Grrrrrr...win een I-pod-melding..

Status
Niet open voor verdere reacties.

Siepe

Gevestigd lid
:fury:
Sinds kort zie ik als ik sites bezoek zomaar willekeurige woorden onderstreept staan. Wanneer ik er dan met de muis overheen beweeg komt er een kadertje in beeld met: win een I-pod of iets anders. Linksbovenin zie ik een kopje "text enhance". Ik word er zo langzamerhand stapelmesjokke van. Enig idee hoe dit komt en vooral: hoe kom ik hier vanaf?
 

Abraham54

Administrator
Team lid
Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:
  • Lees telkens elke instruktie eerst goed door.
  • De gegeven instrukties gelden alleen jouw Windows.
  • Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken.
  • Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn.
    [*]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef.
  • Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post.
  • Gebruik altijd n scanner per keer, nooit meerdere tegelijk gebruiken.
  • Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
  • Ook indien je iets niet begrijpt, meldt dat dan.
  • De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.
Stap 1
Welk programma: sUbs dds
Waarvoor/waarom: DDS is een diagnosetool en maakt gebruik van scripts.
Moeilijkheidsgraad: Lees eerst goed wat te doen.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
Download DDS van sUBS van n van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.




sUBs dds. gebruiken:
  • Sluit vervolgens eerst alle nog openstaande programmavensters!
    • Windows 2000 en Windows XP: start sUBs dds. middels dubbelklik op de snelkoppeling.
    • Windows Vista en Windows 7: start sUBs dds. rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
  • Na de scan worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - post de inhoud van beide logs maar let even op het volgende!
  • Ga naar DDRMMR's kleurcodeerder
  • Kopieer en plak de gehele inhoud van de DDS-logfile in het venster en klik op de knop Converteer
  • Kopieer en plak de inhoud van de kleurcodeerder in je aansluitende bericht en post tevens de inhoud van Attach.txt.
Stap 2
Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Download Malwarebytes MBAM via n van deze locaties:
Allereerst:
  • Al meteen na de installatie wil 'MBAM' zijn database opwaarderen toestaan dus.
  • Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
Malwarebytes MBAM opstarten:
  • Sluit nu eerst alle nog openstaande programmavensters!
    • Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    • Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
  • Let op:
    • Malwarebytes verstrekt nu de volledige versie van MBAM.
    • Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    • Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    • Zodoende zal MBAM als gratis versie verder te gebruiken zijn

  • Doe ook nog het volgende:
    • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Scannen:
  • Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
  • Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
  • Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
Infecties gevonden:
  • Klik nu eerst op OK om de melding weg te klikken
  • Klik vervolgens rechtsonder op de knop Bekijk resultaten.
  • Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op 'OK' klikken!
  • Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.
MBAM-Log:
  • Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.
Post aansluitend in je volgende bericht de inhoud van het MBAM-log.

Stap 3
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
  • DDS-logfile
  • Attach,txt-log
  • MBAM scanlog
 

Siepe

Gevestigd lid
[hjt]
.
dds (ver_2011-08-26.01) - ntfsx86
internet explorer: 8.0.7601.17514
run by simon at 13:00:09 on 2012-03-09
microsoft windows 7 ultimate 6.1.7601.1.1252.31.1033.18.3327.1923 [gmt 1:00]
.
av: avast! antivirus *enabled/updated* {2b2d1395-420b-d5c9-657e-930fe358fc3c}
av: microsoft security essentials *enabled/updated* {108dac43-c256-20b7-bb05-914135da5160}
sp: avast! antivirus *enabled/updated* {904cf271-6431-da47-5fce-a87d98dfb681}
sp: microsoft security essentials *enabled/updated* {abec4da7-e46c-2f39-81b5-aa334e5d1bdd}
sp: windows defender *disabled/outdated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
============== running processes ===============
.
c:\windows\system32\wininit.exe
c:\windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
c:\program files\microsoft security client\antimalware\msmpeng.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservice
c:\program files\tablet\pen\pen_touchservice.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\svchost.exe -k networkservice
c:\program files\avast software\avast\avastsvc.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe
c:\program files\common files\adobe\arm\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\tablet\pen\pen_touchuser.exe
c:\program files\bonjour\mdnsresponder.exe
c:\windows\system32\svchost.exe -k hpdevmgmt
c:\windows\system32\wisptis.exe
c:\windows\system32\svchost.exe -k hpz12
c:\program files\common files\microsoft shared\ink\tabtip.exe
c:\program files\adobe\adobe version cue cs2\data\database\bin\mysqld-nt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\svchost.exe -k hpz12
c:\windows\system32\psiservice.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
c:\windows\system32\dwm.exe
c:\windows\system32\svchost.exe -k imgsvc
c:\windows\explorer.exe
c:\program files\tablet\pen\pen_tablet.exe
c:\program files\teamviewer\version6\teamviewer_service.exe
c:\program files\tablet\pen\pen_tabletuser.exe
c:\program files\tomtom home 2\tomtomhomeservice.exe
c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
c:\program files\microsoft security client\msseces.exe
c:\program files\elaborate bytes\virtualclonedrive\vcddaemon.exe
c:\program files\tablet\pen\pen_tablet.exe
c:\program files\itunes\ituneshelper.exe
c:\program files\adobe\adobe version cue cs2\controlpanel\versioncuecs2tray.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\avast software\avast\avastui.exe
c:\program files\adobe\adobe bridge cs4\bridge.exe
c:\program files\tomtom home 2\tomtomhomerunner.exe
c:\program files\common files\microsoft shared\windows live\wlidsvcm.exe
c:\program files\finepixviewer\quickdcf.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
c:\program files\iprint\iprint.exe
c:\program files\sabnzbd\sabnzbd.exe
c:\windows\system32\searchindexer.exe
c:\program files\hp\digital imaging\bin\hpqste08.exe
c:\program files\ipod\bin\ipodservice.exe
c:\program files\hp\digital imaging\bin\hpqbam08.exe
c:\program files\microsoft security client\antimalware\nissrv.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
c:\program files\windows media player\wmpnetwk.exe
c:\program files\hp\digital imaging\bin\hpqgpc01.exe
c:\windows\system32\svchost.exe -k localservicepeernet
c:\program files\common files\microsoft shared\ink\inputpersonalization.exe
c:\program files\common files\magix services\database\bin\fabs.exe
c:\users\simon\appdata\local\google\chrome\application\chrome.exe
c:\users\simon\appdata\local\google\chrome\application\chrome.exe
c:\users\simon\appdata\local\google\chrome\application\chrome.exe
c:\users\simon\appdata\local\google\chrome\application\chrome.exe
c:\windows\system32\rundll32.exe
c:\users\simon\appdata\local\google\chrome\application\chrome.exe
c:\users\simon\appdata\local\google\chrome\application\chrome.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\wmiprvse.exe
.
============== pseudo hjt report ===============
.
ustart page = hxxp://search.conduit.com?searchsource=10&ctid=ct2481029
uinternet settings,proxyoverride = *.local
uurlsearchhooks: h - no file
bho: hp print enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
bho: contributebho class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/adobe contribute cs4/contributeieplugin.dll
bho: adobe pdf link helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
bho: thebflix class: {204c1da6-d0cf-4b42-a1c9-50436de62013} - c:\programdata\thebflix\bhoclass.dll
bho: groove gfs browser helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\grooveex.dll
bho: java(tm) plug-in ssv helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
bho: avast! webrep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
bho: windows live id sign-in helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
bho: windows live messenger companion helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
bho: office document cache handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\urlredir.dll
bho: java(tm) plug-in 2 ssv helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
bho: yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\yontooieclient.dll
bho: hp smart bho class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
tb: avast! webrep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll
tb: contribute toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/adobe contribute cs4/contributeieplugin.dll
tb: {32099aac-c132-4136-9e9a-4e364a424e17} - no file
tb: {47833539-d0c5-4125-9fa8-0819e2eaac93} - no file
eb: hp smart web printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
urun: [google update] c:\users\simon\appdata\local\google\update\googleupdate.exe /c
urun: [msnmsgr] c:\program files\windows live\messenger\msnmsgr.exe /background
urun: [windows security system] c:\users\simon\downloads\adobe indesign cs55\adobe indesign cs5.5.exe
urun: [adobebridge] c:\program files\adobe\adobe bridge cs4\bridge.exe -stealth
urun: [tomtomhome.exe] c:\program files\tomtom home 2\tomtomhomerunner.exe
mrun: [msc] c:\program files\microsoft security client\msseces.exe -hide -runkey
mrun: [virtualclonedrive] c:\program files\elaborate bytes\virtualclonedrive\vcddaemon.exe /s
mrun: [bcssync] c:\program files\microsoft office\office14\bcssync.exe /delayservices
mrun: [apsdaemon] c:\program files\common files\apple\apple application support\apsdaemon.exe
mrun: [ituneshelper] c:\program files\itunes\ituneshelper.exe
mrun: [corel photo downloader] :c:\program files\common files\corel\corel photodownloader\corel photo downloader.exe -startup
mrun: [regshave] c:\program files\regshave\regshave.exe /autorun
mrun: [adobe arm] c:\program files\common files\adobe\arm\1.0\adobearm.exe
mrun: [b2c_agent] c:\programdata\lgmobileax\b2c_client\b2cnotiagent.exe
mrun: [quicktime task] c:\program files\quicktime\qttask.exe -atboottime
mrun: [adobe version cue cs2] c:\program files\adobe\adobe version cue cs2\controlpanel\versioncuecs2tray.exe
mrun: [adobecs4servicemanager] c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe -launchedbylogin
mrun: [adobeaamupdater-1.0] c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
mrun: [adobecs5servicemanager] c:\program files\common files\adobe\cs5servicemanager\cs5servicemanager.exe -launchedbylogin
mrun: [sunjavaupdatesched] c:\program files\common files\java\java update\jusched.exe
mrun: [adobe_id0enqbo] c:\progra~1\common~1\adobe\adobev~1\server\bin\versio~2.exe
mrun: [avast] c:\program files\avast software\avast\avastui.exe /nogui
startupfolder: c:\users\simon\appdata\roaming\micros~1\windows\startm~1\programs\startup\sabnzbd.lnk - c:\program files\sabnzbd\sabnzbd.exe
startupfolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\adobe gamma loader.exe
startupfolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\quickdcf.exe
startupfolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
startupfolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\iprint.lnk - c:\program files\iprint\iprint.exe
mpolicies-system: consentpromptbehavioradmin = 5 (0x5)
mpolicies-system: consentpromptbehavioruser = 3 (0x3)
mpolicies-system: enableuiadesktoptoggle = 0 (0x0)
ie: &verzenden naar onenote - c:\progra~1\mif5ba~1\office14\onbttnie.dll/105
ie: e&xporteren naar microsoft excel - c:\progra~1\mif5ba~1\office14\excel.exe/3000
ie: {0000036b-c524-4050-81a0-243669a86b9f} - {b63dba5f-523f-4b9c-a43d-65df1977ead3} - c:\program files\windows live\companion\companioncore.dll
ie: {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - {5f7b1267-94a9-47f5-98db-e99415f33aec} - c:\program files\windows live\writer\writerbrowserextension.dll
ie: {2670000a-7350-4f3c-8081-5663ee0c6c49} - {48e73304-e1d6-4330-914c-f5f514e3486c} - c:\program files\microsoft office\office14\onbttnie.dll
ie: {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - {fffdc614-b694-4ae6-ab38-5d6374584b52} - c:\program files\microsoft office\office14\onbttnielinkednotes.dll
ie: {dde87865-83c5-48c4-8357-2f5b1aa84522} - {dde87865-83c5-48c4-8357-2f5b1aa84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
dpf: {cafeefac-0016-0000-0031-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
tcp: dhcpnameserver = 192.168.0.1
tcp: interfaces\{c95d0997-feba-40f5-9020-01e9300a9bc7} : dhcpnameserver = 192.168.0.1
filter: text/xml - {807573e5-5146-11d5-a672-00b0d022e945} - c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
handler: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll
seh: groove gfs stub execution hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\grooveex.dll
.
============= services / drivers ===============
.
r1 aswsnx;aswsnx;c:\windows\system32\drivers\aswsnx.sys [2012-3-9 612184]
r1 aswsp;aswsp;c:\windows\system32\drivers\aswsp.sys [2012-3-9 337880]
r1 mpfilter;microsoft malware protection driver;c:\windows\system32\drivers\mpfilter.sys [2011-4-18 165648]
r2 adobearmservice;adobe acrobat update service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
r2 amd external events utility;amd external events utility;c:\windows\system32\atiesrxx.exe [2011-7-28 176128]
r2 aswfsblk;aswfsblk;c:\windows\system32\drivers\aswfsblk.sys [2012-3-9 20696]
r2 aswmonflt;aswmonflt;c:\windows\system32\drivers\aswmonflt.sys [2012-3-9 57688]
r2 avast! antivirus;avast! antivirus;c:\program files\avast software\avast\avastsvc.exe [2012-3-9 44768]
r2 fabs;fabs - helping agent for magix media database;c:\program files\common files\magix services\database\bin\fabs.exe [2011-5-24 1840128]
r2 tabletservicepen;tabletservicepen;c:\program files\tablet\pen\pen_tablet.exe [2011-11-13 5554552]
r2 teamviewer6;teamviewer 6;c:\program files\teamviewer\version6\teamviewer_service.exe [2011-11-12 2358656]
r2 tomtomhomeservice;tomtomhomeservice;c:\program files\tomtom home 2\tomtomhomeservice.exe [2012-1-23 92592]
r2 touchservicepen;wacom consumer touch service;c:\program files\tablet\pen\pen_touchservice.exe [2011-11-13 451960]
r3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-28 8396800]
r3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]
r3 l1c;ndis miniport driver for atheros ar8131/ar8132 pci-e ethernet controller (ndis 6.20);c:\windows\system32\drivers\l1c62x86.sys [2009-6-10 50688]
r3 lgbttport;lge bluetooth transport;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
r3 lgbusenum;lg bluetooth bus enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
r3 lgvmodem;lge virtual modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
r3 nisdrv;microsoft network inspection system;c:\windows\system32\drivers\nisdrvwfp.sys [2011-4-27 65024]
r3 nissrv;microsoft network inspection;c:\program files\microsoft security client\antimalware\nissrv.exe [2011-4-27 208944]
r3 wacmoumonitor;wacom mode helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-13 10752]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
s3 adobe version cue cs4;adobe version cue cs4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe [2008-8-15 284016]
s3 b57nd60x;broadcom netxtreme gigabit ethernet - ndis 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
s3 firebirdservermagixinstance;firebird server - magix instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848]
s3 flashusb;flashusb;c:\windows\system32\drivers\flashusb.sys [2012-1-22 16896]
s3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-11 39272]
s3 fsssvc;windows live family safety service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
s3 kmwdfilterx86;hidservicedesc;c:\windows\system32\drivers\kmwdfilter.sys [2009-4-29 25088]
s3 microsoft sharepoint workspace audit service;microsoft sharepoint workspace audit service;c:\program files\microsoft office\office14\groove.exe [2011-6-12 31125880]
s3 mpnwmon;microsoft malware protection network driver;c:\windows\system32\drivers\mpnwmon.sys [2011-4-18 43392]
s3 osppsvc;office software protection platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe [2010-1-9 4640000]
s3 rdpvideominiport;remote desktop video miniport driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-11-12 15872]
s3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [2011-11-11 1343400]
s4 wlcrasvc;windows live mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
sunknown tsusbflt;tsusbflt; [x]
sunknown tsusbhub;tsusbhub; [x]
.
=============== created last 30 ================
.
2012-03-09 07:04:17 44376 ----a-w- c:\windows\system32\drivers\aswrdr2.sys
2012-03-09 07:04:15 612184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2012-03-09 07:04:14 57688 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2012-03-09 06:29:54 6552120 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c6986698-c1f8-4a00-99d0-ee843466f24c}\mpengine.dll
2012-03-09 05:46:33 -------- d-----w- c:\users\simon\appdata\local\{be8ca282-f23d-4c82-9c55-76a1c9bc49b7}
2012-03-09 05:46:22 -------- d-----w- c:\users\simon\appdata\local\{d773da7d-644a-48f2-987e-5c5302ecb647}
2012-03-08 22:26:17 -------- d-----w- c:\users\simon\appdata\roaming\avg2012
2012-03-08 22:19:22 -------- d--h--w- c:\programdata\common files
2012-03-08 22:18:49 -------- d-----w- c:\programdata\avg2012
2012-03-08 22:17:47 -------- d-----w- c:\program files\avg
2012-03-08 22:10:30 -------- d-----w- c:\programdata\mfadata
2012-03-08 17:45:56 -------- d-----w- c:\users\simon\appdata\local\{04a445b6-6faa-422b-b392-6c83936c707b}
2012-03-08 17:45:46 -------- d-----w- c:\users\simon\appdata\local\{3e70acf5-32eb-40da-ba92-ed36c594d733}
2012-03-08 05:45:19 -------- d-----w- c:\users\simon\appdata\local\{0fe2bbd9-2373-42f2-9238-f0baa0109a4d}
2012-03-08 05:45:06 -------- d-----w- c:\users\simon\appdata\local\{0c71f95e-8596-4432-ab78-26af056063ff}
2012-03-07 12:32:58 -------- d-----w- c:\programdata\alm
2012-03-07 11:09:17 -------- d-----w- c:\users\simon\appdata\roaming\chc.4875e02d9fb21ee389f73b8d1702b320485df8ce.1
2012-03-07 09:34:23 -------- d-----w- c:\program files\yontoo
2012-03-07 09:34:21 -------- d-----w- c:\programdata\tarma installer
2012-03-07 09:34:15 -------- d-----w- c:\program files\fbphotozoom
2012-03-07 09:32:20 -------- d-----w- c:\program files\1clickdownload
2012-03-07 09:22:24 -------- d-----w- c:\programdata\premium
2012-03-07 09:22:23 -------- d-----w- c:\programdata\thebflix
2012-03-07 09:21:16 -------- d-----w- c:\programdata\installmate
2012-03-07 06:18:33 -------- d-----w- c:\users\simon\appdata\local\{72808d7f-e45f-4000-8aa5-976776bbb63c}
2012-03-07 06:18:21 -------- d-----w- c:\users\simon\appdata\local\{1fb4babe-6c90-406e-a178-33f8cac353da}
2012-03-06 07:08:10 -------- d-----w- c:\users\simon\appdata\local\{a01be137-b817-4b2c-8980-4f419942bb72}
2012-03-06 07:07:55 -------- d-----w- c:\users\simon\appdata\local\{b9df804b-20b7-4747-a56e-fe435e8fdaa5}
2012-03-05 17:37:30 -------- d-----w- c:\users\simon\appdata\local\{cbefc159-1f49-4c80-8b3d-0335817f9534}
2012-03-05 17:13:27 -------- d-----w- c:\programdata\tomtom
2012-03-05 17:13:11 -------- d-----w- c:\users\simon\appdata\roaming\tomtom
2012-03-05 17:13:11 -------- d-----w- c:\users\simon\appdata\local\tomtom
2012-03-05 17:13:05 -------- d-----w- c:\program files\tomtom international b.v
2012-03-05 17:12:53 -------- d-----w- c:\program files\tomtom home 2
2012-03-05 05:37:08 -------- d-----w- c:\users\simon\appdata\local\{a53e6285-3f43-45f1-9924-2a63924f27ac}
2012-03-05 05:36:56 -------- d-----w- c:\users\simon\appdata\local\{bad34ec6-0ded-4daa-a88f-694765234314}
2012-03-04 10:11:42 -------- d-----w- c:\users\simon\appdata\local\{04317c03-fe2d-4cac-b722-244e806d7af4}
2012-03-04 10:11:27 -------- d-----w- c:\users\simon\appdata\local\{69e7bfb9-b96b-4894-9981-16123fa39b6d}
2012-03-03 10:10:24 -------- d-----w- c:\users\simon\appdata\local\{dbbead0b-b856-4bfc-8835-c807ccf9a501}
2012-03-03 10:10:13 -------- d-----w- c:\users\simon\appdata\local\{65f8c696-0cdb-4d69-844b-3e0867f0512c}
2012-03-02 11:00:30 -------- d-----w- c:\users\simon\appdata\local\{f92c6b40-25c3-4760-bebe-497f5d1110ec}
2012-03-02 11:00:17 -------- d-----w- c:\users\simon\appdata\local\{08b0b296-e0d3-4d6b-88a0-f0b4cf3c9435}
2012-03-01 08:54:52 -------- d-----w- c:\users\simon\appdata\local\{11b28918-8e4e-45e3-b603-cf04d1acba4e}
2012-03-01 08:54:39 -------- d-----w- c:\users\simon\appdata\local\{ac7ef9ea-1467-48cc-a578-e9ffbdc240ff}
2012-02-29 18:51:30 -------- d-----w- c:\users\simon\appdata\local\{9d9f910f-8e37-438e-bae4-269c54aed28e}
2012-02-29 18:51:18 -------- d-----w- c:\users\simon\appdata\local\{e14faae7-7db3-4357-b799-b123bdff270b}
2012-02-29 06:13:21 -------- d-----w- c:\users\simon\appdata\local\{391b6b22-21f7-4059-930a-dabe283bee34}
2012-02-29 06:13:10 -------- d-----w- c:\users\simon\appdata\local\{f75d66ef-b8e7-4375-8e89-f11887553bdb}
2012-02-28 18:01:06 -------- d-----w- c:\users\simon\appdata\local\{f2baa404-ddb9-4eaf-9e08-196d6e0d1282}
2012-02-28 18:00:56 -------- d-----w- c:\users\simon\appdata\local\{157a0faa-c2e7-4c98-9175-ca367f2b75cb}
2012-02-28 06:00:30 -------- d-----w- c:\users\simon\appdata\local\{f5da45c1-8901-4766-93e7-933bcfc7dd91}
2012-02-28 06:00:18 -------- d-----w- c:\users\simon\appdata\local\{499d642f-258c-42ba-877a-572fd4a46d18}
2012-02-27 17:53:19 -------- d-----w- c:\program files\videolan
2012-02-27 10:25:35 -------- d-----w- c:\users\simon\appdata\local\{cb61854f-6a42-48c6-8018-5c54b8157dab}
2012-02-27 10:25:23 -------- d-----w- c:\users\simon\appdata\local\{da591638-1ddb-4b65-b24d-03d5f8b1ccf6}
2012-02-26 18:11:27 -------- d-----w- c:\users\simon\appdata\local\{af792dfb-8362-47cf-a74a-67f9686b8c22}
2012-02-26 18:11:14 -------- d-----w- c:\users\simon\appdata\local\{e2927b7b-c118-43db-968d-a6968ba8ec60}
2012-02-25 22:15:48 -------- d-----w- c:\users\simon\appdata\local\{1ead9211-e36a-43ef-a779-b2646b7f4c9c}
2012-02-25 22:15:37 -------- d-----w- c:\users\simon\appdata\local\{53bdc236-cffa-44c2-b9c2-11e26c815510}
2012-02-25 19:52:56 -------- d-----w- c:\users\simon\appdata\local\{f8e3e4ed-ff29-49ea-b3a6-863a6536ef1e}
2012-02-25 19:52:45 -------- d-----w- c:\users\simon\appdata\local\{70957f1a-6888-4d81-9174-1550503ab32f}
2012-02-25 08:51:08 -------- d-----w- c:\program files\media player utilities 4.39
2012-02-25 07:40:32 -------- d-----w- c:\users\simon\appdata\local\{a2a7a40b-ebfd-4b14-bcb5-be820c0160cf}
2012-02-25 07:40:22 -------- d-----w- c:\users\simon\appdata\local\{e2a74833-c171-4dea-8749-ab0c69c0f00c}
2012-02-24 19:39:56 -------- d-----w- c:\users\simon\appdata\local\{8c7bddd6-6297-4cac-8485-f8266ece3458}
2012-02-24 19:39:46 -------- d-----w- c:\users\simon\appdata\local\{e3a921d6-5c1d-499f-9881-2ed5396b6878}
2012-02-24 10:15:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-02-24 07:39:20 -------- d-----w- c:\users\simon\appdata\local\{78692c74-ebc3-486b-98a3-0edd0bf382e0}
2012-02-24 07:39:09 -------- d-----w- c:\users\simon\appdata\local\{860c520c-ac97-4e8a-8b18-a86a3d893795}
2012-02-23 19:38:44 -------- d-----w- c:\users\simon\appdata\local\{317bd8fe-14af-4001-b86c-8085ed3afe51}
2012-02-23 07:38:17 -------- d-----w- c:\users\simon\appdata\local\{45d4d396-6707-49f2-afdb-99685507b81d}
2012-02-23 07:37:26 -------- d-----w- c:\users\simon\appdata\local\{870d559c-e99e-4da5-b89f-4d5df0bffaa1}
2012-02-22 19:27:25 -------- d-----w- c:\users\simon\appdata\local\{3d053777-7d57-440e-81f1-5c6bcf8ceb50}
2012-02-22 07:26:57 -------- d-----w- c:\users\simon\appdata\local\{28c86741-931d-49b8-9d9c-b0cd33afc687}
2012-02-22 07:26:39 -------- d-----w- c:\users\simon\appdata\local\{70958e50-b37d-4b7b-9e89-75146b4dd64b}
2012-02-21 18:36:49 -------- d-----w- c:\users\simon\library
2012-02-21 18:36:49 -------- d-----w- c:\users\simon\appdata\roaming\com.adobe.exman
2012-02-21 09:14:31 -------- d-----w- c:\users\simon\appdata\local\{e9abb873-7534-4113-b78f-8f97eed0c870}
2012-02-21 09:14:20 -------- d-----w- c:\users\simon\appdata\local\{156f85bb-8607-4bbf-8811-e0e861e83c43}
2012-02-20 21:13:54 -------- d-----w- c:\users\simon\appdata\local\{1a5a003e-31f8-4c6f-a916-9fcf92f26da4}
2012-02-20 09:13:30 -------- d-----w- c:\users\simon\appdata\local\{41c81a35-dbee-4c1c-a39b-f16b0d947d51}
2012-02-20 09:13:19 -------- d-----w- c:\users\simon\appdata\local\{917b58d3-416a-44a3-9f9a-fa4d43eb66f1}
2012-02-19 21:12:53 -------- d-----w- c:\users\simon\appdata\local\{9fb68b66-371c-48c0-b362-36edfd642ede}
2012-02-19 16:33:50 -------- d-----w- c:\program files\common files\macrovision shared
2012-02-19 12:47:44 -------- d-----w- c:\users\simon\appdata\local\sabnzbd
2012-02-19 12:47:15 -------- d-----w- c:\program files\sabnzbd
2012-02-19 09:27:49 16384 ----a-w- c:\windows\system32\fileops.exe
2012-02-19 09:19:29 -------- d-----w- c:\program files\common files\adobe systems shared
2012-02-19 09:12:24 -------- d-----w- c:\users\simon\appdata\local\{f76ce0a3-4774-4f45-92b1-8c10bd7f7f16}
2012-02-19 09:12:06 -------- d-----w- c:\users\simon\appdata\local\{0bf86819-dc26-4ca4-9dad-475cb5a69648}
2012-02-18 07:49:09 -------- d-----w- c:\users\simon\appdata\local\{30ed8737-2b75-486d-b36c-cf78381f4c65}
2012-02-18 07:48:36 -------- d-----w- c:\users\simon\appdata\local\{567c2e7c-cd76-4f26-83a5-3870a3e3a295}
2012-02-17 18:29:41 -------- d-----w- c:\users\simon\appdata\local\{cb7a092c-74f0-4360-abb9-88beb78419da}
2012-02-17 06:29:03 -------- d-----w- c:\users\simon\appdata\local\{7b69d96e-cf51-4943-ace8-927730131bb7}
2012-02-17 06:28:45 -------- d-----w- c:\users\simon\appdata\local\{02573e77-7b62-4fd2-843e-ea4f6e5a1930}
2012-02-16 17:48:07 -------- d-----w- c:\users\simon\appdata\local\{6e1d28eb-3c83-4194-9ca9-a365eb9e34b4}
2012-02-16 17:47:56 -------- d-----w- c:\users\simon\appdata\local\{4a14b255-7273-4368-b4a1-6c9abd36901e}
2012-02-16 05:47:29 -------- d-----w- c:\users\simon\appdata\local\{a0562eaa-6a43-4bad-be18-afca88357f21}
2012-02-16 05:47:16 -------- d-----w- c:\users\simon\appdata\local\{cbd61cff-de21-4e43-a7e8-0a09b38f869a}
2012-02-15 15:20:49 -------- d-----w- c:\users\simon\appdata\local\{20b703d7-9dad-47ce-a6c1-7a53443d2383}
2012-02-15 15:20:39 -------- d-----w- c:\users\simon\appdata\local\{41d0c0a5-bc90-42ff-a70d-fd5a11737ab6}
2012-02-14 20:37:59 -------- d-----w- c:\users\simon\appdata\local\{d82f8c94-9213-48d9-9d57-227175e708d4}
2012-02-14 20:37:48 -------- d-----w- c:\users\simon\appdata\local\{e3748da8-bf04-4b2b-9669-fe0488f553b7}
2012-02-14 08:37:20 -------- d-----w- c:\users\simon\appdata\local\{80ee4b9f-c2ad-445f-ad6a-c9ecbbbdbf99}
2012-02-14 08:36:58 -------- d-----w- c:\users\simon\appdata\local\{7f33c577-6211-4a4a-9080-0521637c0e7e}
2012-02-13 22:04:50 -------- d-----w- c:\program files\cartoon maker
2012-02-13 17:43:47 -------- d-----w- c:\users\simon\appdata\local\{d94ccd27-b4a3-4555-9ce3-25098b4cd88e}
2012-02-13 17:43:35 -------- d-----w- c:\users\simon\appdata\local\{f3fe7c40-e27e-4a2f-bd94-5844f9f20a28}
2012-02-13 05:43:07 -------- d-----w- c:\users\simon\appdata\local\{56d1cd95-0b78-4029-b4b0-295ebb87c8f8}
2012-02-13 05:42:56 -------- d-----w- c:\users\simon\appdata\local\{b92ca7a1-3174-4f92-862b-ca57d9421bfe}
2012-02-12 16:31:06 -------- d-----w- c:\users\simon\appdata\roaming\korg
2012-02-12 16:30:43 -------- d-----w- c:\programdata\korg
2012-02-12 16:30:43 -------- d-----w- c:\program files\korg
2012-02-12 16:30:43 -------- d-----w- c:\program files\common files\korg
2012-02-12 16:30:43 -------- d-----w- c:\program files\common files\digidesign
2012-02-12 16:07:33 -------- d-----w- c:\users\simon\appdata\roaming\reaper
2012-02-12 16:07:25 -------- d-----w- c:\program files\common files\propellerhead software
2012-02-12 16:07:02 -------- d-----w- c:\program files\reaper
2012-02-12 09:20:22 -------- d-----w- c:\users\simon\appdata\local\{e0a2eba5-23d5-4d79-8339-6048e0972cf0}
2012-02-12 09:20:02 -------- d-----w- c:\users\simon\appdata\local\{b643c80f-66fb-41cf-b657-d799f47c1867}
2012-02-11 21:00:42 -------- d-----w- c:\users\simon\appdata\local\{b5059c0a-6299-49de-9aeb-582d191f4ffe}
2012-02-11 21:00:31 -------- d-----w- c:\users\simon\appdata\local\{0149867d-b289-42c9-9dec-ff92b944426f}
2012-02-11 09:10:19 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-02-11 09:10:18 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{72403c43-5539-446c-a67b-b1696ade32d6}\gapaengine.dll
2012-02-11 08:59:58 -------- d-----w- c:\users\simon\appdata\local\{cee26715-5fab-447f-bdb6-5914d9145321}
2012-02-11 08:59:41 -------- d-----w- c:\users\simon\appdata\local\{15596c54-fcfb-4401-9687-6a9b82335f40}
2012-02-10 09:59:23 -------- d-----w- c:\users\simon\appdata\local\{2e886b1c-3ed5-4812-9258-bd485b47f273}
2012-02-10 09:59:12 -------- d-----w- c:\users\simon\appdata\local\{ff8a82b7-c8bc-4117-a360-139343f58c1b}
2012-02-09 21:58:46 -------- d-----w- c:\users\simon\appdata\local\{0f52ada3-19ba-4518-ad41-a3d551d0157a}
2012-02-09 21:58:36 -------- d-----w- c:\users\simon\appdata\local\{0f737968-331d-4380-a76c-51a7e3286f5e}
2012-02-09 09:58:10 -------- d-----w- c:\users\simon\appdata\local\{08bf67a1-1e0c-4785-9d7b-3eea5b93ec64}
2012-02-09 09:57:51 -------- d-----w- c:\users\simon\appdata\local\{27182230-b4f9-4b6c-9d54-495fbf7e7110}
2012-02-08 22:20:06 -------- d-----w- c:\programdata\spotgrit
2012-02-08 22:15:33 -------- d-sh--w- c:\windows\system32\ai_recyclebin
2012-02-08 21:57:21 -------- d-----w- c:\users\simon\appdata\local\{2fb6f2e5-611f-4d20-a3eb-fc7fcc4c7a9f}
2012-02-08 21:56:50 -------- d-----w- c:\users\simon\appdata\local\{765d9511-bfdb-4ef9-a7bc-634a8e095bf4}
2012-02-08 21:37:09 -------- d-----w- c:\program files\website x5 v9 - evolution
.
==================== find3m ====================
.
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastss.scr
2012-03-06 07:27:03 472808 ----a-w- c:\windows\system32\deployjava1.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\mpsigstub.exe
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= finish: 13:02:19,54 ===============

