Het is nu ma apr 21, 2014 4:56 am

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 62 berichten ]  Ga naar pagina 1, 2, 3, 4, 5  Volgende
Auteur Bericht
BerichtGeplaatst: vr okt 12, 2012 11:16 am 
Offline
Lid

Geregistreerd: za sep 15, 2012 12:58 pm
Berichten: 54
Besturingssysteem: Windows XP
Bescherming: Kaspersky Internet Security
Na het installeren van een nieuwe schijf met Windows 7, heb ik ook andere programma's er op gezet. Maar iedere keer krijg ik verschillende foutmeldingen. Bijvoorbeeld de Windows Installer werkt niet goed of bij Word zijn de omgevingsvariabelen niet helemaal in orde. Ook, wanneer ik op het Internet ga via IE9 met Google werkt deze erg traag. D.w.z. heb ik via Google een pagina gevonden en wil na het inzien weer terug naar de zoekpagina van Google duurt het erg lang om daar te komen. Ook wil de explorer wel eens vast lopen. Heeft dit ook iet te maken met Adobe Flash? Kan ik iets veranderen. Zou u voor mij s.v.p. het onderstaande logje na willen kijken?

Met vriendelijke groet,

M. Nijhof

Hier volgt mijn logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:14:55, on 12-10-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
D:\Program Files\SmartFix\SupportAgent_HCC\SupportAgent.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marion\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files (x86)\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files (x86)\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKLM\..\Run: [SupportAgent_HCC] "D:\program files\smartfix\supportagent_hcc\SupportAgent.exe"
O4 - HKLM\..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O9 - Extra button: Virtueel Toetsenbord - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Controle van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_07) -
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FighterSuiteService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12120 bytes


Omhoog
 Profiel  
 
BerichtGeplaatst: vr okt 12, 2012 8:52 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
Download AdwCleaner by Xplode naar het bureaublad.

Afbeelding

  • Sluit alle openstaande vensters.
  • Vista en Windows 7 gebruikers: Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  • Voor XP: Gewoon dubbelklikken op AdwCleaner.
  • Klik vervolgens op Verwijderen.
  • Klik bij AdwCleaner – Informatie op OK
  • Klik bij AdwCleaner – Herstarten Noodzakelijk op OK

Dat tijdens de aktie de snelkoppelingen verdwijnen, is normaal.
Nadat de PC opnieuw is opgestart, opent een logfile.
Post aansluitend de inhoud van dit log in je volgende bericht.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: za okt 13, 2012 10:32 am 
Offline
Lid

Geregistreerd: za sep 15, 2012 12:58 pm
Berichten: 54
Besturingssysteem: Windows XP
Bescherming: Kaspersky Internet Security
Hier volgt mijn logfile. Deze verscheen al voor dat ik de PC opnieuw had opgestart. Moest wel mijn Antivirus en Smartfilter uitschakelen voordat ik deze kon uitvoeren.

# AdwCleaner v2.004 - Verslag gemaakt op 13/10/2012 om 10:27:19
# Geactualiseerd op 06/10/2012 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Marion - MARION-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Marion\Downloads\adwcleaner.exe
# Optie [Zoeken]


***** [Diensten] *****


***** [Files / Mappen] *****

Map Aanwezig : C:\Program Files (x86)\BrowserCompanion
Map Aanwezig : C:\Program Files (x86)\Conduit
Map Aanwezig : C:\Program Files (x86)\DealPly
Map Aanwezig : C:\ProgramData\Babylon
Map Aanwezig : C:\ProgramData\Browser Manager
Map Aanwezig : C:\ProgramData\IBUpdaterService
Map Aanwezig : C:\Users\Marion\AppData\Local\Conduit
Map Aanwezig : C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Map Aanwezig : C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Map Aanwezig : C:\Users\Marion\AppData\LocalLow\bbrs_002.tb
Map Aanwezig : C:\Users\Marion\AppData\LocalLow\Conduit
Map Aanwezig : C:\Users\Marion\AppData\LocalLow\PriceGong
Map Aanwezig : C:\Users\Marion\AppData\Roaming\Babylon
Map Aanwezig : C:\Users\Marion\AppData\Roaming\BrowserCompanion
Map Aanwezig : C:\Users\Marion\AppData\Roaming\OpenCandy

