 2006 Standard Edition Editor
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{642a22b1-7ab8-44b5-84b9-e58eecf8ece2}" = 2400_2500Help
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image 2006 Standard Edition Library
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Eenvoudige Internetaanmelding
    "{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
    "{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
    "{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
    "{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
    "{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
    "{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
    "{88DE4F59-CD55-46E8-8126-8BB31D957E3F}" = Works-upgrade
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{911B0413-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
    "{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
    "{9441cb44-9729-4962-9ce1-c7752350fe52}" = 23_24_2500Tour
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98e3d87f-6946-468d-b34e-9f89ac8da70a}" = 2400
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
    "{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A2A0A82F-025F-458d-A0CD-9BB2320804B5}" = Microsoft Works
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A943C312-1EC6-431C-9A38-1B89CED11C01}" = CycloMedia CycloScopeLite
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{ABB868F3-5655-4651-B642-6CA93D757B9D}" = Microsoft Works Suite-invoegtoepassing Microsoft Word
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1043-7B44-A70500000002}" = Adobe Reader 7.0.5 - Nederlands
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
    "{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
    "{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
    "{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
    "{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
    "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}" = Intel® Viiv™ Software
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
    "{f409f2fe-2567-446f-a220-e60cd7e016f4}" = 2400_2500trb
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
    "{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
    "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
    "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010
    "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
    "Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
    "Cisco Connect" = Cisco Connect
    "EL" = Intel(R) Quick Resume Technology Drivers
    "EsetOnlineScanner" = ESET Online Scanner
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = De klantenbelevenis verbeteren
    "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Eenvoudige Internetaanmelding
    "InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder
    "InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
    "Kaspersky Online Scanner" = Kaspersky Online Scanner
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
    "Mozilla Firefox 14.0.1 (x86 nl)" = Mozilla Firefox 14.0.1 (x86 nl)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyTomTom" = MyTomTom 3.1.0.530
    "N360" = Norton 360
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC-Doctor 5 for Windows" = PC-Doctor 5 voor Windows
    "PictureItPrem_v11" = Microsoft Digital Image 2006 Standard Edition
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "Python 2.2.3" = Python 2.2.3
    "pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
    "TomTom HOME" = TomTom HOME 2.8.2.2264
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works2006Setup" = Microsoft Works Suite 2006 Setup starten
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 20 Event Log Errors ==========[/color:9e5b6e642d]

    [ Application Events ]
    Error - 8-8-2012 13:38:21 | Computer Name = WILS | Source = Application Hang | ID = 1002
    Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
    module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

    Error - 8-8-2012 13:38:34 | Computer Name = WILS | Source = Application Hang | ID = 1001
    Description = Fout-bucket 1180947459.

    Error - 17-8-2012 8:31:22 | Computer Name = WILS | Source = nview_info | ID = 11141121
    Description =

    Error - 23-8-2012 8:21:29 | Computer Name = WILS | Source = nview_info | ID = 11141121
    Description =

    Error - 24-8-2012 4:24:24 | Computer Name = WILS | Source = Media Center Guide | ID = 9
    Description = Gebeurtenisgegevens: De verbinding functioneert niet. Media Center
    kan geen verbinding met internet maken. Raadpleeg Help voor meer informatie. Proces:
    DefaultDomain Objectnaam: Microsoft.Ehome.Epg.Ehepgdat

    Error - 24-8-2012 4:24:26 | Computer Name = WILS | Source = Media Center Guide | ID = 4
    Description = Gebeurtenisgegevens: Er is een onverwachte verbindingsfout opgetreden.
    Media Center kan geen verbinding met internet maken. Raadpleeg Help voor meer informatie.
    Proces:
    DefaultDomain Objectnaam: Microsoft.Ehome.Epg.Ehepgdat

    Error - 24-8-2012 4:39:29 | Computer Name = WILS | Source = Application Hang | ID = 1002
    Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
    module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

    Error - 24-8-2012 4:39:43 | Computer Name = WILS | Source = Application Hang | ID = 1002
    Description = Vastgelopen toepassing: iexplore.exe, versie: 8.0.6001.18702, vastgelopen
    module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

    Error - 24-8-2012 4:39:46 | Computer Name = WILS | Source = Application Hang | ID = 1001
    Description = Fout-bucket 1180947459.

    Error - 24-8-2012 4:39:54 | Computer Name = WILS | Source = Application Hang | ID = 1001
    Description = Fout-bucket 1180947459.

    [ System Events ]
    Error - 24-8-2012 12:00:39 | Computer Name = WILS | Source = Service Control Manager | ID = 7000
    Description = De Application Layer Gateway-service-service kan vanwege de volgende
    fout niet worden gestart: %%1053

    Error - 24-8-2012 12:20:27 | Computer Name = WILS | Source = SideBySide | ID = 16842784
    Description = De afhankelijke assemblage Microsoft.VC80.MFCLOC is niet gevonden
    en de laatste fout was Het onderdeel waarnaar wordt verwezen is niet op dit systeem
    geïnstalleerd.

    Error - 24-8-2012 12:20:27 | Computer Name = WILS | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly mislukt voor Microsoft.VC80.MFCLOC. Foutmelding
    voor referentie: Het onderdeel waarnaar wordt verwezen is niet op dit systeem geïnstalleerd.
    .

    Error - 24-8-2012 12:20:27 | Computer Name = WILS | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context mislukt voor C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
    Foutmelding
    voor referentie: De bewerking is voltooid. .