[/hjt]

---------- Bericht toegevoegd om 13:04 ---------- Vorige bericht geplaatst om 13:02 ----------

[hjt]
.
unless specifically instructed, do not post this log.
if requested, zip it up & attach it
.
dds (ver_2011-08-26.01)
.
microsoft windows 7 ultimate
boot device: \device\harddiskvolume1
install date: 4-9-2011 11:20:39
system uptime: 9-3-2012 8:17:06 (5 hours ago)
.
motherboard: msi | | g41m-p28 (ms-7592)
processor: intel(r) celeron(r) cpu e3400 @ 2.60ghz | cpu 1 | 1197/200mhz
.
==== disk partitions =========================
.
c: is fixed (ntfs) - 932 gib total, 770,558 gib free.
d: is cdrom ()
e: is cdrom ()
g: is fixed (ntfs) - 932 gib total, 910,968 gib free.
.
==== disabled device manager items =============
.
==== system restore points ===================
.
rp124: 28-2-2012 8:17:40 - windows update
rp125: 2-3-2012 12:10:21 - windows update
rp126: 6-3-2012 8:18:09 - windows update
rp127: 6-3-2012 8:26:14 - installed java(tm) 6 update 31
rp128: 8-3-2012 23:17:14 - installed avg 2012
rp129: 8-3-2012 23:18:03 - installed avg 2012
rp130: 9-3-2012 7:11:30 - removed avg 2012
rp131: 9-3-2012 7:16:04 - removed avg 2012
rp132: 9-3-2012 8:03:23 - avast! free antivirus setup
.
==== installed programs ======================
.
1clickdownload
32 bit hp cio components installer
acrobat.com
adobe air
adobe anchor service cs4
adobe asset services cs4
adobe bridge 1.0
adobe bridge cs4
adobe cmaps cs4
adobe color - photoshop specific cs4
adobe color eu recommended settings cs4
adobe color ja extra settings cs4
adobe color na extra settings cs4
adobe color video profiles cs cs4
adobe common file installer
adobe community help
adobe contribute cs4
adobe creative suite 2
adobe creative suite 4 web premium
adobe cs4 american english speech analysis models
adobe cs4 french speech analysis models
adobe cs4 german speech analysis models
adobe cs4 international english speech analysis models
adobe cs4 italian speech analysis models
adobe cs4 japanese speech analysis models
adobe cs4 korean speech analysis models
adobe cs4 spanish speech analysis models
adobe csi cs4
adobe default language cs4
adobe device central cs4
adobe dreamweaver cs4
adobe drive cs4
adobe dynamiclink support
adobe extendscript toolkit cs4
adobe extension manager cs4
adobe fireworks cs4
adobe fireworks cs5
adobe flash cs4
adobe flash cs4 extension - flash lite sti others
adobe flash cs4 sti-other
adobe flash player 10 activex
adobe flash player 10 plugin
adobe fonts all
adobe golive cs2
adobe help center 1.0
adobe illustrator cs2
adobe illustrator cs4
adobe indesign cs2
adobe linguistics cs4
adobe media encoder cs4
adobe media encoder cs4 importer
adobe media player
adobe output module
adobe pdf library files cs4
adobe photoshop cs2
adobe photoshop cs4
adobe photoshop cs4 support
adobe reader x (10.1.2) - nederlands
adobe search for help
adobe service manager extension
adobe setup
adobe shockwave player 11.6
adobe soundbooth cs4
adobe soundbooth cs4 codecs
adobe stock photos 1.0
adobe svg viewer 3.0
adobe type support cs4
adobe update manager cs4
adobe version cue cs2
adobe version cue cs4 server
adobe winsoft linguistics plugin
adobe xmp panels cs4
adobecolorcommonsetcmyk
adobecolorcommonsetrgb
akimbo
apple application support
apple mobile device support
apple software update
audacity 1.3.13 (unicode)
avast! free antivirus
aviconverter 3.0
avisynth 2.5
bamboo
bonjour
bufferchm
calme version 2012
cars 2
cartoon maker 6.01
ccleaner
connect
copy
corel paint shop pro photo x2
d3dx10
definition update for microsoft office 2010 (kb982726) 32-bit edition
destinations
devicediscovery
dj_aio_06_f2400_sw_min
dvd flick 1.3.0.7
f2400
ffdshow [rev 2583] [2009-01-05]
finepixviewer ver.4.0
firebird sql server - magix edition
fotosketcher 2.20
fujifilm usb driver
google chrome
gpbaseservice2
haali media splitter
high-definition video playback 10
hijackthis
hp customer participation program 13.0
hp deskjet f2400 all-in-one driver software 13.0 rel .6
hp imaging device functions 13.0
hp print projects 1.0
hp smart web printing 4.5
hp solution center 13.0
hp update
hpphotogadget
hpprintprojects
hpproductassistant
hpssupply
hpwlpginstaller
imagemixer vcd for finepix
imgburn
installatie van lg pc suite iii ongedaan maken
iprint
itunes
jasc paint shop pro 9
java auto updater
java(tm) 6 update 31
junk mail filter update
korg m1 le
kuler
lame v3.98.3 for audacity
lg bluetooth drivers
lg internet kit
lg united mobile drivers
lg usb modem drivers
magix music maker mx production suite download-versie
magix music maker mx production suite trial (geluidspakket)
magix music manager (nl)
magix music studio 2006 deluxe (nl)
magix photo manager (nl)
magix screenshare
magix speed burnr (msi)
malwarebytes anti-malware versie 1.60.1.1000
mama moe en de kraai
marketresearch
media player utilities 4.39
mesh runtime
messenger companion
microsoft .net framework 4 client profile
microsoft .net framework 4 client profile nld language pack
microsoft .net framework 4 extended
microsoft .net framework 4 extended nld language pack
microsoft antimalware
microsoft antimalware service nl-nl language pack
microsoft application error reporting
microsoft office 2010 service pack 1 (sp1)
microsoft office access mui (dutch) 2010
microsoft office excel mui (dutch) 2010
microsoft office groove mui (dutch) 2010
microsoft office infopath mui (dutch) 2010
microsoft office onenote mui (dutch) 2010
microsoft office outlook mui (dutch) 2010
microsoft office powerpoint mui (dutch) 2010
microsoft office professional plus 2010
microsoft office proof (dutch) 2010
microsoft office proof (english) 2010
microsoft office proof (french) 2010
microsoft office proof (german) 2010
microsoft office proofing (dutch) 2010
microsoft office publisher mui (dutch) 2010
microsoft office shared mui (dutch) 2010
microsoft office word mui (dutch) 2010
microsoft primary interoperability assemblies 2005
microsoft security client
microsoft security client nl-nl language pack
microsoft security essentials
microsoft silverlight
microsoft sql server 2005 compact edition [enu]
microsoft visual c++ 2005 atl update kb973923 - x86 8.0.50727.4053
microsoft visual c++ 2005 redistributable
microsoft visual c++ 2008 redistributable - x86 9.0.30729.17
microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148
microsoft visual c++ 2008 redistributable - x86 9.0.30729.6161
microsoft xml parser
microsoft_vc80_atl_x86
microsoft_vc80_crt_x86
microsoft_vc80_mfc_x86
microsoft_vc80_mfcloc_x86
microsoft_vc90_atl_x86
microsoft_vc90_crt_x86
microsoft_vc90_mfc_x86
msvcrt
msxml 4.0 sp2 (kb954430)
msxml 4.0 sp2 (kb973688)
msxml 4.0 sp3 parser
msxml 4.0 sp3 parser (kb973685)
mx simulator
nero 10 clipartpack
nero 10 menu templatepack 1
nero 10 menu templatepack 2
nero 10 menu templatepack 3
nero 10 menu templatepack basic
nero 10 movie themepack 1
nero 10 movie themepack 2
nero 10 movie themepack basic
nero 10 sample imagepack
nero 10 sample videos
nero backitup 10 help (chm)
nero burning rom 10
nero burningrom 10 help (chm)
nero burnrights 10 help (chm)
nero control center 10
nero core components 10
nero coverdesigner 10
nero coverdesigner 10 help (chm)
nero disccopy gadget 10
nero disccopygadget 10 help (chm)
nero discspeed 10
nero discspeed 10 help (chm)
nero dolby files 10
nero express 10
nero express 10 help (chm)
nero infotool 10
nero infotool 10 help (chm)
nero mediahub 10
nero mediahub 10 help (chm)
nero multimedia suite 10
nero recode 10
nero recode 10 help (chm)
nero rescueagent 10
nero rescueagent 10 help (chm)
nero soundtrax 10
nero soundtrax 10 help (chm)
nero startsmart 10
nero startsmart 10 help (chm)
nero vision 10
nero vision 10 help (chm)
nero waveeditor 10
nero waveeditor 10 help (chm)
neroxml
orbyx deluxe
pdf settings cs4
photoshop camera raw
pixel bender toolkit
pro evolution soccer 2008
quicktime
raw file converter le
reaper
rockstar games social club
sabnzbd 0.6.15
scan
secure eraser v4.0
security update for microsoft .net framework 4 client profile (kb2478663)
security update for microsoft .net framework 4 client profile (kb2518870)
security update for microsoft .net framework 4 client profile (kb2539636)
security update for microsoft .net framework 4 client profile (kb2572078)
security update for microsoft .net framework 4 client profile (kb2633870)
security update for microsoft .net framework 4 client profile (kb2656351)
security update for microsoft .net framework 4 extended (kb2487367)
security update for microsoft .net framework 4 extended (kb2656351)
security update for microsoft office 2010 (kb2553091)
security update for microsoft office 2010 (kb2553096)
security update for microsoft office 2010 (kb2589320) 32-bit edition
security update for microsoft powerpoint 2010 (kb2553185) 32-bit edition
security update for microsoft sharepoint workspace 2010 (kb2566445)
security update for microsoft visio viewer 2010 (kb2597170) 32-bit edition
sega mega drive classics
shockwave
shop for hp supplies
smartwebprinting
solutioncenter
sothink movie dvd maker
speedfan (remove only)
spotnet
status
suite shared configuration cs4
suite specific
swmsm
taalpakket voor microsoft .net framework 4 client profile - nld
taalpakket voor microsoft .net framework 4 extended - nld
tactical ops
teamviewer 6
text-to-speech-runtime
thebflix
tommy tronic
tomtom home 2.8.3.2499
tomtom home visual studio merge modules
toolbox
trayapp
update for microsoft .net framework 4 client profile (kb2468871)
update for microsoft .net framework 4 client profile (kb2533523)
update for microsoft .net framework 4 client profile (kb2600217)
update for microsoft .net framework 4 extended (kb2468871)
update for microsoft .net framework 4 extended (kb2533523)
update for microsoft .net framework 4 extended (kb2600217)
update for microsoft excel 2010 (kb2553439) 32-bit edition
update for microsoft office 2010 (kb2494150)
update for microsoft office 2010 (kb2553065)
update for microsoft office 2010 (kb2553092)
update for microsoft office 2010 (kb2553181) 32-bit edition
update for microsoft office 2010 (kb2553270) 32-bit edition
update for microsoft office 2010 (kb2553310) 32-bit edition
update for microsoft office 2010 (kb2553385) 32-bit edition
update for microsoft office 2010 (kb2566458)
update for microsoft office 2010 (kb2596964) 32-bit edition
update for microsoft office 2010 (kb2597091) 32-bit edition
update for microsoft onenote 2010 (kb2553290) 32-bit edition
update for microsoft outlook 2010 (kb2553323) 32-bit edition
update for microsoft outlook social connector (kb2583935)
vcredistsetup
verzoek of wijziging voorlopige aanslag 2012
virtualclonedrive
vlc media player 2.0.0
webreg
webtablet fb plugin
webtablet ie plugin
webtablet netscape plugin
windows live communications platform
windows live essentials
windows live family safety
windows live id sign-in assistant
windows live installer
windows live mail
windows live mesh
windows live mesh - activex-besturingselement voor externe verbindingen
windows live messenger
windows live messenger companion core
windows live mime ifilter
windows live movie maker
windows live photo common
windows live photo gallery
windows live pimt platform
windows live remote client
windows live remote client resources
windows live remote service
windows live remote service resources
windows live soxe
windows live soxe definitions
windows live ux platform
windows live ux platform language pack
windows live writer
windows live writer resources
winrar
yontoo 1.10.02
.
==== end of file ===========================

---------- Bericht toegevoegd om 15:35 ---------- Vorige bericht geplaatst om 13:04 ----------

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databaseversie: v2012.03.09.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
simon :: SIEMON-PC [administrator]

9-3-2012 15:06:54
mbam-log-2012-03-09 (15-06-54).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 217465
Verstreken tijd: 6 minuut/minuten, 14 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1
C:\Users\simon\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Ik heb het gedetecteerde bestand verwijderd en ik heb de pc opnieuw opgestart.
Ik blijf evenwel die pop-ups houden. Nogmaals Antimalware laten lopen en nu wordt er niks meer gevonden. Maar het euvel blijft...
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databaseversie: v2012.03.09.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
simon :: SIEMON-PC [administrator]

9-3-2012 15:27:50
mbam-log-2012-03-09 (15-27-50).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 217884
Verstreken tijd: 5 minuut/minuten, 54 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

---------- Bericht toegevoegd om 15:46 ---------- Vorige bericht geplaatst om 15:35 ----------

De willekeurige woorden die blauw en onderstreept zijn en die dus zo'n pop-upvenstertje tonen geven een melding: Powered by Text-Enhance
 

Abraham54

Administrator
Team lid
Ik weet niet precies wat jij met blauw en onderstreept bedoeld.