***** [Register] *****

Data Aanwezig : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll
Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Conduit
Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Crossrider
Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\PriceGong
Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\SmartBar
Sleutel Aanwezig : HKCU\Software\bProtector
Sleutel Aanwezig : HKCU\Software\DataMngr
Sleutel Aanwezig : HKCU\Software\DealPly
Sleutel Aanwezig : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179}
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Sleutel Aanwezig : HKCU\Software\Softonic
Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Sleutel Aanwezig : HKLM\Software\Babylon
Sleutel Aanwezig : HKLM\Software\BrowserCompanion
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Sleutel Aanwezig : HKLM\Software\Conduit
Sleutel Aanwezig : HKLM\Software\DataMngr
Sleutel Aanwezig : HKLM\Software\DealPly
Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Aanwezig : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Sleutel Aanwezig : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Sleutel Aanwezig : HKU\S-1-5-21-454336999-1231512863-1852832593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Waarde Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

File : C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [8032 octets] - [13/10/2012 10:26:15]
AdwCleaner[R2].txt - [7973 octets] - [13/10/2012 10:27:19]

########## EOF - C:\AdwCleaner[R2].txt - [8033 octets] ##########


Omhoog
 Profiel  
 
BerichtGeplaatst: za okt 13, 2012 3:40 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Mooi, volgende stap.

Download ComboFix van één van deze locaties:

Link 1
Link 2


* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.




Afbeelding

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier 2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: ma okt 15, 2012 7:14 pm 
Offline
Lid

Geregistreerd: za sep 15, 2012 12:58 pm
Berichten: 54
Besturingssysteem: Windows XP
Bescherming: Kaspersky Internet Security
Ik heb het geprobeerd met ComboFix, maar dit lukt niet. Ik krijg de volgende berichten:

Pev.3EXE werkt niet meer
Change CodePage utility werkt niet meer
Free implementation of REG.EXE werkt niet meer


Hoe gaan we verder?

Met vriendelijke groet,

M. Nijhof


Omhoog
 Profiel  
 
BerichtGeplaatst: ma okt 15, 2012 8:07 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Download OTC.exe (by OldTimer)
  • Plaats het bestand op je bureaublad.
  • Zorg dat er een internetverbinding is.
  • Klik vervolgens met je rechtermuisknop op OTCleanIt.exe en kies voor Run as Administrator (Nederlands: Uitvoeren als Administrator) om het programma te starten.
  • Lukt dat niet , doen dan dubbelklikken op het icoon.
  • Klik nu op de knop "CleanUp!"
  • Als je firewall, of een ander beveiligingsprogramma, een waarschuwing geeft dat OTC.exe internettoegang wil, mag je dit toestaan, het programma heeft die connectie nodig.
  • OTC zal als laatste vragen of je de computer herstarten wilt, dit mag je toestaan, hiermee verwijdert het zichzelf ook.

Nota: Het gebruik van OTC.exe zal alle gebruikte tools(inclusief bijbehorende logs en backupmappen) van je computer doen verwijderen.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: di okt 16, 2012 10:36 am 
Offline
Lid

Geregistreerd: za sep 15, 2012 12:58 pm
Berichten: 54
Besturingssysteem: Windows XP
Bescherming: Kaspersky Internet Security
Met OTC.EXE is gebeurd. Wat nu?


Omhoog
 Profiel  
 
BerichtGeplaatst: di okt 16, 2012 11:45 am 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Download combofix opnieuw en probeer het nog eens !