    Error - 24-8-2012 12:20:27 | Computer Name = WILS | Source = SideBySide | ID = 16842784
    Description = De afhankelijke assemblage Microsoft.VC80.MFCLOC is niet gevonden
    en de laatste fout was Het onderdeel waarnaar wordt verwezen is niet op dit systeem
    geïnstalleerd.

    Error - 24-8-2012 12:20:27 | Computer Name = WILS | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly mislukt voor Microsoft.VC80.MFCLOC. Foutmelding
    voor referentie: Het onderdeel waarnaar wordt verwezen is niet op dit systeem geïnstalleerd.
    .

    Error - 24-8-2012 12:20:27 | Computer Name = WILS | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context mislukt voor C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_39049d00\MFC80U.DLL.
    Foutmelding
    voor referentie: De bewerking is voltooid. .

    Error - 24-8-2012 13:24:26 | Computer Name = WILS | Source = DCOM | ID = 10010
    Description = De server {66B093B7-B5E3-4CFE-B32B-FEB55F172481} heeft zich binnen
    de vereiste termijn niet bij DCOM geregistreerd.

    Error - 27-8-2012 7:54:23 | Computer Name = WILS | Source = Service Control Manager | ID = 7000
    Description = De 5679-service kan vanwege de volgende fout niet worden gestart:
    %%2

    Error - 27-8-2012 7:54:23 | Computer Name = WILS | Source = Service Control Manager | ID = 7000
    Description = De Planner voor Automatische LiveUpdate-service kan vanwege de volgende
    fout niet worden gestart: %%3


    < End of report >

    M.vr.gr.
    Laiverd
  • [b:d17b365822]Sluit voordat OTL[/color:d17b365822] de fix laat doen, eerst alle andere openstaande vensters![/b:d17b365822]

    [list:d17b365822][*:d17b365822]Dubblklik op [img:d17b365822]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:d17b365822]
    [*:d17b365822]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het kader onder [img:d17b365822]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:d17b365822]

    [b:d17b365822]
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    IE - HKU\S-1-5-21-116950766-4167454106-2520224413-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs
    dr?TYPE=3&tp=iesearch&locale=NL_NL&c=64&bd=PAVILION&pf=desktop

    O4 - HKU\S-1-5-21-116950766-4167454106-2520224413-1007..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)

    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]


    :Services


    :Reg


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [emptyjava]
    [emptyflash]
    [createrestorepoint]
    [reboot][/color:d17b365822][/b:d17b365822]


    [*:d17b365822]Klik daarna bovenaan op [img:d17b365822]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:d17b365822]
    [*:d17b365822]Laat het programma ongestoord zijn werk doen.
    [*:d17b365822][b:d17b365822]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:d17b365822][/color:d17b365822]
    [*:d17b365822]Klik op [b:d17b365822]OK[/b:d17b365822]
    [*:d17b365822]Na het opnieuw opstarten wordt enkel een nieuw log geopend.
    [*:d17b365822]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:d17b365822]
  • Hoi Abraham54,

    Eerst wil ik je graag bedanken voor alle hulp die je me tot nu toe hebt gegeven en je grote dosis geduld. Echt geweldig.

    Voorts hieronder het log van de OTL.com RunFix.
    Die is uiteindelijk gelukt :-) (eerst niet maar toen heb ik echt zo'n beetje alles uitgezet waaronder de 4 groepen van Norton 360 (Beveiliging/Identiteit/Back up en Pc-afstelling) oh en ook MalwareBytesAnti Malware permanent afgesloten.
    Wel gek, toen ik dat deed kon ik ook weer naar Google en nu na alles weer is opgestart weer niet…
    Maar goed, hier het log:

    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
    HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
    HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
    HKU\S-1-5-21-116950766-4167454106-2520224413-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-116950766-4167454106-2520224413-1007\Software\Microsoft\Windows\CurrentVersion\Run\\KSS deleted successfully.
    C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe moved successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\003183_.tmp deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >[/color:2310a581c2]
    Windows IP-configuratie
    De DNS-omzettingscache is leeggemaakt.
    C:\Documents and Settings\HP_Administrator\Bureaublad\cmd.bat deleted successfully.
    C:\Documents and Settings\HP_Administrator\Bureaublad\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes
    ->Flash cache emptied: 41 bytes

    User: HP_Administrator
    ->Temp folder emptied: 17880002 bytes
    ->Temporary Internet Files folder emptied: 11895984 bytes
    ->Java cache emptied: 116731729 bytes
    ->FireFox cache emptied: 25759598 bytes
    ->Flash cache emptied: 1992382 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Millward Brown werk

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 98438 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 165553 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 167,00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: HP_Administrator
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: Millward Brown werk

    User: NetworkService

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: HP_Administrator
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Millward Brown werk

    User: NetworkService

    Total Flash Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.58.1 log created on 08282012_195124

    Files\Folders moved on Reboot…
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_cf0.dat not found!

    PendingFileRenameOperations files…

    Registry entries deleted on Reboot…


    Ook nog een vraag; de user Millward Brown werk kan ik die weghalen?? Wist niet dat die bestond…?Of ooit had aangemaakt, of laten aanmaken.

    M.vr.gr.
    Laiverd
  • Die user kan je middels Configaratiescherm/Gebruikersaccounts/Andere gebruiker inderdaad volledig verwijderen of omzetten naar een Gastaccount met beperkte rechten.

    En laat ook weten hoe jouw Windows inmiddels draait.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.