We doen nu eerst dit: download CKScanner by askey 127 en sla het op je bureaublad op.
Vista en Win 7 gebruikers gebruiken dit tool via rechtsklik en kiezen voor Als Administrator uitvoeren.
  • Klik/dubbelklik op CKScanner by askey 127 om het tool te starten en klik op Search for Files.
  • Na een korte tijd, wanneer de zandloper verdwijnt, klik dan op Save List To File
  • Een berichtvenster zal bevestigen dat het dokument is opgelagen.
  • Klik/dubbelklik op de CKFiles.txt snelkoppeling op je bureaublad en kopier en plak de inhoud in je volgende post.
 

Siepe

Gevestigd lid
Ik heb gisteren adblocks van google aangevinkt en dat deed 't goed. Vandaag echter grote problemen met de computer gehad. Waarschijnlijk door een key-gen. Ik heb systeemherstel gedaan en Avast even uit. Wel Windows securuty. Deze geeft ook de melding over de key-gen. Maar deze wil ik eigenlijk niet verwijderen want daarme kan ik een bepaald programma blijven(!) gebruiken.
 

Abraham54

Administrator
Team lid
Je wil die keygen blijven gebruiken vanwege het gratis gebruik van software, dan is een fix zinloos.
 

Siepe

Gevestigd lid
Ik heb fireworks (waar die key-gen bijgeleverd was) naar de prullenbak gedaan en leeggemaakt.

---------- Bericht toegevoegd om 09:29 ---------- Vorige bericht geplaatst om 09:28 ----------

Nu zit ik nog met Babylon toolbar

---------- Bericht toegevoegd om 10:17 ---------- Vorige bericht geplaatst om 09:29 ----------

Ik ben van dat "text enhance"af. Key-gen ook verwijderd (toch maar via legale weg...)

Ik zit nu opgescheept met een vervelende Babylon-toolbar. Hoe kom ik hier vanaf?
Moet ik hiervoor een nieuw draadje uitgooien?

---------- Bericht toegevoegd om 11:44 ---------- Vorige bericht geplaatst om 10:17 ----------

please?
 
Laatst bewerkt door een moderator:

Abraham54

Administrator
Team lid
Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:
  • Lees telkens elke instruktie eerst goed door.
  • De gegeven instrukties gelden alleen jouw Windows.
  • Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat mogelijk serieuze problemen in Windows veroorzaken.
  • Installeer geen nieuwe programma's, updates of nieuwe hardware terwijl we met de fix bezig zijn.
    [*]Gebruik ook geen andere programma's of tools dan diegenen waartoe ik opdracht geef.
  • Emoticons (smileys) a.u.b. uitzetten, wanneer je een log post.
  • Gebruik altijd n scanner per keer, nooit meerdere tegelijk gebruiken.
  • Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
  • Ook indien je iets niet begrijpt, meldt dat dan.
  • De fix, eenmaal gestart, dient afgewerkt te worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.
Stap 1
Welk programma: sUbs dds
Waarvoor/waarom: DDS is een diagnosetool en maakt gebruik van scripts.
Moeilijkheidsgraad: Lees eerst goed wat te doen.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
Download DDS van sUBS van n van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.




sUBs dds. gebruiken:
  • Sluit vervolgens eerst alle nog openstaande programmavensters!
    • Windows 2000 en Windows XP: start sUBs dds. middels dubbelklik op de snelkoppeling.
    • Windows Vista en Windows 7: start sUBs dds. rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
  • Na de scan worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - post de inhoud van beide logs maar let even op het volgende!
  • Ga naar DDRMMR's kleurcodeerder
  • Kopieer en plak de gehele inhoud van de DDS-logfile in het venster en klik op de knop Converteer
  • Kopieer en plak de inhoud van de kleurcodeerder in je aansluitende bericht en post tevens de inhoud van Attach.txt.
Stap 2
Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
  • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.
Stap 3
Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Download Malwarebytes MBAM via n van deze locaties:
Allereerst:
  • Al meteen na de installatie wil 'MBAM' zijn database opwaarderen toestaan dus.
  • Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
Malwarebytes MBAM opstarten:
  • Sluit nu eerst alle nog openstaande programmavensters!
    • Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    • Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
  • Let op:
    • Malwarebytes verstrekt nu de volledige versie van MBAM.
    • Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    • Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    • Zodoende zal MBAM als gratis versie verder te gebruiken zijn

  • Doe ook nog het volgende:
    • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Scannen:
  • Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
  • Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
  • Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
Infecties gevonden:
  • Klik nu eerst op OK om de melding weg te klikken
  • Klik vervolgens rechtsonder op de knop Bekijk resultaten.
  • Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op 'OK' klikken!
  • Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.
MBAM-Log:
  • Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.
Post aansluitend in je volgende bericht de inhoud van het MBAM-log.

Stap 4
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
  • DDS-logfile
  • Attach,txt-log
  • EmsisoftEmergencyKit-logfile
  • MBAM scanlog
 

Siepe

Gevestigd lid
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by simon at 12:03:34 on 2012-03-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1033.18.3327.1828 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPrint\iPrint.exe
C:\Program Files\SABnzbd\SABnzbd.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\simon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\simon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Windows Security System] c:\users\simon\downloads\adobe indesign cs55\ADOBE INDESIGN CS5.5.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Corel Photo Downloader] :"c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\simon\appdata\roaming\micros~1\windows\startm~1\programs\startup\sabnzbd.lnk - c:\program files\sabnzbd\SABnzbd.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\iprint.lnk - c:\program files\iprint\iPrint.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Verzenden naar OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C95D0997-FEBA-40F5-9020-01E9300A9BC7} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-4 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-4 314456]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-28 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-4 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-4 55128]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-11-13 5554552]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-12 2358656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-11-13 451960]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-28 8396800]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-28 247296]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-13 10752]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-25 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [2012-1-22 16896]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-11-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-11-12 15872]
S3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-11 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2012-03-12 08:39:48 -------- d-----w- c:\users\simon\appdata\roaming\Gena01
2012-03-12 07:48:38 -------- d-----w- c:\users\simon\appdata\roaming\Babylon
2012-03-12 07:48:38 -------- d-----w- c:\users\simon\appdata\local\Babylon
2012-03-12 07:48:38 -------- d-----w- c:\programdata\Babylon
2012-03-12 06:23:04 -------- d-----w- c:\users\simon\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-12 06:22:30 -------- d-----w- c:\program files\Adobe Download Assistant
2012-03-12 05:47:15 6552120 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{071f3025-b50a-4d32-968a-78a938021c8f}\mpengine.dll
2012-03-12 05:37:17 -------- d-----w- c:\users\simon\appdata\local\{185467D2-3A2C-4E58-96B6-1E48491E2FE0}
2012-03-12 05:37:05 -------- d-----w- c:\users\simon\appdata\local\{764E21DF-A760-45FC-931E-45A93E2FDCF6}
2012-03-11 06:48:06 -------- d-----w- c:\users\simon\appdata\local\{18C12077-4A18-42EF-9F41-C259C2147647}
2012-03-11 06:47:55 -------- d-----w- c:\users\simon\appdata\local\{4D5B8494-500E-4CA6-8B8B-D921B3B67A54}
2012-03-10 18:31:46 -------- d-----w- c:\users\simon\appdata\local\{E64C1B61-FFC9-4B3A-B177-6931C83D59F0}
2012-03-10 08:11:15 -------- d-----w- c:\users\simon\appdata\local\{51D122B3-41E6-45E1-9EFD-CFB5065E219F}
2012-03-10 08:10:44 -------- d-----w- c:\users\simon\appdata\local\{FE1DA3A0-A77C-4059-8BF3-D0B7670F9564}
2012-03-09 17:47:10 -------- d-----w- c:\users\simon\appdata\local\{A9BD9302-0B26-41F5-BD4C-15C78171052A}
2012-03-09 17:46:59 -------- d-----w- c:\users\simon\appdata\local\{C38947AF-297C-49F1-BB4A-4B59489A44BD}
2012-03-09 05:46:33 -------- d-----w- c:\users\simon\appdata\local\{BE8CA282-F23D-4C82-9C55-76A1C9BC49B7}
2012-03-09 05:46:22 -------- d-----w- c:\users\simon\appdata\local\{D773DA7D-644A-48F2-987E-5C5302ECB647}
2012-03-08 22:26:17 -------- d-----w- c:\users\simon\appdata\roaming\AVG2012
2012-03-08 22:19:22 -------- d--h--w- c:\programdata\Common Files
2012-03-08 22:18:49 -------- d-----w- c:\programdata\AVG2012
2012-03-08 22:17:47 -------- d-----w- c:\program files\AVG
2012-03-08 22:10:30 -------- d-----w- c:\programdata\MFAData
2012-03-08 17:45:56 -------- d-----w- c:\users\simon\appdata\local\{04A445B6-6FAA-422B-B392-6C83936C707B}
2012-03-08 17:45:46 -------- d-----w- c:\users\simon\appdata\local\{3E70ACF5-32EB-40DA-BA92-ED36C594D733}
2012-03-08 05:45:19 -------- d-----w- c:\users\simon\appdata\local\{0FE2BBD9-2373-42F2-9238-F0BAA0109A4D}
2012-03-08 05:45:06 -------- d-----w- c:\users\simon\appdata\local\{0C71F95E-8596-4432-AB78-26AF056063FF}
2012-03-07 12:32:58 -------- d-----w- c:\programdata\ALM
2012-03-07 11:09:17 -------- d-----w- c:\users\simon\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-07 09:34:21 -------- d-----w- c:\programdata\Tarma Installer
2012-03-07 09:34:15 -------- d-----w- c:\program files\fbphotozoom
2012-03-07 09:22:24 -------- d-----w- c:\programdata\Premium
2012-03-07 09:22:23 -------- d-----w- c:\programdata\TheBflix
2012-03-07 09:21:16 -------- d-----w- c:\programdata\InstallMate
2012-03-07 06:18:33 -------- d-----w- c:\users\simon\appdata\local\{72808D7F-E45F-4000-8AA5-976776BBB63C}
2012-03-07 06:18:21 -------- d-----w- c:\users\simon\appdata\local\{1FB4BABE-6C90-406E-A178-33F8CAC353DA}
2012-03-06 07:08:10 -------- d-----w- c:\users\simon\appdata\local\{A01BE137-B817-4B2C-8980-4F419942BB72}
2012-03-06 07:07:55 -------- d-----w- c:\users\simon\appdata\local\{B9DF804B-20B7-4747-A56E-FE435E8FDAA5}
2012-03-05 17:37:30 -------- d-----w- c:\users\simon\appdata\local\{CBEFC159-1F49-4C80-8B3D-0335817F9534}
2012-03-05 17:13:27 -------- d-----w- c:\programdata\TomTom
2012-03-05 17:13:11 -------- d-----w- c:\users\simon\appdata\roaming\TomTom
2012-03-05 17:13:11 -------- d-----w- c:\users\simon\appdata\local\TomTom
2012-03-05 17:13:05 -------- d-----w- c:\program files\TomTom International B.V
2012-03-05 17:12:53 -------- d-----w- c:\program files\TomTom HOME 2
2012-03-05 05:37:08 -------- d-----w- c:\users\simon\appdata\local\{A53E6285-3F43-45F1-9924-2A63924F27AC}
2012-03-05 05:36:56 -------- d-----w- c:\users\simon\appdata\local\{BAD34EC6-0DED-4DAA-A88F-694765234314}
2012-03-04 10:11:42 -------- d-----w- c:\users\simon\appdata\local\{04317C03-FE2D-4CAC-B722-244E806D7AF4}
2012-03-04 10:11:27 -------- d-----w- c:\users\simon\appdata\local\{69E7BFB9-B96B-4894-9981-16123FA39B6D}
2012-03-03 10:10:24 -------- d-----w- c:\users\simon\appdata\local\{DBBEAD0B-B856-4BFC-8835-C807CCF9A501}
2012-03-03 10:10:13 -------- d-----w- c:\users\simon\appdata\local\{65F8C696-0CDB-4D69-844B-3E0867F0512C}
2012-03-02 11:00:30 -------- d-----w- c:\users\simon\appdata\local\{F92C6B40-25C3-4760-BEBE-497F5D1110EC}
2012-03-02 11:00:17 -------- d-----w- c:\users\simon\appdata\local\{08B0B296-E0D3-4D6B-88A0-F0B4CF3C9435}
2012-03-01 08:54:52 -------- d-----w- c:\users\simon\appdata\local\{11B28918-8E4E-45E3-B603-CF04D1ACBA4E}
2012-03-01 08:54:39 -------- d-----w- c:\users\simon\appdata\local\{AC7EF9EA-1467-48CC-A578-E9FFBDC240FF}
2012-02-29 18:51:30 -------- d-----w- c:\users\simon\appdata\local\{9D9F910F-8E37-438E-BAE4-269C54AED28E}
2012-02-29 18:51:18 -------- d-----w- c:\users\simon\appdata\local\{E14FAAE7-7DB3-4357-B799-B123BDFF270B}
2012-02-29 06:13:21 -------- d-----w- c:\users\simon\appdata\local\{391B6B22-21F7-4059-930A-DABE283BEE34}
2012-02-29 06:13:10 -------- d-----w- c:\users\simon\appdata\local\{F75D66EF-B8E7-4375-8E89-F11887553BDB}
2012-02-28 18:01:06 -------- d-----w- c:\users\simon\appdata\local\{F2BAA404-DDB9-4EAF-9E08-196D6E0D1282}
2012-02-28 18:00:56 -------- d-----w- c:\users\simon\appdata\local\{157A0FAA-C2E7-4C98-9175-CA367F2B75CB}
2012-02-28 06:00:30 -------- d-----w- c:\users\simon\appdata\local\{F5DA45C1-8901-4766-93E7-933BCFC7DD91}
2012-02-28 06:00:18 -------- d-----w- c:\users\simon\appdata\local\{499D642F-258C-42BA-877A-572FD4A46D18}
2012-02-27 17:53:19 -------- d-----w- c:\program files\VideoLAN
2012-02-27 10:25:35 -------- d-----w- c:\users\simon\appdata\local\{CB61854F-6A42-48C6-8018-5C54B8157DAB}
2012-02-27 10:25:23 -------- d-----w- c:\users\simon\appdata\local\{DA591638-1DDB-4B65-B24D-03D5F8B1CCF6}
2012-02-26 18:11:27 -------- d-----w- c:\users\simon\appdata\local\{AF792DFB-8362-47CF-A74A-67F9686B8C22}
2012-02-26 18:11:14 -------- d-----w- c:\users\simon\appdata\local\{E2927B7B-C118-43DB-968D-A6968BA8EC60}
2012-02-25 22:15:48 -------- d-----w- c:\users\simon\appdata\local\{1EAD9211-E36A-43EF-A779-B2646B7F4C9C}
2012-02-25 22:15:37 -------- d-----w- c:\users\simon\appdata\local\{53BDC236-CFFA-44C2-B9C2-11E26C815510}
2012-02-25 19:52:56 -------- d-----w- c:\users\simon\appdata\local\{F8E3E4ED-FF29-49EA-B3A6-863A6536EF1E}
2012-02-25 19:52:45 -------- d-----w- c:\users\simon\appdata\local\{70957F1A-6888-4D81-9174-1550503AB32F}
2012-02-25 08:51:08 -------- d-----w- c:\program files\Media Player Utilities 4.39
2012-02-25 07:40:32 -------- d-----w- c:\users\simon\appdata\local\{A2A7A40B-EBFD-4B14-BCB5-BE820C0160CF}
2012-02-25 07:40:22 -------- d-----w- c:\users\simon\appdata\local\{E2A74833-C171-4DEA-8749-AB0C69C0F00C}
2012-02-24 19:39:56 -------- d-----w- c:\users\simon\appdata\local\{8C7BDDD6-6297-4CAC-8485-F8266ECE3458}
2012-02-24 19:39:46 -------- d-----w- c:\users\simon\appdata\local\{E3A921D6-5C1D-499F-9881-2ED5396B6878}
2012-02-24 10:15:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-02-24 07:39:20 -------- d-----w- c:\users\simon\appdata\local\{78692C74-EBC3-486B-98A3-0EDD0BF382E0}
2012-02-24 07:39:09 -------- d-----w- c:\users\simon\appdata\local\{860C520C-AC97-4E8A-8B18-A86A3D893795}
2012-02-23 19:38:44 -------- d-----w- c:\users\simon\appdata\local\{317BD8FE-14AF-4001-B86C-8085ED3AFE51}
2012-02-23 07:38:17 -------- d-----w- c:\users\simon\appdata\local\{45D4D396-6707-49F2-AFDB-99685507B81D}
2012-02-23 07:37:26 -------- d-----w- c:\users\simon\appdata\local\{870D559C-E99E-4DA5-B89F-4D5DF0BFFAA1}
2012-02-22 19:27:25 -------- d-----w- c:\users\simon\appdata\local\{3D053777-7D57-440E-81F1-5C6BCF8CEB50}
2012-02-22 07:26:57 -------- d-----w- c:\users\simon\appdata\local\{28C86741-931D-49B8-9D9C-B0CD33AFC687}
2012-02-22 07:26:39 -------- d-----w- c:\users\simon\appdata\local\{70958E50-B37D-4B7B-9E89-75146B4DD64B}
2012-02-21 18:36:49 -------- d-----w- c:\users\simon\Library
2012-02-21 18:36:49 -------- d-----w- c:\users\simon\appdata\roaming\com.adobe.ExMan
2012-02-21 09:14:31 -------- d-----w- c:\users\simon\appdata\local\{E9ABB873-7534-4113-B78F-8F97EED0C870}
2012-02-21 09:14:20 -------- d-----w- c:\users\simon\appdata\local\{156F85BB-8607-4BBF-8811-E0E861E83C43}
2012-02-20 21:13:54 -------- d-----w- c:\users\simon\appdata\local\{1A5A003E-31F8-4C6F-A916-9FCF92F26DA4}
2012-02-20 09:13:30 -------- d-----w- c:\users\simon\appdata\local\{41C81A35-DBEE-4C1C-A39B-F16B0D947D51}
2012-02-20 09:13:19 -------- d-----w- c:\users\simon\appdata\local\{917B58D3-416A-44A3-9F9A-FA4D43EB66F1}
2012-02-19 21:12:53 -------- d-----w- c:\users\simon\appdata\local\{9FB68B66-371C-48C0-B362-36EDFD642EDE}
2012-02-19 16:33:50 -------- d-----w- c:\program files\common files\Macrovision Shared
2012-02-19 12:47:44 -------- d-----w- c:\users\simon\appdata\local\sabnzbd
2012-02-19 12:47:15 -------- d-----w- c:\program files\SABnzbd
2012-02-19 09:27:49 16384 ----a-w- c:\windows\system32\FileOps.exe
2012-02-19 09:19:29 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2012-02-19 09:12:24 -------- d-----w- c:\users\simon\appdata\local\{F76CE0A3-4774-4F45-92B1-8C10BD7F7F16}
2012-02-19 09:12:06 -------- d-----w- c:\users\simon\appdata\local\{0BF86819-DC26-4CA4-9DAD-475CB5A69648}
2012-02-18 07:49:09 -------- d-----w- c:\users\simon\appdata\local\{30ED8737-2B75-486D-B36C-CF78381F4C65}
2012-02-18 07:48:36 -------- d-----w- c:\users\simon\appdata\local\{567C2E7C-CD76-4F26-83A5-3870A3E3A295}
2012-02-17 18:29:41 -------- d-----w- c:\users\simon\appdata\local\{CB7A092C-74F0-4360-ABB9-88BEB78419DA}
2012-02-17 06:29:03 -------- d-----w- c:\users\simon\appdata\local\{7B69D96E-CF51-4943-ACE8-927730131BB7}
2012-02-17 06:28:45 -------- d-----w- c:\users\simon\appdata\local\{02573E77-7B62-4FD2-843E-EA4F6E5A1930}
2012-02-16 17:48:07 -------- d-----w- c:\users\simon\appdata\local\{6E1D28EB-3C83-4194-9CA9-A365EB9E34B4}
2012-02-16 17:47:56 -------- d-----w- c:\users\simon\appdata\local\{4A14B255-7273-4368-B4A1-6C9ABD36901E}
2012-02-16 05:47:29 -------- d-----w- c:\users\simon\appdata\local\{A0562EAA-6A43-4BAD-BE18-AFCA88357F21}
2012-02-16 05:47:16 -------- d-----w- c:\users\simon\appdata\local\{CBD61CFF-DE21-4E43-A7E8-0A09B38F869A}
2012-02-15 15:20:49 -------- d-----w- c:\users\simon\appdata\local\{20B703D7-9DAD-47CE-A6C1-7A53443D2383}
2012-02-15 15:20:39 -------- d-----w- c:\users\simon\appdata\local\{41D0C0A5-BC90-42FF-A70D-FD5A11737AB6}
2012-02-14 20:37:59 -------- d-----w- c:\users\simon\appdata\local\{D82F8C94-9213-48D9-9D57-227175E708D4}
2012-02-14 20:37:48 -------- d-----w- c:\users\simon\appdata\local\{E3748DA8-BF04-4B2B-9669-FE0488F553B7}
2012-02-14 08:37:20 -------- d-----w- c:\users\simon\appdata\local\{80EE4B9F-C2AD-445F-AD6A-C9ECBBBDBF99}
2012-02-14 08:36:58 -------- d-----w- c:\users\simon\appdata\local\{7F33C577-6211-4A4A-9080-0521637C0E7E}
2012-02-13 22:04:50 -------- d-----w- c:\program files\Cartoon Maker
2012-02-13 17:43:47 -------- d-----w- c:\users\simon\appdata\local\{D94CCD27-B4A3-4555-9CE3-25098B4CD88E}
2012-02-13 17:43:35 -------- d-----w- c:\users\simon\appdata\local\{F3FE7C40-E27E-4A2F-BD94-5844F9F20A28}
2012-02-13 05:43:07 -------- d-----w- c:\users\simon\appdata\local\{56D1CD95-0B78-4029-B4B0-295EBB87C8F8}
2012-02-13 05:42:56 -------- d-----w- c:\users\simon\appdata\local\{B92CA7A1-3174-4F92-862B-CA57D9421BFE}
2012-02-12 16:31:06 -------- d-----w- c:\users\simon\appdata\roaming\KORG
2012-02-12 16:30:43 -------- d-----w- c:\programdata\KORG
2012-02-12 16:30:43 -------- d-----w- c:\program files\KORG
2012-02-12 16:30:43 -------- d-----w- c:\program files\common files\KORG
2012-02-12 16:30:43 -------- d-----w- c:\program files\common files\Digidesign
2012-02-12 16:07:33 -------- d-----w- c:\users\simon\appdata\roaming\REAPER
2012-02-12 16:07:25 -------- d-----w- c:\program files\common files\Propellerhead Software
2012-02-12 16:07:02 -------- d-----w- c:\program files\REAPER
2012-02-12 09:20:22 -------- d-----w- c:\users\simon\appdata\local\{E0A2EBA5-23D5-4D79-8339-6048E0972CF0}
2012-02-12 09:20:02 -------- d-----w- c:\users\simon\appdata\local\{B643C80F-66FB-41CF-B657-D799F47C1867}
2012-02-11 21:00:42 -------- d-----w- c:\users\simon\appdata\local\{B5059C0A-6299-49DE-9AEB-582D191F4FFE}
2012-02-11 21:00:31 -------- d-----w- c:\users\simon\appdata\local\{0149867D-B289-42C9-9DEC-FF92B944426F}
.
==================== Find3M ====================
.
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:13:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:04:13,63 ===============