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: di okt 16, 2012 2:46 pm 
Offline
Lid

Geregistreerd: za sep 15, 2012 12:58 pm
Berichten: 54
Besturingssysteem: Windows XP
Bescherming: Kaspersky Internet Security
Met OTC.EXE behandeld, daarna met Combofix. Krijg weer foutmeldingen o.a.:

Er is een uitzondering opgetreden(unknow software exception)(0xc0000417) in de toepassing op de locatie 0x7191a45e.
Pev.3EXE werkt niet meer
Hulpprogramma Find String (QGREP) werkt niet meer.

Wat nu?


Omhoog
 Profiel  
 
BerichtGeplaatst: di okt 16, 2012 7:16 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Vreemd maar we gaan het over een andere boeg gooien.

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja"
    Afbeelding
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.


  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja"
    Afbeelding
  • Als het verwijderen gereed is klikt u op de knop "View report" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: wo okt 17, 2012 2:57 pm 
Offline
Lid

Geregistreerd: za sep 15, 2012 12:58 pm
Berichten: 54
Besturingssysteem: Windows XP
Bescherming: Kaspersky Internet Security
Het programma heeft bijna 4 uur gescaned, daarna 40 objecten verwijderd, waarvan 1 met hoog risico. Tijdens dit proces kreeg ik de melding: programma reageert niet meer.

Ik heb het logbestand kunnen vinden. Zie het volgende:

Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 17-10-2012 10:37:43

Scaninstellingen:

Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
Scan archieven: Aan
ADS Scan: Aan

Scan gestart: 17-10-2012 10:38:36

c:\program files (x86)\downloadmanager Ontdekt: Trace.File.mediapipe!E1
Key: hkey_local_machine\software\classes\appid\{20edc024-43c5-423e-b7f5-fd93523e0d9f} Ontdekt: Trace.Registry.stylishprofile!E1
Key: hkey_local_machine\software\classes\appid\tdataprotocol.dll Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\appid\{ed6535e7-f778-48a5-a060-549d30024511} Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\interface\{9f0c17eb-ef2c-4278-9136-2d547656bc03} Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\interface\{9f0c17eb-ef2c-4278-9136-2d547656bc03}\proxystubclsid32 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\interface\{9f0c17eb-ef2c-4278-9136-2d547656bc03}\typelib Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\tdataprotocol.ctdata Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\tdataprotocol.ctdata\clsid Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\tdataprotocol.ctdata\curver Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\tdataprotocol.ctdata.1 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\tdataprotocol.ctdata.1\clsid Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{830b56cb-fd22-44aa-9887-7898f4f4158d} Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{830b56cb-fd22-44aa-9887-7898f4f4158d}\1.0 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{830b56cb-fd22-44aa-9887-7898f4f4158d}\1.0\0 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{830b56cb-fd22-44aa-9887-7898f4f4158d}\1.0\0\win32 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{830b56cb-fd22-44aa-9887-7898f4f4158d}\1.0\flags Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{830b56cb-fd22-44aa-9887-7898f4f4158d}\1.0\helpdir Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{955b782e-cdc8-4cee-b6f6-ad7d541a8d8a} Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{955b782e-cdc8-4cee-b6f6-ad7d541a8d8a}\1.0 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{955b782e-cdc8-4cee-b6f6-ad7d541a8d8a}\1.0\0 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{955b782e-cdc8-4cee-b6f6-ad7d541a8d8a}\1.0\0\win32 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{955b782e-cdc8-4cee-b6f6-ad7d541a8d8a}\1.0\flags Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\typelib\{955b782e-cdc8-4cee-b6f6-ad7d541a8d8a}\1.0\helpdir Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\updatebho.timerbho Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\updatebho.timerbho\clsid Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\updatebho.timerbho\curver Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\updatebho.timerbho.1 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\updatebho.timerbho.1\clsid Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\wit4ie.witbho Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\appid\wit4ie.dll Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\wit4ie.witbho\curver Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\appid\{373ed12d-b306-43ac-9485-a7c5133dc34c} Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\wit4ie.witbho.2\clsid Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{963b125b-8b21-49a2-a3a8-e37092276531} Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\wit4ie.witbho.2 Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\wit4ie.witbho\clsid Ontdekt: Trace.Registry.getstyles!E1
Key: hkey_local_machine\software\classes\appid\updatebho.dll Ontdekt: Trace.Registry.getstyles!E1
D:\System Volume Information\_restore{E0E89673-C3BC-4DB8-8A82-2C95DAAD239D}\RP289\A0134556.dll Ontdekt: Adware.Win32.Yontoo.AMN!E1
D:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi Ontdekt: Win32.SuspectCrc!E2