---------- Bericht toegevoegd om 12:02 ---------- Vorige bericht geplaatst om 12:01 ----------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4-9-2011 11:20:39
System Uptime: 12-3-2012 6:36:01 (6 hours ago)
.
Motherboard: MSI | | G41M-P28 (MS-7592)
Processor: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz | CPU 1 | 2603/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 772,226 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
G: is FIXED (NTFS) - 932 GiB total, 910,968 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslfc3f53f1
Device ID: ROOT\LEGACY_MPKSLFC3F53F1\0000
Manufacturer:
Name: MpKslfc3f53f1
PNP Device ID: ROOT\LEGACY_MPKSLFC3F53F1\0000
Service: MpKslfc3f53f1
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl51d88dec
Device ID: ROOT\LEGACY_MPKSL51D88DEC\0000
Manufacturer:
Name: MpKsl51d88dec
PNP Device ID: ROOT\LEGACY_MPKSL51D88DEC\0000
Service: MpKsl51d88dec
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsla9c4daab
Device ID: ROOT\LEGACY_MPKSLA9C4DAAB\0000
Manufacturer:
Name: MpKsla9c4daab
PNP Device ID: ROOT\LEGACY_MPKSLA9C4DAAB\0000
Service: MpKsla9c4daab
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslb09f87fd
Device ID: ROOT\LEGACY_MPKSLB09F87FD\0000
Manufacturer:
Name: MpKslb09f87fd
PNP Device ID: ROOT\LEGACY_MPKSLB09F87FD\0000
Service: MpKslb09f87fd
.
==== System Restore Points ===================
.
RP128: 8-3-2012 23:17:14 - Installed AVG 2012
RP129: 8-3-2012 23:18:03 - Installed AVG 2012
RP130: 9-3-2012 7:11:30 - Removed AVG 2012
RP131: 9-3-2012 7:16:04 - Removed AVG 2012
RP132: 9-3-2012 8:03:23 - avast! Free Antivirus Setup
RP133: 10-3-2012 9:20:42 - Windows Update
RP134: 10-3-2012 19:36:51 - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Community Help
Adobe Creative Suite 2
Adobe Creative Suite 4 Web Premium
Adobe CSI CS4
Adobe Download Assistant
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Fireworks CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Media Player
Adobe Photoshop CS2
Adobe Reader X (10.1.2) - Nederlands
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Update Manager CS4
Adobe Version Cue CS2
Akimbo
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
AVIConverter 3.0
AviSynth 2.5
Bamboo
Bonjour
BufferChm
Calme version 2012
Cars 2
Cartoon Maker 6.01
CCleaner
Connect
Copy
Corel Paint Shop Pro Photo X2
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
DVD Flick 1.3.0.7
F2400
ffdshow [rev 2583] [2009-01-05]
FinePixViewer Ver.4.0
Firebird SQL Server - MAGIX Edition
FotoSketcher 2.20
FUJIFILM USB Driver
Google Chrome
GPBaseService2
Haali Media Splitter
High-Definition Video Playback 10
HiJackThis
HP Customer Participation Program 13.0
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ImageMixer VCD for FinePix
ImgBurn
Installatie van LG PC Suite III ongedaan maken
iPrint
iTunes
Jasc Paint Shop Pro 9
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
KORG M1 Le
kuler
LAME v3.98.3 for Audacity
LG Bluetooth Drivers
LG Internet Kit
LG United Mobile Drivers
LG USB Modem Drivers
MAGIX Music Maker MX Production Suite Download-versie
MAGIX Music Maker MX Production Suite Trial (geluidspakket)
MAGIX Music Manager (NL)
MAGIX music studio 2006 deLuxe (NL)
MAGIX Photo Manager (NL)
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware versie 1.60.1.1000
Mama Moe en de Kraai
MarketResearch
Media Player Utilities 4.39
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile NLD Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended NLD Language Pack
Microsoft Antimalware
Microsoft Antimalware Service NL-NL Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Client NL-NL Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MX Simulator
Nero 10 ClipartPack
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack 2
Nero 10 Movie ThemePack Basic
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
neroxml
Orbyx Deluxe
Pro Evolution Soccer 2008
QuickTime
RAW FILE CONVERTER LE
REAPER
Rockstar Games Social Club
SABnzbd 0.6.15
Scan
Secure Eraser v4.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
SEGA Mega Drive Classics
Shockwave
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sothink Movie DVD Maker
SpeedFan (remove only)
Spotnet
Status
Suite Shared Configuration CS4
Suite Specific
swMSM
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
Tactical Ops
TeamViewer 6
Text-To-Speech-Runtime
Tommy Tronic
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VCRedistSetup
Verzoek of wijziging voorlopige aanslag 2012
VirtualCloneDrive
VLC media player 2.0.0
WebReg
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR
.
==== End Of File ===========================

---------- Bericht toegevoegd om 12:06 ---------- Vorige bericht geplaatst om 12:02 ----------

moet ik die volgende stappen nu ook doen of eerst wachten?
 

Abraham54

Administrator
Team lid
Gewoon doorgaan totdat je alle stappen gedaan hebt zoals in mijn bericht vermeld!
Dat geldt voor alle opdrachten die je van mij gaat ontvangen.
Dus niet de eerste stap posten en dan vragen of je door moet gaan.

Neen dus: eerst alles doen en dan alles in n keer posten.
 

Siepe

Gevestigd lid
Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 3/12/2012 12:39:44 PM

Scaninstellingen:

Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, G:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan

Scan gestart: 3/12/2012 12:40:57 PM

C:\Program Files\Disney Interactive Studios\Cars 2\Game-Cars.exe Ontdekt: Virus.Win32.Heur!IK
C:\Users\simon\AppData\Local\TempDIR\BetterInstaller.exe Ontdekt: Riskware.Win32.Somoto!A2

Gescand

Bestanden: 706650
Sporen: 405504
Cookies: 37
Processen: 76

Gevonden

Bestanden: 2
Sporen: 0
Cookies: 0
Processen: 0
Registersleutels: 0

Scan Geindigd: 3/12/2012 3:35:28 PM
Scantijd: 2:54:31

C:\Users\simon\AppData\Local\TempDIR\BetterInstaller.exe Verwijderd Riskware.Win32.Somoto!A2
C:\Program Files\Disney Interactive Studios\Cars 2\Game-Cars.exe Verwijderd Virus.Win32.Heur!IK

Verwijderd

Bestanden: 2
Sporen: 0
Cookies: 0

---------- Bericht toegevoegd om 16:07 ---------- Vorige bericht geplaatst om 16:06 ----------

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databaseversie: v2012.03.12.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
simon :: SIEMON-PC [administrator]

12-3-2012 15:46:53
mbam-log-2012-03-12 (15-46-53).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 364
Verstreken tijd: 16 seconde(n) [beindigd]

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

---------- Bericht toegevoegd om 16:08 ---------- Vorige bericht geplaatst om 16:07 ----------

De babylon toolbar is er nog steeds....
 

Abraham54

Administrator
Team lid
Babylon is niet zomaar weer weg, maar komt aan de beurt.

Download OTL naar je Bureaublad

OTL.com gebruiken:
  • Notabene: Sluit nu eerst alle nog openstaande programmavensters!
  • Het programma opstarten middels dubbelklikken op OTL.com.
  • Start verder geen andere programma's op en laat het programma ongestoord zijn werk doen.
  • Zet een vinkje bij Scan All Users.
  • Klik op de knop Quick Scan.
  • Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef.
  • De scan zal niet heel erg lang duren.
    • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is.
    • OTL.Txt en Extras.Txt. Deze twee tekstbestanden zijn opgeslagen in dezelfde locatie als OTL.
    • Ga naar DDRMMR's kleurcodeerder (Klik)
    • Kopieer en plak de inhoud van het OTL.Txt in het webvenster en klik op de knop 'Converteer'.
    • Kopieer en plak de inhoud van de kleurcodeerder in je aansluitende bericht.
    • Kopieer en plak tevens de inhoud van Extras.Txt in je aansluitende bericht.
  • OTL produceert behoorlijk grote logs, dus kan het gebeuren, dat je het log in twee of meerdere keren moet posten.
 

Siepe

Gevestigd lid
[hjt]
otl logfile created on: 3/12/2012 4:52:55 pm - run 1
otl by oldtimer - version 3.2.36.3 folder = c:\users\simon\downloads
ultimate edition service pack 1 (version = 6.1.7601) - type = ntworkstation
internet explorer (version = 8.0.7601.17514)
locale: 00000409 | country: netherlands | language: nld | date format: d-m-yyyy

3.25 gb total physical memory | 1.99 gb available physical memory | 61.32% memory free
6.50 gb paging file | 5.16 gb available in paging file | 79.45% paging file free
paging file location(s): ?:\pagefile.sys [binary data]

%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 931.51 gb total space | 771.98 gb free space | 82.87% space free | partition type: ntfs

computer name: siemon-pc | user name: simon | logged in as administrator.
boot mode: normal | scan mode: all users | quick scan
company name whitelist: on | skip microsoft files: on | no company name whitelist: on | file age = 30 days

========== processes (safelist) ==========

prc - [2012/03/12 16:52:19 | 000,594,944 | ---- | m] (oldtimer tools) -- c:\users\simon\downloads\otl.com
prc - [2012/02/03 20:28:56 | 000,350,208 | ---- | m] () -- c:\program files\sabnzbd\sabnzbd.exe
prc - [2012/01/23 05:43:08 | 000,247,728 | ---- | m] (tomtom) -- c:\program files\tomtom home 2\tomtomhomerunner.exe
prc - [2012/01/23 05:43:08 | 000,092,592 | ---- | m] (tomtom) -- c:\program files\tomtom home 2\tomtomhomeservice.exe
prc - [2012/01/03 14:10:42 | 000,063,928 | ---- | m] (adobe systems incorporated) -- c:\program files\common files\adobe\arm\1.0\armsvc.exe
prc - [2011/11/28 19:01:24 | 003,744,552 | ---- | m] (avast software) -- c:\program files\avast software\avast\avastui.exe
prc - [2011/11/03 19:25:09 | 002,358,656 | ---- | m] (teamviewer gmbh) -- c:\program files\teamviewer\version6\teamviewer_service.exe
prc - [2011/09/08 17:48:34 | 005,554,552 | ---- | m] (wacom technology, corp.) -- c:\program files\tablet\pen\pen_tablet.exe
prc - [2011/09/08 17:48:34 | 003,281,272 | ---- | m] (wacom technology, corp.) -- c:\program files\tablet\pen\pen_touchuser.exe
prc - [2011/09/08 17:48:34 | 001,485,176 | ---- | m] (wacom technology, corp.) -- c:\program files\tablet\pen\pen_tabletuser.exe
prc - [2011/09/08 17:48:34 | 000,451,960 | ---- | m] (wacom technology, corp.) -- c:\program files\tablet\pen\pen_touchservice.exe
prc - [2011/07/28 20:35:54 | 000,401,408 | ---- | m] (amd) -- c:\windows\system32\atieclxx.exe
prc - [2011/07/28 20:35:26 | 000,176,128 | ---- | m] (amd) -- c:\windows\system32\atiesrxx.exe
prc - [2011/06/24 05:22:20 | 000,271,360 | ---- | m] (microsoft corporation) -- c:\windows\system32\conhost.exe
prc - [2011/06/15 15:16:48 | 000,997,920 | ---- | m] (microsoft corporation) -- c:\program files\microsoft security client\msseces.exe
prc - [2011/05/24 10:33:30 | 001,840,128 | ---- | m] (magix ag) -- c:\program files\common files\magix services\database\bin\fabs.exe
prc - [2011/04/27 15:39:26 | 000,208,944 | ---- | m] (microsoft corporation) -- c:\program files\microsoft security client\antimalware\nissrv.exe
prc - [2011/04/27 15:39:26 | 000,011,736 | ---- | m] (microsoft corporation) -- c:\program files\microsoft security client\antimalware\msmpeng.exe
prc - [2011/02/25 06:30:54 | 002,616,320 | ---- | m] (microsoft corporation) -- c:\windows\explorer.exe
prc - [2010/11/20 13:17:47 | 000,049,152 | ---- | m] (microsoft corporation) -- c:\windows\system32\taskhost.exe
prc - [2009/12/21 11:27:26 | 002,893,824 | ---- | m] (inzone software limited) -- c:\program files\iprint\iprint.exe
prc - [2007/06/05 13:20:32 | 000,177,704 | ---- | m] () -- c:\windows\system32\psiservice.exe
prc - [2005/04/04 18:58:30 | 003,502,080 | ---- | m] () -- c:\program files\adobe\adobe version cue cs2\data\database\bin\mysqld-nt.exe
prc - [2005/04/04 18:58:30 | 000,856,064 | ---- | m] (adobe sytems incorporated) -- c:\program files\adobe\adobe version cue cs2\controlpanel\versioncuecs2tray.exe
prc - [2005/04/04 18:58:28 | 000,163,840 | ---- | m] (adobe systems incorporated) -- c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe
prc - [2002/12/20 16:18:40 | 000,200,704 | ---- | m] (fuji photo film co., ltd.) -- c:\program files\finepixviewer\quickdcf.exe


========== modules (no company name) ==========

mod - [2012/03/10 10:21:42 | 000,429,040 | ---- | m] () -- c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\ppgooglenaclpluginchrome.dll
mod - [2012/03/10 10:21:41 | 003,772,912 | ---- | m] () -- c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\pdf.dll
mod - [2012/03/10 10:20:28 | 000,527,344 | ---- | m] () -- c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\libglesv2.dll
mod - [2012/03/10 10:20:27 | 000,114,672 | ---- | m] () -- c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\libegl.dll
mod - [2012/03/10 10:20:17 | 000,122,880 | ---- | m] () -- c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\avutil-51.dll
mod - [2012/03/10 10:20:16 | 000,220,672 | ---- | m] () -- c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\avformat-53.dll
mod - [2012/03/10 10:20:15 | 001,747,456 | ---- | m] () -- c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\avcodec-53.dll
mod - [2012/03/10 06:56:11 | 008,593,056 | ---- | m] () -- c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\gcswf32.dll
mod - [2012/03/10 06:56:11 | 008,593,056 | ---- | m] () -- c:\users\simon\appdata\local\google\chrome\applic~1\170963~1.79\gcswf32.dll
mod - [2012/02/03 20:28:56 | 000,350,208 | ---- | m] () -- c:\program files\sabnzbd\sabnzbd.exe
mod - [2011/09/27 07:23:00 | 000,087,912 | ---- | m] () -- c:\program files\common files\apple\apple application support\zlib1.dll
mod - [2011/09/27 07:22:40 | 001,242,472 | ---- | m] () -- c:\program files\common files\apple\apple application support\libxml2.dll
mod - [2011/09/08 17:48:36 | 000,962,936 | ---- | m] () -- c:\program files\tablet\pen\libxml2.dll
mod - [2011/03/17 00:11:16 | 004,297,568 | ---- | m] () -- c:\program files\common files\microsoft shared\office14\cultures\office.odf
mod - [2010/11/01 17:52:28 | 000,057,344 | ---- | m] () -- c:\program files\sabnzbd\lib\openssl.crypto.pyd
mod - [2010/11/01 17:52:28 | 000,037,888 | ---- | m] () -- c:\program files\sabnzbd\lib\openssl.ssl.pyd
mod - [2010/11/01 17:52:28 | 000,007,168 | ---- | m] () -- c:\program files\sabnzbd\lib\openssl.rand.pyd
mod - [2010/10/08 03:37:34 | 000,546,205 | ---- | m] () -- c:\program files\sabnzbd\lib\sqlite3.dll
mod - [2010/01/31 16:14:32 | 000,118,784 | ---- | m] () -- c:\program files\sabnzbd\lib\pywintypes25.dll
mod - [2010/01/31 16:11:56 | 000,671,744 | ---- | m] () -- c:\program files\sabnzbd\lib\_ssl.pyd
mod - [2010/01/31 16:11:52 | 000,294,912 | ---- | m] () -- c:\program files\sabnzbd\lib\_hashlib.pyd
mod - [2010/01/31 16:11:52 | 000,135,168 | ---- | m] () -- c:\program files\sabnzbd\lib\pyexpat.pyd
mod - [2010/01/31 16:11:52 | 000,086,016 | ---- | m] () -- c:\program files\sabnzbd\lib\_ctypes.pyd
mod - [2010/01/31 16:11:52 | 000,053,248 | ---- | m] () -- c:\program files\sabnzbd\lib\_socket.pyd
mod - [2010/01/31 16:11:52 | 000,049,152 | ---- | m] () -- c:\program files\sabnzbd\lib\_sqlite3.pyd
mod - [2010/01/31 16:11:52 | 000,008,192 | ---- | m] () -- c:\program files\sabnzbd\lib\select.pyd
mod - [2010/01/31 15:56:20 | 000,024,576 | ---- | m] () -- c:\program files\sabnzbd\lib\servicemanager.pyd
mod - [2010/01/31 15:56:12 | 000,102,400 | ---- | m] () -- c:\program files\sabnzbd\lib\win32api.pyd
mod - [2010/01/31 15:56:04 | 000,036,864 | ---- | m] () -- c:\program files\sabnzbd\lib\win32service.pyd
mod - [2010/01/31 15:54:18 | 000,040,960 | ---- | m] () -- c:\program files\sabnzbd\lib\win32process.pyd
mod - [2010/01/31 15:54:16 | 000,019,968 | ---- | m] () -- c:\program files\sabnzbd\lib\win32pipe.pyd
mod - [2010/01/31 15:54:06 | 000,014,848 | ---- | m] () -- c:\program files\sabnzbd\lib\win32evtlog.pyd
mod - [2010/01/31 15:54:04 | 000,110,592 | ---- | m] () -- c:\program files\sabnzbd\lib\win32file.pyd
mod - [2010/01/31 15:54:04 | 000,013,824 | ---- | m] () -- c:\program files\sabnzbd\lib\win32event.pyd
mod - [2009/03/03 18:21:18 | 000,012,288 | ---- | m] () -- c:\program files\sabnzbd\lib\cheetah._namemapper.pyd
mod - [2006/08/12 16:47:52 | 000,009,728 | ---- | m] () -- c:\program files\sabnzbd\lib\_yenc.pyd