Gescand 756411
Gevonden 40

Scan geëindigd: 17-10-2012 14:36:58
Scantijd: 3:58:22


Hoe verder?

Met vriendelijke groet,

M.


Omhoog
 Profiel  
 
BerichtGeplaatst: wo okt 17, 2012 6:42 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Ik wil even wat dieper kijken.

Download OTL naar je Bureaublad
  • Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
  • Zet een vinkje bij Scan All Users.
  • Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
    • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
    • Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: wo okt 17, 2012 7:20 pm 
Offline
Lid

Geregistreerd: za sep 15, 2012 12:58 pm
Berichten: 54
Besturingssysteem: Windows XP
Bescherming: Kaspersky Internet Security
1e Kladblokvenster:

OTL logfile created on: 17-10-2012 19:06:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marion\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,87 Gb Total Physical Memory | 3,20 Gb Available Physical Memory | 82,60% Memory free
7,75 Gb Paging File | 6,25 Gb Available in Paging File | 80,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 45,50 Gb Free Space | 38,19% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 13,67 Gb Free Space | 5,87% Space Free | Partition Type: NTFS

Computer Name: MARION-PC | User Name: Marion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-10-17 19:05:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.com
PRC - [2012-09-18 22:50:04 | 000,216,168 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
PRC - [2012-09-18 22:49:54 | 001,201,256 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
PRC - [2012-08-17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012-08-13 14:22:08 | 001,454,184 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
PRC - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012-01-23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe
PRC - [2011-05-24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011-04-04 10:47:08 | 004,024,832 | ---- | M] (PC30 Holland) -- D:\Program Files\SmartFix\SupportAgent_HCC\SupportAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012-10-01 10:07:20 | 002,047,008 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.dll
MOD - [2012-09-28 16:30:17 | 000,963,688 | ---- | M] () -- C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll
MOD - [2012-09-28 07:57:26 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012-09-28 07:56:58 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012-09-28 07:56:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012-09-28 07:56:53 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012-09-28 07:56:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012-09-18 22:50:38 | 000,549,992 | ---- | M] () -- C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll
MOD - [2012-08-17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012-04-17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012-04-17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012-04-17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012-04-17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012-04-17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012-04-17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012-04-17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012-04-17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012-04-17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010-11-21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010-11-13 01:33:28 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-10-09 11:51:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-26 17:09:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-09-18 22:50:04 | 000,216,168 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2012-08-17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012-03-23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012-01-23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2011-05-24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011-04-26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-09-28 10:55:00 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012-09-26 14:33:59 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012-09-26 14:33:59 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012-08-13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012-08-02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012-07-28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-06-19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012-06-08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-06-25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007-07-16 21:29:34 | 000,023,064 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64fax.sys -- (HPFXFAX)
DRV:64bit: - [2007-07-16 21:29:24 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hpfx64bulk.sys -- (HPFXBULK)
DRV:64bit: - [2005-03-29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\..\SearchScopes,bProtectorDefaultScope = S-1-5-21-454336999-1231512863-1852832593-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=071012_17_4112_3&babsrc=SP_ss&mntrId=bc9bea67000000000000002215555ee7
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_nlNL503
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\..\SearchScopes\{FCDD7461-6F6B-47D0-A61C-4D3D5F6C1EE5}: "URL" = http://www.bing.com/search?q={searchTerms}&r=
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-09-26 14:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-09-26 14:25:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-09-26 14:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-09-26 14:25:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-09-26 14:25:42 | 000,000,000 | ---D | M]

[2012-10-01 10:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=110824 ... 2215555ee7
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.babylon.com/?affID=110824 ... 2215555ee7
CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5\
CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2\
CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - No CLSID value found.
O2 - BHO: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files (x86)\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SolidConverter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files (x86)\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [SupportAgent_HCC] D:\program files\smartfix\supportagent_hcc\SupportAgent.exe (PC30 Holland)
O4 - Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk = C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtueel Toetsenbord - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Controle van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: PDFill PDF Editor - {ED93D107-B43A-490e-AA5C-C5578BAAF479} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O9 - Extra Button: Virtueel Toetsenbord - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Controle van URL's - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B7B891-6962-45D7-815B-884F1CDC7134}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\chrome - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\prox - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll) - c:\ProgramData\Browser Manager\2.2.587.187\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\brwmngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-10-16 18:02:01 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-17 19:05:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.com
[2012-10-15 17:57:07 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\MAGIX Speed projecten
[2012-10-15 17:52:45 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\MAGIX Speed
[2012-10-15 14:19:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-10-15 14:19:33 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012-10-13 12:04:25 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\Video deluxe 2013
[2012-10-13 12:04:25 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\MAGIX downloads
[2012-10-13 12:04:25 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\MAGIX
[2012-10-13 12:04:25 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\MAGIX
[2012-10-13 11:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2012-10-13 11:58:28 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\simplitec
[2012-10-13 11:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec
[2012-10-13 11:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
[2012-10-13 11:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\simplitec
[2012-10-13 11:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012-10-13 11:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2012-10-12 09:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidDocuments
[2012-10-12 09:20:40 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\SolidDocuments
[2012-10-12 09:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidDocuments
[2012-10-12 09:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolidDocuments
[2012-10-12 09:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Computing
[2012-10-10 14:48:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012-10-08 17:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters Inc
[2012-10-08 17:24:09 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\GetRightToGo
[2012-10-08 17:05:26 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\Version Cue
[2012-10-08 16:53:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012-10-08 14:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012-10-08 14:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012-10-08 14:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012-10-08 14:15:19 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Musicnotes
[2012-10-08 14:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Musicnotes
[2012-10-08 14:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Musicnotes
[2012-10-08 14:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Musicnotes
[2012-10-08 14:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Musicnotes
[2012-10-06 11:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picture Resize Genius
[2012-10-06 11:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Picture Resize Genius
[2012-10-06 11:21:36 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\BrowserCompanion
[2012-10-06 11:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2012-10-05 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Foxit Software
[2012-10-05 11:29:34 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\DVDVideoSoftIEHelpers
[2012-10-04 15:59:05 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\dvdcss
[2012-10-04 15:58:44 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\vlc
[2012-10-04 15:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012-10-04 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012-10-02 16:22:56 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\Davilex Clieopbest
[2012-10-02 15:22:04 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Windows Live Writer
[2012-10-02 15:22:04 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Windows Live Writer
[2012-10-01 17:01:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012-10-01 17:00:20 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\microsoft
[2012-10-01 15:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012-10-01 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012-10-01 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012-10-01 15:17:04 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\MOVAVI
[2012-10-01 14:24:11 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\OpenCandy
[2012-10-01 14:23:18 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\DVDVideoSoft
[2012-10-01 14:04:36 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\WMTools Downloaded Files
[2012-10-01 13:23:44 | 000,000,000 | ---D | C] -- C:\Users\Marion\Tracing
[2012-10-01 13:00:19 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012-10-01 12:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012-10-01 12:58:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012-10-01 12:58:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012-10-01 12:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012-10-01 12:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012-10-01 12:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012-10-01 12:56:52 | 000,000,000 | R--D | C] -- C:\Users\Marion\SkyDrive
[2012-10-01 12:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012-10-01 12:55:40 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Windows Live
[2012-10-01 12:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012-10-01 12:41:17 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\Video Stift