========== win32 services (safelist) ==========

srv - file not found [disabled | unknown] -- -- (avast! firewall)
srv - [2012/02/19 17:33:50 | 000,655,624 | ---- | m] (acresso software inc.) [on_demand | stopped] -- c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe -- (flexnet licensing service)
srv - [2012/01/23 05:43:08 | 000,092,592 | ---- | m] (tomtom) [auto | running] -- c:\program files\tomtom home 2\tomtomhomeservice.exe -- (tomtomhomeservice)
srv - [2012/01/03 14:10:42 | 000,063,928 | ---- | m] (adobe systems incorporated) [auto | running] -- c:\program files\common files\adobe\arm\1.0\armsvc.exe -- (adobearmservice)
srv - [2011/11/28 19:01:23 | 000,044,768 | ---- | m] (avast software) [auto | stopped] -- c:\program files\avast software\avast\avastsvc.exe -- (avast! antivirus)
srv - [2011/11/11 19:21:30 | 001,343,400 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\wat\watadminsvc.exe -- (watadminsvc)
srv - [2011/11/03 19:25:09 | 002,358,656 | ---- | m] (teamviewer gmbh) [auto | running] -- c:\program files\teamviewer\version6\teamviewer_service.exe -- (teamviewer6)
srv - [2011/09/08 17:48:34 | 005,554,552 | ---- | m] (wacom technology, corp.) [auto | running] -- c:\program files\tablet\pen\pen_tablet.exe -- (tabletservicepen)
srv - [2011/09/08 17:48:34 | 000,451,960 | ---- | m] (wacom technology, corp.) [auto | running] -- c:\program files\tablet\pen\pen_touchservice.exe -- (touchservicepen)
srv - [2011/07/28 20:35:26 | 000,176,128 | ---- | m] (amd) [auto | running] -- c:\windows\system32\atiesrxx.exe -- (amd external events utility)
srv - [2011/06/12 11:15:00 | 031,125,880 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\program files\microsoft office\office14\groove.exe -- (microsoft sharepoint workspace audit service)
srv - [2011/05/24 10:33:30 | 001,840,128 | ---- | m] (magix ag) [auto | running] -- c:\program files\common files\magix services\database\bin\fabs.exe -- (fabs)
srv - [2011/04/27 15:39:26 | 000,208,944 | ---- | m] (microsoft corporation) [on_demand | running] -- c:\program files\microsoft security client\antimalware\nissrv.exe -- (nissrv)
srv - [2011/04/27 15:39:26 | 000,011,736 | ---- | m] (microsoft corporation) [auto | running] -- c:\program files\microsoft security client\antimalware\msmpeng.exe -- (msmpsvc)
srv - [2011/04/26 13:54:12 | 002,702,848 | ---- | m] (magix) [on_demand | stopped] -- c:\program files\common files\magix services\database\bin\fbserver.exe -- (firebirdservermagixinstance)
srv - [2009/07/14 02:16:13 | 000,025,088 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\sensrsvc.dll -- (sensrsvc)
srv - [2009/07/14 02:16:12 | 001,004,544 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\peerdistsvc.dll -- (peerdistsvc)
srv - [2009/07/14 02:15:41 | 000,680,960 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\program files\windows defender\mpsvc.dll -- (windefend)
srv - [2007/06/05 13:20:32 | 000,177,704 | ---- | m] () [auto | start_pending] -- c:\windows\system32\psiservice.exe -- (protexislicensing)
srv - [2005/04/04 18:58:28 | 000,163,840 | ---- | m] (adobe systems incorporated) [auto | running] -- c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe -- (adobe version cue cs2)


========== driver services (safelist) ==========

drv - file not found [kernel | on_demand | stopped] -- -- (vgpu)
drv - file not found [kernel | on_demand | stopped] -- -- (tsusbhub)
drv - file not found [kernel | on_demand | stopped] -- -- (synth3dvsc)
drv - file not found [kernel | on_demand | unknown] -- -- (mbr)
drv - file not found [kernel | auto | stopped] -- -- (adfs)
drv - [2011/11/28 18:53:53 | 000,435,032 | ---- | m] (avast software) [file_system | system | running] -- c:\windows\system32\drivers\aswsnx.sys -- (aswsnx)
drv - [2011/11/28 18:53:35 | 000,314,456 | ---- | m] (avast software) [kernel | system | running] -- c:\windows\system32\drivers\aswsp.sys -- (aswsp)
drv - [2011/11/28 18:52:19 | 000,034,392 | ---- | m] (avast software) [kernel | system | running] -- c:\windows\system32\drivers\aswrdr.sys -- (aswrdr)
drv - [2011/11/28 18:52:16 | 000,052,952 | ---- | m] (avast software) [kernel | system | running] -- c:\windows\system32\drivers\aswtdi.sys -- (aswtdi)
drv - [2011/11/28 18:52:07 | 000,055,128 | ---- | m] (avast software) [file_system | auto | running] -- c:\windows\system32\drivers\aswmonflt.sys -- (aswmonflt)
drv - [2011/11/28 18:51:50 | 000,020,568 | ---- | m] (avast software) [file_system | auto | running] -- c:\windows\system32\drivers\aswfsblk.sys -- (aswfsblk)
drv - [2011/09/08 17:49:36 | 000,010,752 | ---- | m] (wacom technology) [kernel | on_demand | running] -- c:\windows\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
drv - [2011/09/08 17:49:26 | 000,011,312 | ---- | m] (wacom technology) [kernel | on_demand | running] -- c:\windows\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
drv - [2011/09/08 17:49:24 | 000,014,120 | ---- | m] (wacom technology) [kernel | on_demand | running] -- c:\windows\system32\drivers\wacomvhid.sys -- (wacomvhid)
drv - [2011/07/28 21:22:06 | 008,396,800 | ---- | m] (ati technologies inc.) [kernel | on_demand | running] -- c:\windows\system32\drivers\atikmdag.sys -- (amdkmdag)
drv - [2011/07/28 19:53:48 | 000,247,296 | ---- | m] (advanced micro devices, inc.) [kernel | on_demand | running] -- c:\windows\system32\drivers\atikmpag.sys -- (amdkmdap)
drv - [2011/04/27 15:25:24 | 000,065,024 | ---- | m] (microsoft corporation) [kernel | on_demand | running] -- c:\windows\system32\drivers\nisdrvwfp.sys -- (nisdrv)
drv - [2011/04/18 13:18:50 | 000,043,392 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\mpnwmon.sys -- (mpnwmon)
drv - [2011/03/18 17:08:54 | 000,025,240 | ---- | m] (almico software) [kernel | boot | running] -- c:\windows\system32\speedfan.sys -- (speedfan)
drv - [2010/11/20 13:30:15 | 000,175,360 | ---- | m] (microsoft corporation) [kernel | boot | running] -- c:\windows\system32\drivers\vmbus.sys -- (vmbus)
drv - [2010/11/20 13:30:15 | 000,040,704 | ---- | m] (microsoft corporation) [kernel | boot | running] -- c:\windows\system32\drivers\vmstorfl.sys -- (storflt)
drv - [2010/11/20 13:30:15 | 000,028,032 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\storvsc.sys -- (storvsc)
drv - [2010/11/20 11:24:41 | 000,052,224 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\tsusbflt.sys -- (tsusbflt)
drv - [2010/11/20 11:21:14 | 000,015,872 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\rdpvideominiport.sys -- (rdpvideominiport)
drv - [2010/11/20 10:14:45 | 000,017,920 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\vmbushid.sys -- (vmbushid)
drv - [2010/11/20 10:14:41 | 000,005,632 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\vms3cap.sys -- (s3cap)
drv - [2010/10/21 09:45:18 | 000,025,216 | ---- | m] (lg electronics inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\lgusbmodem.sys -- (usbmodem)
drv - [2010/10/21 09:45:16 | 000,020,864 | ---- | m] (lg electronics inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\lgusbdiag.sys -- (usbdiag)
drv - [2010/10/21 09:45:16 | 000,013,056 | ---- | m] (lg electronics inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\lgusbbus.sys -- (usbbus)
drv - [2010/05/12 12:23:04 | 000,016,896 | ---- | m] (danish wireless design a/s) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\flashusb.sys -- (flashusb)
drv - [2009/09/29 08:11:22 | 000,012,160 | ---- | m] (lg electronics inc.) [kernel | on_demand | running] -- c:\windows\system32\drivers\lgbtport.sys -- (lgbttport)
drv - [2009/09/29 08:11:20 | 000,012,928 | ---- | m] (lg electronics inc.) [kernel | on_demand | running] -- c:\windows\system32\drivers\lgvmodem.sys -- (lgvmodem)
drv - [2009/09/29 08:11:20 | 000,010,496 | ---- | m] (lg electronics inc.) [kernel | on_demand | running] -- c:\windows\system32\drivers\lgbtbus.sys -- (lgbusenum)
drv - [2009/07/13 23:02:47 | 000,050,688 | ---- | m] (atheros communications, inc.) [kernel | on_demand | running] -- c:\windows\system32\drivers\l1c62x86.sys -- (l1c) ndis miniport driver for atheros ar8131/ar8132 pci-e ethernet controller (ndis 6.20)
drv - [2009/04/29 15:37:26 | 000,025,088 | ---- | m] (windows (r) codename longhorn ddk provider) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\kmwdfilter.sys -- (kmwdfilterx86)
drv - [1996/04/03 20:33:26 | 000,005,248 | ---- | m] () [kernel | boot | running] -- c:\windows\system32\giveio.sys -- (giveio)


========== standard registry (safelist) ==========


========== internet explorer ==========

ie - hklm\..\searchscopes,defaultscope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
ie - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = [noparse]http://www.bing.com/search?q={searchterms}&form=ie8src[/noparse]
ie - hklm\..\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "url" = [noparse]http://search.conduit.com/resultsext.aspx?q={searchterms}&searchsource=4&ctid=ct2481029[/noparse]


ie - hku\.default\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0

ie - hku\s-1-5-18\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0



ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\software\microsoft\internet explorer\main,start page = [noparse]http://www.msn.com/[/noparse]
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\software\microsoft\internet explorer\main,start page redirect cache = [noparse]http://nl.msn.com/?ocid=iehp[/noparse]
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\software\microsoft\internet explorer\main,start page redirect cache acceptlangs = nl
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\software\microsoft\internet explorer\main,start page redirect cache_timestamp = 32 94 52 75 a7 a0 cc 01 [binary data]
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\urlsearchhook: {0734d757-fea6-4637-a7e4-2bd40a7fd8da} - no clsid value found
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\searchscopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = [noparse]http://www.bing.com/search?q={searchterms}&src=ie-searchbox&form=ie8src[/noparse]
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}: "url" = [noparse]http://search.babylon.com/web/{searchterms}?babsrc=sp_ss&affid=110482&mntrid=4c57bd8f0000000000008c89a553eaef[/noparse]
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\searchscopes\{ad22ebaf-0d18-4fc7-90cc-5ea0abbe9eb8}: "url" = [noparse]http://www.daemon-search.com/search?q={searchterms}[/noparse]
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "url" = [noparse]http://search.conduit.com/resultsext.aspx?q={searchterms}&searchsource=4&ctid=ct2481029[/noparse]
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = *.local

========== firefox ==========

ff - prefs.js..extensions.enableditems: mapshare-status@tomtom.com:1.7.1
ff - prefs.js..extensions.enableditems: basetheme@tomtom.com:1.0.2

ff - hklm\software\mozillaplugins\@adobe.com/flashplayer: c:\windows\system32\macromed\flash\npswf32.dll ()
ff - hklm\software\mozillaplugins\@adobe.com/shockwaveplayer: c:\windows\system32\adobe\director\np32dsw.dll (adobe systems, inc.)
ff - hklm\software\mozillaplugins\@apple.com/itunes,version=: file not found
ff - hklm\software\mozillaplugins\@apple.com/itunes,version=1.0: c:\program files\itunes\mozilla plugins\npitunes.dll ()
ff - hklm\software\mozillaplugins\@java.com/javaplugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll (sun microsystems, inc.)
ff - hklm\software\mozillaplugins\@microsoft.com/genuine: disabled file not found
ff - hklm\software\mozillaplugins\@microsoft.com/npctrl,version=1.0: c:\program files\microsoft silverlight\4.1.10111.0\npctrl.dll ( microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/officeauthz,version=14.0: c:\progra~1\mif5ba~1\office14\npauthz.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/sharepoint,version=14.0: c:\progra~1\mif5ba~1\office14\npspwrap.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/wlpg,version=15.4.3502.0922: c:\program files\windows live\photo gallery\npwlpg.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/wlpg,version=15.4.3538.0513: c:\program files\windows live\photo gallery\npwlpg.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@wacom.com/wacom-plugin,version=1.1.0.10: c:\program files\tabletplugins\npwacom.dll (wacom, inc.)
ff - hklm\software\mozillaplugins\@wacom.com/wtplugin,version=2.0.0.1: c:\program files\tabletplugins\npwacomtabletplugin.dll (wacom)
ff - hklm\software\mozillaplugins\adobe reader: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll (adobe systems inc.)
ff - hkcu\software\mozillaplugins\@tools.google.com/google update;version=3: c:\users\simon\appdata\local\google\update\1.3.21.99\npgoogleupdate3.dll (google inc.)
ff - hkcu\software\mozillaplugins\@tools.google.com/google update;version=9: c:\users\simon\appdata\local\google\update\1.3.21.99\npgoogleupdate3.dll (google inc.)
ff - hkcu\software\mozillaplugins\wacom.com/wacomtabletplugin: c:\program files\tabletplugins\npwacomtabletplugin.dll (wacom)

ff - hkey_local_machine\software\mozilla\firefox\extensions\\smartwebprinting@hp.com: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3 [2011/11/13 13:51:24 | 000,000,000 | ---d | m]
ff - hkey_current_user\software\mozilla\firefox\extensions\\smartwebprinting@hp.com: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3 [2011/11/13 13:51:24 | 000,000,000 | ---d | m]

[2012/03/05 18:13:12 | 000,000,000 | ---d | m] (no name found) -- c:\users\simon\appdata\roaming\mozilla\extensions
[2012/03/05 18:13:12 | 000,000,000 | ---d | m] (no name found) -- c:\users\simon\appdata\roaming\mozilla\extensions\home2@tomtom.com
[2012/03/05 18:12:58 | 000,000,000 | ---d | m] (map status indicator) -- c:\program files\tomtom home 2\xul\extensions\mapshare-status@tomtom.com

========== chrome ==========

chr - default_search_provider: google (enabled)
chr - default_search_provider: search_url = {google:baseurl}search?{google:rlz}{google:acceptedsuggestion}{google:eek:riginalqueryforsuggestion}{google:searchfieldtrialparameter}{google:instantfieldtrialgroupparameter}sourceid=chrome&ie={inputencoding}&q={searchterms}
chr - default_search_provider: suggest_url = {google:basesuggesturl}search?{google:searchfieldtrialparameter}{google:instantfieldtrialgroupparameter}client=chrome&hl={language}&q={searchterms}
chr - plugin: shockwave flash (disabled) = c:\users\simon\appdata\local\google\chrome\user data\pepperflash\11.1.31.203\pepflashplayer.dll
chr - plugin: shockwave flash (enabled) = c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\gcswf32.dll
chr - plugin: shockwave flash (enabled) = c:\windows\system32\macromed\flash\npswf32.dll
chr - plugin: remoting viewer (enabled) = internal-remoting-viewer
chr - plugin: native client (enabled) = c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\ppgooglenaclpluginchrome.dll
chr - plugin: chrome pdf viewer (enabled) = c:\users\simon\appdata\local\google\chrome\application\17.0.963.79\pdf.dll
chr - plugin: adobe acrobat (enabled) = c:\program files\adobe\reader 10.0\reader\browser\nppdf32.dll
chr - plugin: java deployment toolkit 6.0.300.12 (enabled) = c:\program files\java\jre6\bin\new_plugin\npdeployjava1.dll
chr - plugin: java(tm) platform se 6 u30 (enabled) = c:\program files\java\jre6\bin\new_plugin\npjp2.dll
chr - plugin: quicktime plug-in 7.7.1 (enabled) = c:\program files\quicktime\plugins\npqtplugin.dll
chr - plugin: quicktime plug-in 7.7.1 (enabled) = c:\program files\quicktime\plugins\npqtplugin2.dll
chr - plugin: quicktime plug-in 7.7.1 (enabled) = c:\program files\quicktime\plugins\npqtplugin3.dll
chr - plugin: quicktime plug-in 7.7.1 (enabled) = c:\program files\quicktime\plugins\npqtplugin4.dll
chr - plugin: quicktime plug-in 7.7.1 (enabled) = c:\program files\quicktime\plugins\npqtplugin5.dll
chr - plugin: quicktime plug-in 7.7.1 (enabled) = c:\program files\quicktime\plugins\npqtplugin6.dll
chr - plugin: quicktime plug-in 7.7.1 (enabled) = c:\program files\quicktime\plugins\npqtplugin7.dll
chr - plugin: microsoft office 2010 (enabled) = c:\progra~1\mif5ba~1\office14\npauthz.dll
chr - plugin: microsoft office 2010 (enabled) = c:\progra~1\mif5ba~1\office14\npspwrap.dll
chr - plugin: silverlight plug-in (enabled) = c:\program files\microsoft silverlight\4.1.10111.0\npctrl.dll
chr - plugin: wacomtabletplugin (enabled) = c:\program files\tabletplugins\npwacomtabletplugin.dll
chr - plugin: wacom dynamic link library (enabled) = c:\program files\tabletplugins\npwacom.dll
chr - plugin: windows live\u0099 photo gallery (enabled) = c:\program files\windows live\photo gallery\npwlpg.dll
chr - plugin: itunes application detector (enabled) = c:\program files\itunes\mozilla plugins\npitunes.dll
chr - plugin: google update (enabled) = c:\users\simon\appdata\local\google\update\1.3.21.99\npgoogleupdate3.dll
chr - plugin: shockwave for director (enabled) = c:\windows\system32\adobe\director\np32dsw.dll
chr - plugin: default plug-in (enabled) = default_plugin
chr - extension: youtube = c:\users\simon\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
chr - extension: google zoeken = c:\users\simon\appdata\local\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
chr - extension: gmail = c:\users\simon\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

o1 hosts file: ([2009/06/10 22:39:37 | 000,000,824 | ---- | m]) - c:\windows\system32\drivers\etc\hosts

o2 - bho: (groove gfs browser helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office14\grooveex.dll (microsoft corporation)
o2 - bho: (java(tm) plug-in ssv helper) - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll (sun microsystems, inc.)
o2 - bho: (avast! webrep) - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll (avast software)
o2 - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program files\microsoft office\office14\urlredir.dll (microsoft corporation)
o3 - hklm\..\toolbar: (avast! webrep) - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswwebrepie.dll (avast software)
o3 - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\toolbar\webbrowser: (no name) - {32099aac-c132-4136-9e9a-4e364a424e17} - no clsid value found.
o3 - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\toolbar\webbrowser: (no name) - {47833539-d0c5-4125-9fa8-0819e2eaac93} - no clsid value found.
o4 - hklm..\run: [adobe version cue cs2] c:\program files\adobe\adobe version cue cs2\controlpanel\versioncuecs2tray.exe (adobe sytems incorporated)
o4 - hklm..\run: [adobeaamupdater-1.0] c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe (adobe systems incorporated)
o4 - hklm..\run: [adobecs4servicemanager] c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe (adobe systems incorporated)
o4 - hklm..\run: [adobecs5servicemanager] c:\program files\common files\adobe\cs5servicemanager\cs5servicemanager.exe (adobe systems incorporated)
o4 - hklm..\run: [apsdaemon] c:\program files\common files\apple\apple application support\apsdaemon.exe (apple inc.)
o4 - hklm..\run: [avast] c:\program files\avast software\avast\avastui.exe (avast software)
o4 - hklm..\run: [b2c_agent] c:\programdata\lgmobileax\b2c_client\b2cnotiagent.exe (lg electronics)
o4 - hklm..\run: [bcssync] c:\program files\microsoft office\office14\bcssync.exe (microsoft corporation)
o4 - hklm..\run: [corel photo downloader] c:\program files\common files\corel\corel photodownloader\corel photo downloader.exe (corel, inc.)
o4 - hklm..\run: [msc] c:\program files\microsoft security client\msseces.exe (microsoft corporation)
o4 - hklm..\run: [regshave] c:\program files\regshave\regshave.exe /autorun file not found
o4 - hku\s-1-5-21-4278516006-821579388-3930517617-1000..\run: [adobebridge] c:\program files\adobe\adobe bridge cs4\bridge.exe -stealth file not found
o4 - hku\s-1-5-21-4278516006-821579388-3930517617-1000..\run: [tomtomhome.exe] c:\program files\tomtom home 2\tomtomhomerunner.exe (tomtom)
o4 - hku\s-1-5-21-4278516006-821579388-3930517617-1000..\run: [windows security system] c:\users\simon\downloads\adobe indesign cs55\adobe indesign cs5.5.exe file not found
o4 - hku\s-1-5-19..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o4 - hku\s-1-5-20..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o4 - startup: c:\users\simon\appdata\roaming\microsoft\windows\start menu\programs\startup\sabnzbd.lnk = c:\program files\sabnzbd\sabnzbd.exe ()
o6 - hklm\software\microsoft\windows\currentversion\policies\system: consentpromptbehavioradmin = 5
o6 - hklm\software\microsoft\windows\currentversion\policies\system: consentpromptbehavioruser = 3
o8 - extra context menu item: &verzenden naar onenote - c:\program files\microsoft office\office14\onbttnie.dll (microsoft corporation)
o8 - extra context menu item: e&xporteren naar microsoft excel - c:\program files\microsoft office\office14\excel.exe (microsoft corporation)
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files\microsoft office\office14\onbttnie.dll (microsoft corporation)
o9 - extra 'tools' menuitem : &verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files\microsoft office\office14\onbttnie.dll (microsoft corporation)
o9 - extra button: &gekoppelde notities van onenote - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\program files\microsoft office\office14\onbttnielinkednotes.dll (microsoft corporation)
o9 - extra 'tools' menuitem : &gekoppelde notities van onenote - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\program files\microsoft office\office14\onbttnielinkednotes.dll (microsoft corporation)
o10 - namespace_catalog5\catalog_entries\000000000007 [] - c:\program files\bonjour\mdnsnsp.dll (apple inc.)
o13 - gopher prefix: missing
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab[/noparse] (java plug-in 1.6.0_30)
o16 - dpf: {cafeefac-0016-0000-0030-abcdeffedcba} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab[/noparse] (java plug-in 1.6.0_30)
o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab[/noparse] (java plug-in 1.6.0_30)
o17 - hklm\system\ccs\services\tcpip\parameters: dhcpnameserver = 192.168.0.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{c95d0997-feba-40f5-9020-01e9300a9bc7}: dhcpnameserver = 192.168.0.1
o20 - hklm winlogon: shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
o20 - hklm winlogon: userinit - (c:\windows\system32\userinit.exe) - c:\windows\system32\userinit.exe (microsoft corporation)
o20 - hklm winlogon: vmapplet - (systempropertiesperformance.exe) - c:\windows\system32\systempropertiesperformance.exe (microsoft corporation)
o20 - hklm winlogon: vmapplet - (/pagefile) - file not found
o21 - ssodl: webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
o28 - hklm shellexecutehooks: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office14\grooveex.dll (microsoft corporation)
o32 - hklm cdrom: autorun - 1
o32 - autorun file - [2009/06/10 22:42:20 | 000,000,024 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
o33 - mountpoints2\{94a06f64-44de-11e1-99af-8c89a553eaef}\shell - "" = autorun
o33 - mountpoints2\{94a06f64-44de-11e1-99af-8c89a553eaef}\shell\autorun\command - "" = g:\usbautorun.exe
o33 - mountpoints2\{cc63a1c4-0ca5-11e1-96d3-8c89a553eaef}\shell - "" = autorun
o33 - mountpoints2\{cc63a1c4-0ca5-11e1-96d3-8c89a553eaef}\shell\autorun\command - "" = e:\autoplay.exe -auto
o34 - hklm bootexecute: (autocheck autochk *)
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*
[/hjt]
 

Siepe

Gevestigd lid
[hjt]
========== files/folders - created within 30 days ==========

[2012/03/12 09:39:48 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\gena01
[2012/03/12 08:48:38 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\babylon
[2012/03/12 08:48:38 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\babylon
[2012/03/12 08:48:38 | 000,000,000 | ---d | c] -- c:\programdata\babylon
[2012/03/12 07:23:04 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\com.adobe.downloadassistant.adobedownloadassistant
[2012/03/12 07:22:30 | 000,000,000 | ---d | c] -- c:\program files\adobe download assistant
[2012/03/12 06:37:17 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{185467d2-3a2c-4e58-96b6-1e48491e2fe0}
[2012/03/12 06:37:05 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{764e21df-a760-45fc-931e-45a93e2fdcf6}
[2012/03/11 07:48:06 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{18c12077-4a18-42ef-9f41-c259c2147647}
[2012/03/11 07:47:55 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{4d5b8494-500e-4ca6-8b8b-d921b3b67a54}
[2012/03/10 19:49:15 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\microsoft\windows\start menu\programs\google chrome
[2012/03/10 19:31:46 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{e64c1b61-ffc9-4b3a-b177-6931c83d59f0}
[2012/03/10 09:11:15 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{51d122b3-41e6-45e1-9efd-cfb5065e219f}
[2012/03/10 09:10:44 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{fe1da3a0-a77c-4059-8bf3-d0b7670f9564}
[2012/03/09 18:47:10 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{a9bd9302-0b26-41f5-bd4c-15c78171052a}
[2012/03/09 18:46:59 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{c38947af-297c-49f1-bb4a-4b59489a44bd}
[2012/03/09 06:46:33 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{be8ca282-f23d-4c82-9c55-76a1c9bc49b7}
[2012/03/09 06:46:22 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{d773da7d-644a-48f2-987e-5c5302ecb647}
[2012/03/08 23:26:17 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\avg2012
[2012/03/08 23:19:22 | 000,000,000 | -h-d | c] -- c:\programdata\common files
[2012/03/08 23:18:49 | 000,000,000 | ---d | c] -- c:\programdata\avg2012
[2012/03/08 23:17:47 | 000,000,000 | ---d | c] -- c:\program files\avg
[2012/03/08 23:10:30 | 000,000,000 | ---d | c] -- c:\programdata\mfadata
[2012/03/08 18:45:56 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{04a445b6-6faa-422b-b392-6c83936c707b}
[2012/03/08 18:45:46 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{3e70acf5-32eb-40da-ba92-ed36c594d733}
[2012/03/08 06:45:19 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{0fe2bbd9-2373-42f2-9238-f0baa0109a4d}
[2012/03/08 06:45:06 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{0c71f95e-8596-4432-ab78-26af056063ff}
[2012/03/07 22:51:42 | 000,000,000 | ---d | c] -- c:\users\simon\documents\adobe
[2012/03/07 19:45:47 | 000,000,000 | ---d | c] -- c:\users\simon\documents\flash
[2012/03/07 13:32:58 | 000,000,000 | ---d | c] -- c:\programdata\alm
[2012/03/07 12:09:17 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\chc.4875e02d9fb21ee389f73b8d1702b320485df8ce.1
[2012/03/07 10:34:21 | 000,000,000 | ---d | c] -- c:\programdata\tarma installer
[2012/03/07 10:34:15 | 000,000,000 | ---d | c] -- c:\program files\fbphotozoom
[2012/03/07 10:22:24 | 000,000,000 | ---d | c] -- c:\programdata\premium
[2012/03/07 10:22:23 | 000,000,000 | ---d | c] -- c:\programdata\thebflix
[2012/03/07 10:21:16 | 000,000,000 | ---d | c] -- c:\programdata\installmate
[2012/03/07 09:51:35 | 000,000,000 | ---d | c] -- c:\users\simon\documents\usenet.nl
[2012/03/07 07:18:33 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{72808d7f-e45f-4000-8aa5-976776bbb63c}
[2012/03/07 07:18:21 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{1fb4babe-6c90-406e-a178-33f8cac353da}
[2012/03/06 08:08:10 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{a01be137-b817-4b2c-8980-4f419942bb72}
[2012/03/06 08:07:55 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{b9df804b-20b7-4747-a56e-fe435e8fdaa5}
[2012/03/05 18:37:30 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{cbefc159-1f49-4c80-8b3d-0335817f9534}
[2012/03/05 18:13:28 | 000,000,000 | ---d | c] -- c:\users\simon\documents\tomtom
[2012/03/05 18:13:27 | 000,000,000 | ---d | c] -- c:\programdata\tomtom
[2012/03/05 18:13:11 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\tomtom
[2012/03/05 18:13:11 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\tomtom
[2012/03/05 18:13:11 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\mozilla
[2012/03/05 18:13:10 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\tomtom
[2012/03/05 18:13:05 | 000,000,000 | ---d | c] -- c:\program files\tomtom international b.v
[2012/03/05 18:12:53 | 000,000,000 | ---d | c] -- c:\program files\tomtom home 2
[2012/03/05 06:37:08 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{a53e6285-3f43-45f1-9924-2a63924f27ac}
[2012/03/05 06:36:56 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{bad34ec6-0ded-4daa-a88f-694765234314}
[2012/03/04 11:11:42 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{04317c03-fe2d-4cac-b722-244e806d7af4}
[2012/03/04 11:11:27 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{69e7bfb9-b96b-4894-9981-16123fa39b6d}
[2012/03/03 11:10:24 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{dbbead0b-b856-4bfc-8835-c807ccf9a501}
[2012/03/03 11:10:13 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{65f8c696-0cdb-4d69-844b-3e0867f0512c}
[2012/03/02 12:00:30 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{f92c6b40-25c3-4760-bebe-497f5d1110ec}
[2012/03/02 12:00:17 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{08b0b296-e0d3-4d6b-88a0-f0b4cf3c9435}
[2012/03/01 09:54:52 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{11b28918-8e4e-45e3-b603-cf04d1acba4e}
[2012/03/01 09:54:39 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{ac7ef9ea-1467-48cc-a578-e9ffbdc240ff}
[2012/02/29 19:51:30 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{9d9f910f-8e37-438e-bae4-269c54aed28e}
[2012/02/29 19:51:18 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{e14faae7-7db3-4357-b799-b123bdff270b}
[2012/02/29 07:13:21 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{391b6b22-21f7-4059-930a-dabe283bee34}
[2012/02/29 07:13:10 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{f75d66ef-b8e7-4375-8e89-f11887553bdb}
[2012/02/28 19:01:06 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{f2baa404-ddb9-4eaf-9e08-196d6e0d1282}
[2012/02/28 19:00:56 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{157a0faa-c2e7-4c98-9175-ca367f2b75cb}
[2012/02/28 07:00:30 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{f5da45c1-8901-4766-93e7-933bcfc7dd91}
[2012/02/28 07:00:18 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{499d642f-258c-42ba-877a-572fd4a46d18}
[2012/02/27 18:53:19 | 000,000,000 | ---d | c] -- c:\program files\videolan
[2012/02/27 11:25:35 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{cb61854f-6a42-48c6-8018-5c54b8157dab}
[2012/02/27 11:25:23 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{da591638-1ddb-4b65-b24d-03d5f8b1ccf6}
[2012/02/26 19:11:27 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{af792dfb-8362-47cf-a74a-67f9686b8c22}
[2012/02/26 19:11:14 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{e2927b7b-c118-43db-968d-a6968ba8ec60}
[2012/02/25 23:15:48 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{1ead9211-e36a-43ef-a779-b2646b7f4c9c}
[2012/02/25 23:15:37 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{53bdc236-cffa-44c2-b9c2-11e26c815510}
[2012/02/25 22:46:22 | 000,000,000 | ---d | c] -- c:\program files\google
[2012/02/25 20:52:56 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{f8e3e4ed-ff29-49ea-b3a6-863a6536ef1e}
[2012/02/25 20:52:45 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{70957f1a-6888-4d81-9174-1550503ab32f}
[2012/02/25 09:52:34 | 000,000,000 | ---d | c] -- c:\users\simon\documents\video_out
[2012/02/25 09:51:29 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\media player utilities 4.39
[2012/02/25 09:51:08 | 000,000,000 | ---d | c] -- c:\program files\media player utilities 4.39
[2012/02/25 08:40:32 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{a2a7a40b-ebfd-4b14-bcb5-be820c0160cf}
[2012/02/25 08:40:22 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{e2a74833-c171-4dea-8749-ab0c69c0f00c}
[2012/02/24 20:39:56 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{8c7bddd6-6297-4cac-8485-f8266ece3458}
[2012/02/24 20:39:46 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{e3a921d6-5c1d-499f-9881-2ed5396b6878}
[2012/02/24 11:15:32 | 000,000,000 | ---d | c] -- c:\programdata\regid.1986-12.com.adobe
[2012/02/24 11:11:46 | 000,000,000 | ---d | c] -- c:\program files\common files\adobe air
[2012/02/24 10:49:58 | 000,000,000 | ---d | c] -- c:\users\simon\desktop\adobe cs5
[2012/02/24 08:39:20 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{78692c74-ebc3-486b-98a3-0edd0bf382e0}
[2012/02/24 08:39:09 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{860c520c-ac97-4e8a-8b18-a86a3d893795}
[2012/02/23 20:38:44 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{317bd8fe-14af-4001-b86c-8085ed3afe51}
[2012/02/23 08:38:17 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{45d4d396-6707-49f2-afdb-99685507b81d}
[2012/02/23 08:37:26 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{870d559c-e99e-4da5-b89f-4d5df0bffaa1}
[2012/02/22 20:27:25 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{3d053777-7d57-440e-81f1-5c6bcf8ceb50}
[2012/02/22 08:26:57 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{28c86741-931d-49b8-9d9c-b0cd33afc687}
[2012/02/22 08:26:39 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{70958e50-b37d-4b7b-9e89-75146b4dd64b}
[2012/02/21 19:36:49 | 000,000,000 | ---d | c] -- c:\users\simon\library
[2012/02/21 19:36:49 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\com.adobe.exman
[2012/02/21 19:12:38 | 000,000,000 | ---d | c] -- c:\program files\adobe media player
[2012/02/21 10:14:31 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{e9abb873-7534-4113-b78f-8f97eed0c870}
[2012/02/21 10:14:20 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{156f85bb-8607-4bbf-8811-e0e861e83c43}
[2012/02/21 09:33:31 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\opera
[2012/02/20 22:13:54 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{1a5a003e-31f8-4c6f-a916-9fcf92f26da4}
[2012/02/20 11:58:26 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\adobeum
[2012/02/20 11:57:26 | 000,000,000 | ---d | c] -- c:\users\simon\documents\adobestockphotos
[2012/02/20 11:25:32 | 000,000,000 | ---d | c] -- c:\users\simon\documents\new site
[2012/02/20 10:13:30 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{41c81a35-dbee-4c1c-a39b-f16b0d947d51}
[2012/02/20 10:13:19 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{917b58d3-416a-44a3-9f9a-fa4d43eb66f1}
[2012/02/20 09:32:11 | 000,000,000 | ---d | c] -- c:\users\simon\documents\siemon haaima
[2012/02/19 22:12:53 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{9fb68b66-371c-48c0-b362-36edfd642ede}
[2012/02/19 17:58:39 | 000,000,000 | ---d | c] -- c:\users\simon\documents\adobe scripts
[2012/02/19 17:47:57 | 000,000,000 | ---d | c] -- c:\programdata\flexnet
[2012/02/19 17:33:50 | 000,000,000 | ---d | c] -- c:\program files\common files\macrovision shared
[2012/02/19 14:31:09 | 000,000,000 | ---d | c] -- c:\users\simon\documents\nzb files
[2012/02/19 13:56:14 | 000,000,000 | ---d | c] -- c:\users\simon\documents\downloads
[2012/02/19 13:47:44 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\sabnzbd
[2012/02/19 13:47:20 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\microsoft\windows\start menu\programs\sabnzbd
[2012/02/19 13:47:15 | 000,000,000 | ---d | c] -- c:\program files\sabnzbd
[2012/02/19 10:37:15 | 000,000,000 | ---d | c] -- c:\users\simon\documents\updater
[2012/02/19 10:19:47 | 000,000,000 | ---d | c] -- c:\users\public\documents\adobe pdf
[2012/02/19 10:19:29 | 000,000,000 | ---d | c] -- c:\program files\common files\adobe systems shared
[2012/02/19 10:19:27 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\adobe
[2012/02/19 10:12:24 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{f76ce0a3-4774-4f45-92b1-8c10bd7f7f16}
[2012/02/19 10:12:06 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{0bf86819-dc26-4ca4-9dad-475cb5a69648}
[2012/02/18 08:49:09 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{30ed8737-2b75-486d-b36c-cf78381f4c65}
[2012/02/18 08:48:36 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{567c2e7c-cd76-4f26-83a5-3870a3e3a295}
[2012/02/17 19:29:41 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{cb7a092c-74f0-4360-abb9-88beb78419da}
[2012/02/17 07:29:03 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{7b69d96e-cf51-4943-ace8-927730131bb7}
[2012/02/17 07:28:45 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{02573e77-7b62-4fd2-843e-ea4f6e5a1930}
[2012/02/16 18:48:07 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{6e1d28eb-3c83-4194-9ca9-a365eb9e34b4}
[2012/02/16 18:47:56 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{4a14b255-7273-4368-b4a1-6c9abd36901e}
[2012/02/16 06:47:29 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{a0562eaa-6a43-4bad-be18-afca88357f21}
[2012/02/16 06:47:16 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{cbd61cff-de21-4e43-a7e8-0a09b38f869a}
[2012/02/15 16:20:49 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{20b703d7-9dad-47ce-a6c1-7a53443d2383}
[2012/02/15 16:20:39 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{41d0c0a5-bc90-42ff-a70d-fd5a11737ab6}
[2012/02/14 21:37:59 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{d82f8c94-9213-48d9-9d57-227175e708d4}
[2012/02/14 21:37:48 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{e3748da8-bf04-4b2b-9669-fe0488f553b7}
[2012/02/14 09:37:20 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{80ee4b9f-c2ad-445f-ad6a-c9ecbbbdbf99}
[2012/02/14 09:36:58 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{7f33c577-6211-4a4a-9080-0521637c0e7e}
[2012/02/13 23:04:51 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\cartoon maker
[2012/02/13 23:04:50 | 000,000,000 | ---d | c] -- c:\program files\cartoon maker
[2012/02/13 18:43:47 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{d94ccd27-b4a3-4555-9ce3-25098b4cd88e}
[2012/02/13 18:43:35 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{f3fe7c40-e27e-4a2f-bd94-5844f9f20a28}
[2012/02/13 06:43:07 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{56d1cd95-0b78-4029-b4b0-295ebb87c8f8}
[2012/02/13 06:42:56 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{b92ca7a1-3174-4f92-862b-ca57d9421bfe}
[2012/02/12 17:31:06 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\korg
[2012/02/12 17:30:46 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\korg
[2012/02/12 17:30:43 | 000,000,000 | ---d | c] -- c:\programdata\korg
[2012/02/12 17:30:43 | 000,000,000 | ---d | c] -- c:\program files\korg
[2012/02/12 17:30:43 | 000,000,000 | ---d | c] -- c:\program files\common files\korg
[2012/02/12 17:30:43 | 000,000,000 | ---d | c] -- c:\program files\common files\digidesign
[2012/02/12 17:14:19 | 000,000,000 | ---d | c] -- c:\users\simon\documents\reaper media
[2012/02/12 17:07:33 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\roaming\reaper
[2012/02/12 17:07:25 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\reaper
[2012/02/12 17:07:25 | 000,000,000 | ---d | c] -- c:\program files\common files\propellerhead software
[2012/02/12 17:07:02 | 000,000,000 | ---d | c] -- c:\program files\reaper
[2012/02/12 10:20:22 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{e0a2eba5-23d5-4d79-8339-6048e0972cf0}
[2012/02/12 10:20:02 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{b643c80f-66fb-41cf-b657-d799f47c1867}
[2012/02/11 23:02:19 | 000,000,000 | ---d | c] -- c:\users\simon\documents\siemon's afbeeldingen
[2012/02/11 22:00:42 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{b5059c0a-6299-49de-9aeb-582d191f4ffe}
[2012/02/11 22:00:31 | 000,000,000 | ---d | c] -- c:\users\simon\appdata\local\{0149867d-b289-42c9-9dec-ff92b944426f}
[2011/11/12 15:58:23 | 001,169,224 | ---- | c] (microsoft corporation) -- c:\users\simon\appdata\roaming\spotrc.exe

========== files - modified within 30 days ==========

[2012/03/12 16:37:00 | 000,001,066 | ---- | m] () -- c:\windows\tasks\googleupdatetaskusers-1-5-21-4278516006-821579388-3930517617-1000ua.job
[2012/03/12 15:52:52 | 000,017,168 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
[2012/03/12 15:52:52 | 000,017,168 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
[2012/03/12 15:45:03 | 000,067,584 | --s- | m] () -- c:\windows\bootstat.dat
[2012/03/12 15:44:51 | 2616,598,528 | -hs- | m] () -- c:\hiberfil.sys
[2012/03/12 12:04:39 | 000,002,853 | ---- | m] () -- c:\users\simon\desktop\dds - snelkoppeling.pif
[2012/03/12 08:48:48 | 000,001,491 | ---- | m] () -- c:\user.js
[2012/03/12 07:22:30 | 000,001,001 | ---- | m] () -- c:\users\public\desktop\adobe download assistant.lnk
[2012/03/10 19:49:17 | 000,002,313 | ---- | m] () -- c:\users\simon\desktop\google chrome.lnk
[2012/03/05 18:05:32 | 000,746,208 | ---- | m] () -- c:\windows\system32\perfh013.dat
[2012/03/05 18:05:32 | 000,656,914 | ---- | m] () -- c:\windows\system32\perfh009.dat
[2012/03/05 18:05:32 | 000,154,388 | ---- | m] () -- c:\windows\system32\perfc013.dat
[2012/03/05 18:05:32 | 000,123,354 | ---- | m] () -- c:\windows\system32\perfc009.dat
[2012/03/05 17:37:00 | 000,001,014 | ---- | m] () -- c:\windows\tasks\googleupdatetaskusers-1-5-21-4278516006-821579388-3930517617-1000core.job
[2012/02/27 18:53:35 | 000,001,024 | ---- | m] () -- c:\users\public\desktop\vlc media player.lnk
[2012/02/25 09:51:29 | 000,002,631 | ---- | m] () -- c:\users\public\desktop\amvtransform.lnk
[2012/02/24 14:27:05 | 003,854,856 | ---- | m] () -- c:\windows\system32\fntcache.dat
[2012/02/19 13:47:20 | 000,000,993 | ---- | m] () -- c:\users\simon\appdata\roaming\microsoft\windows\start menu\programs\startup\sabnzbd.lnk
[2012/02/19 13:47:20 | 000,000,949 | ---- | m] () -- c:\users\simon\desktop\sabnzbd.lnk
[2012/02/19 10:20:06 | 000,001,249 | ---- | m] () -- c:\programdata\microsoft\windows\start menu\programs\startup\adobe gamma.lnk
[2012/02/13 23:04:52 | 000,000,963 | ---- | m] () -- c:\users\public\desktop\cartoon maker.lnk
[2012/02/12 17:30:46 | 000,000,928 | ---- | m] () -- c:\users\public\desktop\m1 le.lnk
[2012/02/12 17:07:25 | 000,000,937 | ---- | m] () -- c:\users\public\desktop\reaper.lnk

========== files created - no company name ==========

[2012/03/12 12:04:39 | 000,002,853 | ---- | c] () -- c:\users\simon\desktop\dds - snelkoppeling.pif
[2012/03/12 08:48:44 | 000,001,491 | ---- | c] () -- c:\user.js
[2012/03/12 07:22:30 | 000,001,013 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe download assistant.lnk
[2012/03/12 07:22:30 | 000,001,001 | ---- | c] () -- c:\users\public\desktop\adobe download assistant.lnk
[2012/03/10 19:49:17 | 000,002,313 | ---- | c] () -- c:\users\simon\desktop\google chrome.lnk
[2012/02/27 18:53:35 | 000,001,024 | ---- | c] () -- c:\users\public\desktop\vlc media player.lnk
[2012/02/25 09:51:29 | 000,002,631 | ---- | c] () -- c:\users\public\desktop\amvtransform.lnk
[2012/02/24 11:14:27 | 000,001,165 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe fireworks cs5.lnk
[2012/02/24 11:13:31 | 000,001,311 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe extension manager cs5.lnk
[2012/02/24 11:13:18 | 000,001,220 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe device central cs5.lnk
[2012/02/24 11:11:50 | 000,000,967 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe help.lnk
[2012/02/21 19:15:48 | 000,000,979 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\acrobat.com.lnk
[2012/02/19 17:46:14 | 000,001,119 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe dreamweaver cs4.lnk
[2012/02/19 17:34:27 | 000,001,365 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe extendscript toolkit cs4.lnk
[2012/02/19 13:47:20 | 000,000,993 | ---- | c] () -- c:\users\simon\appdata\roaming\microsoft\windows\start menu\programs\startup\sabnzbd.lnk
[2012/02/19 13:47:20 | 000,000,949 | ---- | c] () -- c:\users\simon\desktop\sabnzbd.lnk
[2012/02/19 10:34:48 | 000,000,975 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe golive cs2.lnk
[2012/02/19 10:29:32 | 000,002,550 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe illustrator cs2.lnk
[2012/02/19 10:27:49 | 000,016,384 | ---- | c] () -- c:\windows\system32\fileops.exe
[2012/02/19 10:24:58 | 000,000,997 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe indesign cs2.lnk
[2012/02/19 10:21:36 | 000,002,015 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe photoshop cs2.lnk
[2012/02/19 10:21:36 | 000,002,012 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe imageready cs2.lnk
[2012/02/19 10:20:39 | 000,001,983 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe help center.lnk
[2012/02/19 10:20:06 | 000,001,249 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\startup\adobe gamma.lnk
[2012/02/19 10:19:28 | 000,001,965 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\adobe bridge.lnk
[2012/02/13 23:04:52 | 000,000,963 | ---- | c] () -- c:\users\public\desktop\cartoon maker.lnk
[2012/02/12 17:30:46 | 000,000,928 | ---- | c] () -- c:\users\public\desktop\m1 le.lnk
[2012/02/12 17:07:25 | 000,000,937 | ---- | c] () -- c:\users\public\desktop\reaper.lnk
[2012/01/31 22:17:56 | 000,057,344 | ---- | c] () -- c:\windows\system32\ff_vfw.dll
[2012/01/22 15:35:17 | 000,053,248 | ---- | c] () -- c:\windows\system32\commondl.dll
[2012/01/22 15:35:17 | 000,002,413 | ---- | c] () -- c:\windows\system32\lgaxconfig.ini
[2012/01/12 18:30:08 | 000,000,362 | rhs- | c] () -- c:\programdata\ntuser.pol
[2012/01/06 10:51:12 | 000,217,088 | ---- | c] () -- c:\windows\system32\lpng.dll
[2012/01/03 10:03:48 | 000,014,368 | ---- | c] () -- c:\windows\skype.dat
[2012/01/03 10:03:41 | 000,032,854 | ---- | c] () -- c:\windows\inils.dat
[2011/11/17 18:20:51 | 000,038,912 | ---- | c] () -- c:\windows\system32\mgxasio.dll
[2011/11/17 18:18:15 | 000,002,678 | ---- | c] () -- c:\windows\mgxoschk.ini
[2011/11/16 23:01:45 | 000,000,081 | ---- | c] () -- c:\program files\infogrames community.url
[2011/11/13 14:05:16 | 000,028,672 | ---- | c] () -- c:\windows\system32\qttask.exe
[2011/11/13 13:41:50 | 000,172,430 | ---- | c] () -- c:\windows\hpoins44.dat
[2011/11/12 15:59:20 | 000,080,896 | ---- | c] () -- c:\windows\system32\rdvghelper.exe
[2011/11/12 15:56:37 | 000,066,048 | ---- | c] () -- c:\windows\system32\printbrmui.exe
[2011/11/12 15:18:19 | 000,000,848 | -hs- | c] () -- c:\windows\system32\kgygaavl.sys
[2011/11/11 19:30:17 | 000,746,208 | ---- | c] () -- c:\windows\system32\perfh013.dat
[2011/11/11 19:30:17 | 000,341,322 | ---- | c] () -- c:\windows\system32\perfi013.dat
[2011/11/11 19:30:17 | 000,154,388 | ---- | c] () -- c:\windows\system32\perfc013.dat
[2011/11/11 19:30:17 | 000,043,068 | ---- | c] () -- c:\windows\system32\perfd013.dat
[2011/11/11 19:16:58 | 000,000,000 | ---- | c] () -- c:\windows\ativpsrm.bin
[2011/07/28 19:52:40 | 000,037,376 | ---- | c] () -- c:\windows\system32\atitmpxx.dll
[2011/06/27 17:53:04 | 000,234,855 | ---- | c] () -- c:\windows\system32\atiicdxx.dat
[2011/03/17 16:51:46 | 000,003,929 | ---- | c] () -- c:\windows\system32\atipblag.dat

========== lop check ==========

[2012/01/17 23:03:32 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\ascomp software
[2011/11/29 22:19:25 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\ashampoo
[2011/12/24 17:48:18 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\audacity
[2012/03/08 23:26:17 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\avg2012
[2012/03/12 08:48:38 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\babylon
[2012/01/04 17:39:46 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\belastingdienst
[2011/11/30 13:27:31 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\big fish games
[2012/03/07 12:09:17 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\chc.4875e02d9fb21ee389f73b8d1702b320485df8ce.1
[2012/03/12 07:23:04 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\com.adobe.downloadassistant.adobedownloadassistant
[2012/02/21 19:36:49 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\com.adobe.exman
[2011/11/16 00:11:37 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\daemon tools lite
[2011/12/26 12:35:41 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\fujifilm
[2012/02/02 16:22:02 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\funzai!
[2012/03/12 09:39:48 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\gena01
[2011/11/28 22:03:41 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\imgburn
[2012/02/12 17:31:06 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\korg
[2012/01/22 15:45:26 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\lg electronics
[2011/11/23 18:46:58 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\magix
[2012/02/21 09:33:31 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\opera
[2012/02/12 17:15:08 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\reaper
[2012/03/05 18:13:11 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\tomtom
[2012/01/24 06:57:36 | 000,000,000 | ---d | m] -- c:\users\simon\appdata\roaming\windows live writer
[2012/01/22 15:45:26 | 000,000,000 | -h-d | m] -- c:\users\simon\appdata\roaming\{d94ba408-f110-488b-a65e-3ae7945f79e6}
[2012/01/08 09:35:58 | 000,032,628 | ---- | m] () -- c:\windows\tasks\schedlgu.txt

========== purity check ==========



========== alternate data streams ==========

@alternate data stream - 175 bytes -> c:\programdata\temp:58e38390
< end of report >

[/hjt]

---------- Bericht toegevoegd om 17:05 ---------- Vorige bericht geplaatst om 17:03 ----------

[hjt]
otl extras logfile created on: 3/12/2012 4:52:55 pm - run 1
otl by oldtimer - version 3.2.36.3 folder = c:\users\simon\downloads
ultimate edition service pack 1 (version = 6.1.7601) - type = ntworkstation
internet explorer (version = 8.0.7601.17514)
locale: 00000409 | country: netherlands | language: nld | date format: d-m-yyyy

3.25 gb total physical memory | 1.99 gb available physical memory | 61.32% memory free
6.50 gb paging file | 5.16 gb available in paging file | 79.45% paging file free
paging file location(s): ?:\pagefile.sys [binary data]

%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 931.51 gb total space | 771.98 gb free space | 82.87% space free | partition type: ntfs

computer name: siemon-pc | user name: simon | logged in as administrator.
boot mode: normal | scan mode: all users | quick scan
company name whitelist: on | skip microsoft files: on | no company name whitelist: on | file age = 30 days

========== extra registry (safelist) ==========


========== file associations ==========

[hkey_local_machine\software\classes\<extension>]
.cpl [@ = cplfile] -- c:\windows\system32\control.exe (microsoft corporation)
.hlp [@ = hlpfile] -- c:\windows\winhlp32.exe (microsoft corporation)

========== shell spawning ==========

[hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %systemroot%\system32\control.exe "%1",%* (microsoft corporation)
exefile [open] -- "%1" %*
helpfile [open] -- reg error: key error.
hlpfile [open] -- %systemroot%\winhlp32.exe %1 (microsoft corporation)
htmlfile [edit] -- c:\program files\adobe\adobe golive cs2\golive.exe "%1" (adobe systems incorporated)
htmlfile [print] -- c:\program files\microsoft office\office14\msohtmed.exe /p %1 (microsoft corporation)
inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
piffile [open] -- "%1" %*
regfile [merge] -- reg error: key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: key error.
unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1
directory [browse with paint shop pro 9] -- c:\program files\jasc software inc\paint shop pro 9\\paint shop pro 9.exe "/browse" "%l" (jasc software, inc.)
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
directory [finepix] -- c:\program files\finepixviewer\finepixviewer.exe "%1" (fuji photo film co.,ltd.)
directory [finepixprint] -- c:\program files\finepixviewer\finepixviewer.exe /p "%1" (fuji photo film co.,ltd.)
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: value error.
drive [find] -- %systemroot%\explorer.exe (microsoft corporation)

========== security center settings ==========

[hkey_local_machine\software\microsoft\security center]
"cval" = 1

[hkey_local_machine\software\microsoft\security center\monitoring]

[hkey_local_machine\software\microsoft\security center\svc]
"vistasp1" = reg error: unknown registry data type -- file not found
"antivirusoverride" = 0
"antispywareoverride" = 0
"firewalloverride" = 0

[hkey_local_machine\software\microsoft\security center\svc\vol]

========== firewall settings ==========

[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"disablenotifications" = 0
"enablefirewall" = 1

[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"disablenotifications" = 0
"enablefirewall" = 1

[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"disablenotifications" = 0
"enablefirewall" = 1

========== authorized applications list ==========


========== hkey_local_machine uninstall list ==========

[hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{0134a1a1-c283-4a47-91a1-92f19f960372}" = adobe creative suite 2
"{033e378e-6ad3-4ad5-bdeb-cbd69b31046c}" = microsoft_vc90_atl_x86
"{03deead2-f3b7-45bf-9006-a25d015f00d2}" = adobe flash player 10 plugin
"{05308c4e-7285-4066-bae3-6b50da6ed755}" = adobe update manager cs4
"{05bfb060-4f22-4710-b0a2-2801a1b606c5}" = microsoft antimalware
"{072b53d7-daad-4562-8764-b528d0ada7c4}" = windows live family safety
"{07fb17d8-7db6-4f06-80c4-8be1719cb6a1}" = hpwlpginstaller
"{08c8666b-c502-4ab3-b4cb-d74ac42d14fe}" = nero backitup 10 help (chm)
"{08d2e121-7f6a-43eb-97fd-629b44903403}" = microsoft_vc90_crt_x86
"{098727e1-775a-4450-b573-3f441f1ca243}" = kuler
"{0a0cadcf-78da-33c4-a350-cd51849b9702}" = microsoft .net framework 4 extended
"{0b0f231f-ce6a-483d-aa23-77b364f75917}" = windows live installer
"{0d2dbe8a-43d0-7830-7ae7-ca6c99a832e7}" = adobe community help
"{0f3647f8-e51d-4fcc-8862-9a8d0c5acf25}" = microsoft_vc80_atl_x86
"{0f367ca3-3b2f-43f9-a44a-25a8ee69e45d}" = scan
"{0f723fc1-7606-4867-866c-ce80ad292daf}" = adobe csi cs4
"{1034f76f-01f6-4268-8308-02853001e1ad}" = magix music maker mx production suite download-versie
"{12947715-b6f0-4597-816f-5e13fb647921}_is1" = spotnet
"{14afe241-fc6e-4fdb-bca0-7ad6f4974171}" = adobe setup
"{14b441b7-774d-4170-98ea-a13667ae6218}" = windows live writer resources
"{1618734a-3957-4add-8199-f973763109a8}" = adobe anchor service cs4
"{164965e8-4bb0-4eeb-afba-75785a2a2a7f}" = adobe fireworks cs5
"{16987e99-c95c-4513-9239-7b44a0a71db5}" = nero soundtrax 10 help (chm)
"{175f0111-2968-4935-8f70-33108c6a4de3}" = marketresearch
"{196467f1-c11f-4f76-858b-5812adc83b94}" = msxml 4.0 sp3 parser
"{19a4a990-5343-4ff7-b3b5-6f046c091edf}" = windows live remote client
"{1f1c2dfc-2d24-3e06-bcb8-725134adf989}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148
"{1f6ab0e7-8cdd-4b93-8a23-aa9eb2fefce4}" = junk mail filter update
"{1f7fb68f-52f6-46a3-b42f-38ce46295ae5}" = nero mediahub 10
"{200fec62-3c34-4d60-9ce8-ec372e01c08f}" = windows live soxe definitions
"{21a2f5ee-1dc5-488a-be7e-e526f8c61488}" = devicediscovery
"{227e8782-b2f4-4e97-b0ee-49de9cc1c0c0}" = windows live remote service
"{236bb7c4-4419-42fd-0409-1e257a25e34d}" = adobe photoshop cs2
"{237ccb62-8454-43e3-b158-3acd0134852e}" = high-definition video playback 10
"{2436f2a8-4b7e-4b6c-ae4e-604c84aa6a4f}" = nero core components 10
"{24ed4d80-8294-11d5-96cd-0040266301ad}" = finepixviewer ver.4.0
"{2617fa1f-0c04-3abb-af64-7d5b6620c341}" = microsoft .net framework 4 client profile nld language pack
"{26a24ae4-039d-4ca4-87b4-2f83216030ff}" = java(tm) 6 update 30
"{277c1559-4cf7-44ff-8d07-98aa9c13aabd}" = nero multimedia suite 10
"{297acaae-faac-4817-a3be-336f63399da3}_is1" = calme version 2012
"{29ed20c9-5e15-4969-9279-25bf3727a3da}" = itunes
"{2a07c35b-8384-4da4-9a95-442b6c89a073}" = windows live essentials
"{2eea7aa4-c203-4b90-a34f-19fb7ef1c81c}" = bufferchm
"{2fdfd600-7338-4738-90d5-fc4aca08dc36}" = pro evolution soccer 2008
"{30c8aa56-4088-426f-91d1-0edfd3a25678}" = adobe dreamweaver cs4
"{329411a0-19f3-4740-874f-17400b126f27}" = nero vision 10 help (chm)
"{3336f667-9049-4d46-98b6-4c743eebc5b1}" = windows live photo gallery
"{33643918-7957-4839-92c7-ea96cb621a98}" = nero express 10 help (chm)
"{34490f4e-48d0-492e-8249-b48becf0537c}" = nero discspeed 10
"{3921a67a-5ab1-4e48-9444-c71814cf3027}" = vcredistsetup
"{39f6e2b4-cfe8-c30a-66e8-489651f0f34c}" = adobe media player
"{3a6829ef-0791-4fdd-9382-c690dd0821b9}" = adobe flash player 10 activex
"{3c3901c5-3455-3e0a-a214-0b093a5070a6}" = microsoft .net framework 4 client profile
"{3f4143a1-9c21-4011-8679-3bc1014c6886}" = windows live mesh
"{40034b11-149e-4310-ae89-bb575b02525b}" = lg internet kit
"{42144b39-2ccc-4c77-846a-7c760d48284c}_is1" = orbyx deluxe
"{42c8b7df-feb0-4d51-b169-506b6bec5797}" = nero 10 menu templatepack 1
"{42e2eeb2-d48e-4a47-b181-32eca031d93b}" = dj_aio_06_f2400_sw_min
"{43cdf946-f5d9-4292-b006-ba0d92013021}" = webreg
"{43fbab46-5969-4200-9958-1ff81fee506f}" = nero 10 movie themepack 1
"{45a66726-69bc-466b-a7a4-12fcba4883d7}" = hijackthis
"{461b11e8-bf34-4acb-962a-1cbe905bd9eb}" = lg united mobile drivers
"{46548e80-0409-0000-7e8a-45000f855001}" = adobe golive cs2
"{48294d95-ee9a-4377-8213-44fc4265fb27}" = windows live messenger
"{4943eff5-229f-435d-bea9-be3caea783a7}" = adobe service manager extension
"{4a03706f-666a-4037-7777-5f2748764d10}" = java auto updater
"{4a70ef07-7f88-4434-bb61-d1de8ae93dd4}" = solutioncenter
"{4f2d3995-1ec5-3c05-b7e5-3449f802e6de}" = microsoft .net framework 4 extended nld language pack
"{4f94119d-1b71-400e-9f04-b4e5ceae71f8}_is1" = sothink movie dvd maker
"{50779a29-834e-4e36-bbeb-b7cabc67a825}" = microsoft security client nl-nl language pack
"{5490882c-6961-11d5-bae5-00e0188e010b}" = fujifilm usb driver
"{54b6dc7d-8c5b-4dfb-bc15-c010a3326b2b}" = microsoft security client
"{555868c6-49fb-484f-bb43-8980651a1b00}" = nero burnrights 10 help (chm)
"{56c049be-79e9-4502-bea7-9754a3e60f9b}" = neroxml
"{5f548a02-80bc-404d-bae6-f05f9bf6b449}" = nero disccopygadget 10 help (chm)
"{612c34c7-5e90-47d8-9b5c-0f717dd82726}" = swmsm
"{635fed5b-2c6d-49be-87e6-7a6fcd22bc5a}" = microsoft_vc90_mfc_x86
"{63aa3eab-23bb-48b2-9ad0-44f878075604}" = nero 10 menu templatepack basic
"{63ff21c9-a810-464f-b60a-3111747b1a6d}" = gpbaseservice2
"{64e72fb1-2343-4977-b4a8-262cd53d0bd3}" = corel paint shop pro photo x2
"{66049135-9659-4aad-9169-9cca269ebb3e}" = nero infotool 10 help (chm)
"{682b3e4f-696a-42de-a41c-4c07ea1678b4}" = windows live soxe
"{68a10d12-0d0f-4212-bde6-d87fad32a8fa}" = smartwebprinting
"{6b2ffb21-ac88-45c3-9a7d-4bb3e744ec91}" = hpssupply
"{6baa71b6-8f43-4c72-931a-3354abb0258a}" = f2400
"{6bba26e9-ab03-4fe7-831a-3535584ca002}" = toolbox
"{6c5f8503-55d2-4398-858c-362b7a7af51c}" = firebird sql server - magix edition
"{6dfb899f-17a2-48f0-a533-ed8d6866cf38}" = nero control center 10
"{70550193-1c22-445c-8fa4-564e155db1a7}" = nero express 10
"{7059bda7-e1db-442c-b7a1-6144596720a4}" = hp update
"{70f19404-b96c-4ebb-ad2b-3574f8736197}" = nero 10 movie themepack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = microsoft visual c++ 2005 redistributable
"{770657d0-a123-3c07-8e44-1c83ec895118}" = microsoft visual c++ 2005 atl update kb973923 - x86 8.0.50727.4053
"{786c5747-1033-0000-b58e-000000000001}" = adobe stock photos 1.0
"{789a5b64-9dd9-4ba5-915a-f0fc0a1b7bfe}" = apple software update
"{78a96b4c-a643-4d0f-98c2-a8e16a6669f9}" = windows live messenger companion core
"{79155f2b-9895-49d7-8612-d92580e0de5b}" = bonjour
"{7a295d8f-484b-4ffb-89ab-c1fd497591fe}" = nero waveeditor 10 help (chm)
"{7a5d731d-b4b3-490e-b339-75685712baab}" = nero burning rom 10
"{7aac4b2b-c3d2-465c-9f2c-b9dcf0d7fdb8}" = adobe setup
"{7b3f0113-e63c-4d6d-af19-111a3165cca2}" = text-to-speech-runtime
"{7be15435-2d3e-4b58-867f-9c75bed0208c}" = quicktime
"{7e017923-16f8-4e32-94ef-0a150bd196fe}" = windows live writer
"{7f4c8163-f259-49a0-a018-2857a90578bc}" = adobe indesign cs2
"{8142d25e-028a-4563-86ed-5755783c8029}" = messenger companion
"{83c292b7-38a5-440b-a731-07070e81a64f}" = windows live pimt platform
"{842b4b72-9e8f-4962-b3c1-1c422a5c4434}" = suite shared configuration cs4
"{845e0bcb-8c8d-4fab-8588-ad5ffd156c95}" = windows live remote service resources
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = microsoft silverlight
"{8b9852af-b0b0-47b7-9bc5-89a95d77b6c9}" = media player utilities 4.39
"{8c6d6116-b724-4810-8f2d-d047e6b7d68e}" = mesh runtime
"{8dd46c6a-0056-4fec-b70a-28bb16a1f11f}" = msvcrt
"{8ecec853-5c3d-4b10-b5c7-ff11ff724807}" = nero recode 10
"{8edba74d-0686-4c99-bfdd-f894678e5b39}" = adobe common file installer
"{8f3c31c5-9c3a-4aa8-8efa-71290a7ad533}" = tomtom home visual studio merge modules
"{90140000-0011-0000-0000-0000000ff1ce}" = microsoft office professional plus 2010
"{90140000-0011-0000-0000-0000000ff1ce}_office14.proplus_{047b0968-e622-4faa-9b4b-121fa109edde}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0015-0413-0000-0000000ff1ce}" = microsoft office access mui (dutch) 2010
"{90140000-0015-0413-0000-0000000ff1ce}_office14.proplus_{7a6ad1a3-6ec6-4840-8a29-4ccd27a21069}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0016-0413-0000-0000000ff1ce}" = microsoft office excel mui (dutch) 2010
"{90140000-0016-0413-0000-0000000ff1ce}_office14.proplus_{7a6ad1a3-6ec6-4840-8a29-4ccd27a21069}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0018-0413-0000-0000000ff1ce}" = microsoft office powerpoint mui (dutch) 2010
"{90140000-0018-0413-0000-0000000ff1ce}_office14.proplus_{7a6ad1a3-6ec6-4840-8a29-4ccd27a21069}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0019-0413-0000-0000000ff1ce}" = microsoft office publisher mui (dutch) 2010
"{90140000-0019-0413-0000-0000000ff1ce}_office14.proplus_{7a6ad1a3-6ec6-4840-8a29-4ccd27a21069}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001a-0413-0000-0000000ff1ce}" = microsoft office outlook mui (dutch) 2010
"{90140000-001a-0413-0000-0000000ff1ce}_office14.proplus_{7a6ad1a3-6ec6-4840-8a29-4ccd27a21069}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001b-0413-0000-0000000ff1ce}" = microsoft office word mui (dutch) 2010
"{90140000-001b-0413-0000-0000000ff1ce}_office14.proplus_{7a6ad1a3-6ec6-4840-8a29-4ccd27a21069}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-0407-0000-0000000ff1ce}" = microsoft office proof (german) 2010
"{90140000-001f-0407-0000-0000000ff1ce}_office14.proplus_{65a2328e-fdfb-4ca3-8582-357ea6825fea}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-0409-0000-0000000ff1ce}" = microsoft office proof (english) 2010
"{90140000-001f-0409-0000-0000000ff1ce}_office14.proplus_{99acca38-6dd3-48a8-96ae-a283c9759279}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-040c-0000-0000000ff1ce}" = microsoft office proof (french) 2010
"{90140000-001f-040c-0000-0000000ff1ce}_office14.proplus_{46298f6a-1e7e-4d4a-b5f5-106a4f0e48c6}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-0413-0000-0000000ff1ce}" = microsoft office proof (dutch) 2010
"{90140000-001f-0413-0000-0000000ff1ce}_office14.proplus_{5072fea2-862c-4bf0-9654-cb0dcbe2be28}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-002c-0413-0000-0000000ff1ce}" = microsoft office proofing (dutch) 2010
"{90140000-002c-0413-0000-0000000ff1ce}_office14.proplus_{d3b92058-cf96-445f-a297-f7ed19c4e841}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0044-0413-0000-0000000ff1ce}" = microsoft office infopath mui (dutch) 2010
"{90140000-0044-0413-0000-0000000ff1ce}_office14.proplus_{7a6ad1a3-6ec6-4840-8a29-4ccd27a21069}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-006e-0413-0000-0000000ff1ce}" = microsoft office shared mui (dutch) 2010
"{90140000-006e-0413-0000-0000000ff1ce}_office14.proplus_{260407d0-98a1-4d9a-a956-3d1dedddf3b9}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-00a1-0413-0000-0000000ff1ce}" = microsoft office onenote mui (dutch) 2010
"{90140000-00a1-0413-0000-0000000ff1ce}_office14.proplus_{7a6ad1a3-6ec6-4840-8a29-4ccd27a21069}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-00ba-0413-0000-0000000ff1ce}" = microsoft office groove mui (dutch) 2010
"{90140000-00ba-0413-0000-0000000ff1ce}_office14.proplus_{7a6ad1a3-6ec6-4840-8a29-4ccd27a21069}" = microsoft office 2010 service pack 1 (sp1)
"{92127af5-fdd8-4adf-bc40-c356c9ee0b7d}" = 32 bit hp cio components installer
"{92146419-ae44-4c8b-a48b-0abb1b5ec026}" = nero 10 menu templatepack 3
"{922e8525-ac7e-4294-acaa-43712d4423c0}" = adobe flash player 10 activex
"{92a10e9d-ea00-4a46-8f22-eea660992d61}" = nero 10 sample videos
"{92e25238-61a3-4acd-a407-3c480eef47a7}" = nero rescueagent 10 help (chm)
"{92ea4134-10d1-418a-91e1-5a0453131a38}" = windows live movie maker
"{92ec1a84-7ffc-42df-a8f6-79c21c4765a5}" = nero disccopy gadget 10
"{95120000-00b9-0409-0000-0000000ff1ce}" = microsoft application error reporting
"{9624502c-3d39-41a0-8917-858ec16769ce}" = korg m1 le
"{969e11aa-8f3a-f162-1a5a-0965e216b6ce}" = adobe download assistant
"{96ed4b78-300e-4033-ae6c-c115ceb4df07}" = nero 10 clipartpack
"{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.17
"{9a4297f3-2a51-4ed9-92ca-4bcb8380947e}" = nero vision 10
"{9b6b24be-80e7-46c4-9fa5-b167d5e0f345}" = nero burningrom 10 help (chm)
"{9bd262d0-b788-4546-a0a5-f4f56ec3834b}" = windows live photo common
"{9be518e6-ecc6-35a9-88e4-87755c07200f}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.6161
"{9d56775a-93f3-44a3-8092-840e3826de30}" = windows live mail
"{a00b9a50-3090-4cff-9cda-82da0bedaa21}" = apple mobile device support
"{a60b3bf0-954b-42af-b8d8-2c1d34b613aa}" = windows live photo gallery
"{a726ae06-aaa3-43d1-87e3-70f510314f04}" = windows live writer
"{a83279fd-ca4b-4206-9535-90974de76654}" = apple application support
"{a9bdca6b-3653-467b-ac83-94367da3bfe3}" = windows live photo common
"{aaafc670-569b-4a2f-82b4-42945e0de3ef}" = windows live writer
[/hjt]
 

Siepe

Gevestigd lid
[hjt]
"{ac76ba86-7ad7-1043-7b44-aa1000000001}" = adobe reader x (10.1.2) - nederlands
"{ac7ee5f1-0de4-4256-8e43-92b73c8e6019}" = lg bluetooth drivers
"{acd15fdf-fc42-4175-b477-576f92ff2256}" = nero 10 sample imagepack
"{adbe46ee-54e0-4610-b436-d7e93d829100}" = adobe version cue cs2
"{ae8705fb-e13c-40a9-8a2d-68d6733fbfc2}" = status
"{af844339-2f8a-4593-81b3-9f4c54038c4e}" = windows live mime ifilter
"{b29ad377-cc12-490a-a480-1452337c618d}" = connect
"{b2f5d08c-7e79-4fcd-aaf4-57ad35ff0601}" = adobe illustrator cs2
"{b74d4e10-1033-0000-0000-000000000001}" = adobe bridge 1.0
"{bcf16f16-ac0e-4abe-a9ef-412cf484ba51}" = windows live family safety
"{bd7204ba-dd64-499e-9b55-6a282cdf4fa4}" = destinations
"{c18a0418-442a-4186-af98-d08f5054a2fc}" = nero discspeed 10 help (chm)
"{c3273c55-e1e4-41ff-8d69-0158090db8d8}" = nero coverdesigner 10 help (chm)
"{c32ce55c-12ba-4951-8797-0967fdef556f}" = windows live mesh - activex-besturingselement voor externe verbindingen
"{c3580ac4-c827-4332-b935-9a282ed5bb97}" = nero dolby files 10
"{c43326f5-f135-4551-8270-7f7aba0462e1}" = hpproductassistant
"{c49daa9c-5ba8-459a-8244-e57b69df0f04}" = suite specific
"{c6150d8a-86ed-41d3-87bb-f3bb51b0b77f}" = windows live id sign-in assistant
"{c7340571-7773-4a8c-9ebc-4e4243b38c76}" = microsoft xml parser
"{c75cdba2-3c86-481e-bd10-bdda758f9dff}" = hpprintprojects
"{c86e7c99-e4ad-79c7-375b-1aef9a91ec2b}" = acrobat.com
"{cae4213f-f797-439d-bd9e-79b71d115be3}" = hpphotogadget
"{cb7224d9-6dca-43f1-8f83-6b1e39a00f92}" = windows live movie maker
"{cdbf8c2d-04b0-4f9b-9ae1-7422f7f0ec94}" = hp deskjet f2400 all-in-one driver software 13.0 rel .6
"{ce95a79e-e4fc-4fff-8a75-29f04b942ff2}" = windows live ux platform
"{d1a19b02-817e-4296-a45b-07853fd74d57}" = microsoft_vc80_mfc_x86
"{d24db8b9-bb6c-4334-9619-ba1c650e13d3}" = microsoft primary interoperability assemblies 2005
"{d3aa158a-9421-4883-8767-e771b0964a1d}" = imagemixer vcd for finepix
"{d45240d3-b6b3-4ff9-b243-54ece3e10066}" = windows live communications platform
"{d588365a-ae39-4f27-bdae-b4e72c8e900c}" = windows live mail
"{d680c913-5955-469d-9d88-c1940f7506d6}" = raw file converter le
"{d6f25cf9-4e87-43eb-b324-c12be9cdd668}" = windows live ux platform language pack
"{d7bf3b76-eef9-4868-9b2b-42abf60b279a}" = microsoft_vc80_crt_x86
"{d92bbb52-82ff-42ed-8a3c-4e062f944ab7}" = microsoft_vc80_mfcloc_x86
"{d94ba408-f110-488b-a65e-3ae7945f79e6}_is1" = installatie van lg pc suite iii ongedaan maken
"{db7c1d4a-08ba-4c7e-a8aa-b7f9bb372dcf}" = nero recode 10 help (chm)
"{dc0a5f99-fd66-433f-9d3a-05dcba64be42}" = trayapp
"{de6e5981-9dd9-4372-88d0-07bf1ba7000c}" = magix speed burnr (msi)
"{decdcb7c-58cc-4865-91af-627f9798fe48}" = windows live mesh
"{e09c4db7-630c-4f06-a631-8ea7239923af}" = d3dx10
"{e1640da5-89b4-4f52-b15d-5da3d14f29d4}" = lg usb modem drivers
"{e1ee5339-5d32-458f-baab-b19f6301bce2}" = nero soundtrax 10
"{e337e787-cf61-4b7b-b84f-509202a54023}" = nero rescueagent 10
"{e5b21f11-6933-4e0b-a25c-7963e3c07d11}" = windows live messenger
"{e712c273-7564-4c8e-aa59-0fa19bc35117}" = nero 10 menu templatepack 2
"{e7c6d565-2e48-4303-a114-afe7b2e561af}_is1" = fotosketcher 2.20
"{e9787678-1033-0000-8e67-000000000001}" = adobe help center 1.0
"{edcdfad5-df80-4600-a493-e9dad6810230}" = nero waveeditor 10
"{f0b430d1-b6aa-473d-9b06-aa3dd01fd0b8}" = microsoft sql server 2005 compact edition [enu]
"{f0ccbe54-9132-44e9-82df-cd364ad5c22d}" = windows live remote client resources
"{f0e64e2e-3a60-40d8-a55d-92f6831875da}" = adobe search for help
"{f412b4af-388c-4ff5-9b2f-33db1c536953}" = nero infotool 10
"{f467862a-d9ca-47ed-8d81-b4b3c9399272}" = nero mediahub 10 help (chm)
"{f5b4dd9c-df08-459b-80d1-eb94e5134d50}_is1" = tommy tronic
"{f5c96b8b-73c3-4198-a33b-9053ee5a46e7}" = magix music maker mx production suite trial (geluidspakket)
"{f5cb822f-b365-43d1-bcc0-4fda1a2017a7}" = nero 10 movie themepack basic
"{f6117f9c-adb5-4590-9be4-12c7bec28702}" = nero startsmart 10 help (chm)
"{f61d489e-6c44-49ac-ad02-7da8aca73a65}" = nero startsmart 10
"{f69437f0-3ef7-49db-8241-f267ee8e1b7e}" = magix screenshare
"{f843c6a3-224d-4615-94f8-3c461bd9aea0}" = jasc paint shop pro 9
"{f8edc0f8-15bc-4411-8762-77105c8aaeec}" = microsoft antimalware service nl-nl language pack
"{f8ef2b3f-c345-4f20-8fe4-791a20333cd5}" = adobe extendscript toolkit cs4
"{faf26102-09d7-4c58-ab01-0d59a2e517ca}" = copy
"{fcf00a6e-fb58-477a-abe9-232907105521}" = nero coverdesigner 10
"{fe23d063-934d-4829-a0d8-00634ce79b4a}" = adobe air
"{ff10d622-7bfe-48c6-8df6-40d8cb1d3c1b}" = cars 2
"adobe air" = adobe air
"adobe shockwave player" = adobe shockwave player 11.6
"adobe svg viewer" = adobe svg viewer 3.0
"adobe_4db064343401efd6449f33f8411c14b" = adobe creative suite 4 web premium
"adobe_acce07fd2c8fe7f9e3f26243e626578" = adobe dreamweaver cs4
"akimbo" = akimbo
"audacity 1.3 beta (unicode)_is1" = audacity 1.3.13 (unicode)
"avast" = avast! free antivirus
"aviconverter" = aviconverter 3.0
"avisynth" = avisynth 2.5
"cartoon maker_is1" = cartoon maker 6.01
"ccleaner" = ccleaner
"chc.4875e02d9fb21ee389f73b8d1702b320485df8ce.1" = adobe community help
"com.adobe.amp.4875e02d9fb21ee389f73b8d1702b320485df8ce.1" = adobe media player
"com.adobe.downloadassistant.adobedownloadassistant" = adobe download assistant
"com.adobe.mauby.4875e02d9fb21ee389f73b8d1702b320485df8ce.1" = acrobat.com
"dvd flick_is1" = dvd flick 1.3.0.7
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"haalimkx" = haali media splitter
"hp imaging device functions" = hp imaging device functions 13.0
"hp print projects" = hp print projects 1.0
"hp smart web printing" = hp smart web printing 4.5
"hp solution center & imaging support tools" = hp solution center 13.0
"hpextendedcapabilities" = hp customer participation program 13.0
"imgburn" = imgburn
"installshield_{2fdfd600-7338-4738-90d5-fc4aca08dc36}" = pro evolution soccer 2008
"iprint_is1" = iprint
"lame for audacity_is1" = lame v3.98.3 for audacity
"magix music manager nl" = magix music manager (nl)
"magix music studio 2006 deluxe nl" = magix music studio 2006 deluxe (nl)
"magix photo manager nl" = magix photo manager (nl)
"magix_msi_pcvisit" = magix screenshare
"magix_msi_speed3_burnr_mxcdr_msi" = magix speed burnr (msi)
"malwarebytes' anti-malware_is1" = malwarebytes anti-malware versie 1.60.1.1000
"mama moe en de kraai" = mama moe en de kraai
"microsoft .net framework 4 client profile" = microsoft .net framework 4 client profile
"microsoft .net framework 4 client profile nld language pack" = taalpakket voor microsoft .net framework 4 client profile - nld
"microsoft .net framework 4 extended" = microsoft .net framework 4 extended
"microsoft .net framework 4 extended nld language pack" = taalpakket voor microsoft .net framework 4 extended - nld
"microsoft security client" = microsoft security essentials
"mx simulator" = mx simulator
"office14.proplus" = microsoft office professional plus 2010
"pen tablet driver" = bamboo
"reaper" = reaper
"rockstar games social club" = rockstar games social club
"sabnzbd" = sabnzbd 0.6.15
"secure eraser_is1" = secure eraser v4.0
"segamegadriveclassics" = sega mega drive classics
"shockwave" = shockwave
"shop for hp supplies" = shop for hp supplies
"speedfan" = speedfan (remove only)
"tactical ops" = tactical ops
"teamviewer 6" = teamviewer 6
"tomtom home" = tomtom home 2.8.3.2499
"verzoek of wijziging voorlopige aanslag 2012" = verzoek of wijziging voorlopige aanslag 2012
"virtualclonedrive" = virtualclonedrive
"vlc media player" = vlc media player 2.0.0
"wacom webtabletplugin for ie" = webtablet ie plugin
"wacom webtabletplugin for internet explorer and netscape" = webtablet fb plugin
"wacom webtabletplugin for netscape" = webtablet netscape plugin
"winlivesuite" = windows live essentials
"winrar archiver" = winrar

========== hkey_users uninstall list ==========

[hkey_users\s-1-5-21-4278516006-821579388-3930517617-1000\software\microsoft\windows\currentversion\uninstall]
"google chrome" = google chrome

========== last 10 event log errors ==========

[ application events ]
error - 3/11/2012 2:47:55 am | computer name = siemon-pc | source = bonjour service | id = 100
description = mdnscorereceiveresponse: unexpected conflict discarding 17 100.0.168.192.in-addr.arpa.
ptr siemon-pc.local.

error - 3/11/2012 3:47:03 am | computer name = siemon-pc | source = sidebyside | id = 16842815
description = kan activeringscontext voor 'c:\program files\common files\adobe air\versions\1.0\adobe
air.dll' niet maken. fout in manifest of beleidsbestand 'c:\program files\common
files\adobe air\versions\1.0\adobe air.dll' op regel 3. de waarde major_version.minor_version.build_number_major.build_number_minor
van kenmerk version in element assemblyidentity is ongeldig.

error - 3/11/2012 3:48:15 am | computer name = siemon-pc | source = sidebyside | id = 16842824
description = kan activeringscontext voor 'c:\program files\microsoft security client\msesysprep.dll'
niet maken. fout in manifest of beleidsbestand 'c:\program files\microsoft security
client\msesysprep.dll' op regel 10. het element imaging wordt weergegeven als onderliggend
element van element urn:schemas-microsoft-com:asm.v1^assembly, wat niet door deze
versie van windows wordt ondersteund.

error - 3/11/2012 2:22:44 pm | computer name = siemon-pc | source = bonjour service | id = 100
description = mdnscorereceiveresponse: received from 192.168.0.100:5353 19 100.0.168.192.in-addr.arpa.
ptr siemon-pc-2.local.

error - 3/11/2012 2:22:44 pm | computer name = siemon-pc | source = bonjour service | id = 100
description = mdnscorereceiveresponse: unexpected conflict discarding 17 100.0.168.192.in-addr.arpa.
ptr siemon-pc.local.

error - 3/12/2012 1:37:08 am | computer name = siemon-pc | source = bonjour service | id = 100
description = mdnscorereceiveresponse: received from 192.168.0.100:5353 19 100.0.168.192.in-addr.arpa.
ptr siemon-pc-2.local.

error - 3/12/2012 1:37:08 am | computer name = siemon-pc | source = bonjour service | id = 100
description = mdnscorereceiveresponse: unexpected conflict discarding 17 100.0.168.192.in-addr.arpa.
ptr siemon-pc.local.

error - 3/12/2012 2:51:06 am | computer name = siemon-pc | source = sidebyside | id = 16842824
description = kan activeringscontext voor 'c:\program files\microsoft security client\msesysprep.dll'
niet maken. fout in manifest of beleidsbestand 'c:\program files\microsoft security
client\msesysprep.dll' op regel 10. het element imaging wordt weergegeven als onderliggend
element van element urn:schemas-microsoft-com:asm.v1^assembly, wat niet door deze
versie van windows wordt ondersteund.

error - 3/12/2012 10:45:55 am | computer name = siemon-pc | source = bonjour service | id = 100
description = mdnscorereceiveresponse: received from 192.168.0.100:5353 19 100.0.168.192.in-addr.arpa.
ptr siemon-pc-2.local.

error - 3/12/2012 10:45:55 am | computer name = siemon-pc | source = bonjour service | id = 100
description = mdnscorereceiveresponse: unexpected conflict discarding 17 100.0.168.192.in-addr.arpa.
ptr siemon-pc.local.

[ system events ]
error - 3/9/2012 9:35:34 am | computer name = siemon-pc | source = wmpnetworksvc | id = 866333
description =

error - 3/9/2012 9:38:37 am | computer name = siemon-pc | source = wmpnetworksvc | id = 866333
description =

error - 3/9/2012 9:41:39 am | computer name = siemon-pc | source = wmpnetworksvc | id = 866333
description =

error - 3/9/2012 9:44:42 am | computer name = siemon-pc | source = wmpnetworksvc | id = 866333
description =

error - 3/9/2012 9:47:44 am | computer name = siemon-pc | source = wmpnetworksvc | id = 866333
description =

error - 3/9/2012 10:21:50 am | computer name = siemon-pc | source = dcom | id = 10010
description =

error - 3/9/2012 10:24:02 am | computer name = siemon-pc | source = microsoft antimalware | id = 3002
description = real-timebeveiligingsonderdeel van %%860 heeft een fout aangetroffen
en is niet uitgevoerd. onderdeel: %%835 foutcode: 0x80004005 foutbeschrijving: unspecified
error reden: %%842

error - 3/9/2012 5:49:25 pm | computer name = siemon-pc | source = dcom | id = 10010
description =

error - 3/10/2012 4:11:00 am | computer name = siemon-pc | source = microsoft antimalware | id = 3002
description = real-timebeveiligingsonderdeel van %%860 heeft een fout aangetroffen
en is niet uitgevoerd. onderdeel: %%835 foutcode: 0x80004005 foutbeschrijving: unspecified
error reden: %%842

error - 3/10/2012 5:32:12 am | computer name = siemon-pc | source = dcom | id = 10010
description =


< end of report >

[/hjt]
 

Abraham54

Administrator
Team lid
Jij gebruikt twee antivirusprogramma's:
- Microsoft Security Essentials
- Avast

Advies: verwijder MSE.

Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters!

Start OTL
  • Plak de volgende (vetgedrukte, blauwe tekst) onder Custom Scans/Fixes


    :OTL

    ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\software\microsoft\internet explorer\main,start page redirect cache_timestamp = 32 94 52 75 a7 a0 cc 01 [binary data]
    ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}: "url" = http://search.babylon.com/web/{searchterms}?babsrc=sp_ss&affid=110482&mntrid=4c5 7bd8f0000000000008c89a553eaef
    ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\searchscopes\{ad22ebaf-0d18-4fc7-90cc-5ea0abbe9eb8}: "url" = http://www.daemon-search.com/search?q={searchterms}
    ie - hku\s-1-5-21-4278516006-821579388-3930517617-1000\..\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "url" = http://search.conduit.com/resultsext.aspx?q={searchterms}&searchsource=4&cti d=ct2481029

    c:\users\simon\appdata\roaming\babylon
    c:\users\simon\appdata\local\babylon
    c:\programdata\babylon

    @alternate data stream - 175 bytes -> c:\programdata\temp:58e38390



    :Services


    :Reg


    :Files


    :Commands
    [purity]

    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Klik daarna bovenaan op de knop Run Fix
  • Laat het programma ongestoord zijn werk doen.
  • De pc zal na afloop opnieuw opgestart worden.
  • Post tevens de inhoud van het OTL-scanlog
 

Siepe

Gevestigd lid
All processes killed
========== OTL ==========
ADS c:\programdata\temp:58e38390 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-SIEMON-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 287443 bytes

User: Public

User: simon
->Temp folder emptied: 186288601 bytes
->Temporary Internet Files folder emptied: 13913493 bytes
->Java cache emptied: 161758 bytes
->Google Chrome cache emptied: 251256335 bytes
->Flash cache emptied: 60209 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21951582 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 452.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-SIEMON-PC

User: Public

User: simon
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.36.3 log created on 03122012_181530

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_SIEMON-PC$\2668 not found!
File\Folder C:\Windows\temp\ib25 not found!
File\Folder C:\Windows\temp\ib26 not found!
File\Folder C:\Windows\temp\ib27 not found!

Registry entries deleted on Reboot...

---------- Bericht toegevoegd om 18:19 ---------- Vorige bericht geplaatst om 18:14 ----------

Ik heb trouwens bij google aanpassen en beheren: extra-extensies-basisinstellingen de startpagina veranderd van babylon naar google. Babylon staat nog wel in het rijtje van "zoekmachines beheren"

---------- Bericht toegevoegd om 18:30 ---------- Vorige bericht geplaatst om 18:19 ----------

Oh ja, ik had Avast even op non-actief gesteld maar hoe krijg ik 'm weer actief voordat ik MSE eraf doe? Heb al Herstel nu en start programma geprobeerd maar lukt niet...
 

Abraham54

Administrator
Team lid
Dat kan allemaal via het menu van Avast!

Stap 1
Welk programma: TDSSStarter .exe
Waarvoor/waarom: Rootkitscanner
Moeilijkheidsgraad: geen
Download TDSSStarter naar het bureaublad.

"TDSSSStarter.exe" gebruiken:
  • Sluit nu eerst alle nog openstaande programmavensters!
    • Windows 2000 en Windows XP: start het tool middels dubbelklik op " TDSSStarter .exe".
    • Windows Vista en Windows 7: start het tool middels rechtsklik op "TDSSStarter.exe" en dan kiezen voor Als Administrator uitvoeren.
  • Vervolgens zal een CMD-venster gestart worden en wanneer de scan gereed is weer automatisch sluiten.
  • Post nu de inhoud van het geopende kladblokbestand in het volgende bericht.
Stap 2
Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via n van deze locaties:
Hier zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Sluit nu eerst alle nog openstaande programmavensters!
    • Windows 2000 en Windows XP: start ComboFix.exe middels dubbelklik op ComboFix.exe.
    • Windows Vista en Windows 7: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor Als Administrator uitvoeren.
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
[info]
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Illegal operation attempted on a registery key that has been marked for deletion.
  • Start dan de computer opnieuw op.
[/info]
Stap 3
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
  • TDSSStarter-log
  • ComboFix.txt-log
 

Abraham54

Administrator
Team lid
Wil het lukken?
 

Siepe

Gevestigd lid
Sorry Abe,
Ik heb op 't moment niet zoveel tijd. Ik ga er zaterdag en/of zondag mee verder.
Groet
 
Status
Niet open voor verdere reacties.
Bovenaan Onderaan