[2012-10-01 11:27:52 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\Van USB Stick
[2012-10-01 10:27:08 | 000,000,000 | ---D | C] -- C:\Users\Marion\Desktop\Dierentuin
[2012-10-01 10:10:32 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012-10-01 10:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-10-01 10:07:24 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Babylon
[2012-10-01 10:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012-10-01 10:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012-10-01 10:07:21 | 000,000,000 | ---D | C] -- C:\Users\Marion\Start Menu
[2012-10-01 10:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012-10-01 10:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012-10-01 10:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012-10-01 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Htc
[2012-10-01 10:07:04 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\HTC
[2012-10-01 10:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012-10-01 10:00:37 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Downloaded Installations
[2012-10-01 10:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012-10-01 10:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012-10-01 10:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012-10-01 10:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012-09-29 12:33:54 | 000,000,000 | R--D | C] -- C:\Users\Marion\Desktop\Diverse Programma's
[2012-09-29 12:32:54 | 000,000,000 | ---D | C] -- C:\Users\Marion\.javaws
[2012-09-29 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Programs
[2012-09-29 12:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\PlotSoft
[2012-09-29 12:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlotSoft
[2012-09-29 12:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
[2012-09-29 12:18:25 | 000,000,000 | ---D | C] -- C:\Users\Marion\Scans vanaf 10.2012
[2012-09-28 16:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2012-09-28 16:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2012-09-28 16:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite
[2012-09-28 16:28:43 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Fighters
[2012-09-28 16:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012-09-28 15:38:31 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\WinZip
[2012-09-28 15:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012-09-28 15:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2012-09-28 10:52:18 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\ElevatedDiagnostics
[2012-09-27 16:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012-09-27 15:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sibelius Software
[2012-09-27 15:56:15 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Sibelius Software
[2012-09-27 15:55:46 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Neuratron
[2012-09-27 15:48:31 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012-09-27 15:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012-09-27 15:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2012-09-27 15:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neuratron PhotoScore Lite
[2012-09-27 15:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neuratron
[2012-09-27 15:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sibelius Software
[2012-09-27 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
[2012-09-27 15:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012-09-27 15:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012-09-27 09:53:26 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Diagnostics
[2012-09-27 09:49:18 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\SmartFix
[2012-09-27 09:49:18 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\SmartFix
[2012-09-27 09:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartFix
[2012-09-26 17:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012-09-26 17:19:50 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Adobe
[2012-09-26 17:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012-09-26 17:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012-09-26 17:11:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012-09-26 17:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012-09-26 17:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012-09-26 17:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012-09-26 16:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Davilex Business
[2012-09-26 16:48:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012-09-26 16:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Davilex
[2012-09-26 16:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Davilex
[2012-09-26 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Davilex Business
[2012-09-26 16:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005
[2012-09-26 16:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012-09-26 16:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012-09-26 16:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012-09-26 16:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012-09-26 15:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012-09-26 15:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012-09-26 15:07:50 | 000,000,000 | R--D | C] -- C:\Users\Marion\Desktop\Snelkoppelingen
[2012-09-26 14:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2012-09-26 14:25:54 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2012-09-26 14:25:41 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012-09-26 14:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-09-26 14:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012-09-26 14:25:34 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012-09-26 14:25:34 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012-09-26 10:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012-09-26 10:25:55 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Conduit
[2012-09-25 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Google
[2012-09-25 17:48:31 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Macromedia
[2012-09-25 17:48:30 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Adobe
[2012-09-25 17:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012-09-25 17:46:57 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Google
[2012-09-25 17:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012-09-25 17:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012-09-25 17:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012-09-25 17:46:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012-09-25 17:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012-09-25 17:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012-09-25 17:32:31 | 000,276,480 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpcc3093.DLL
[2012-09-25 17:07:04 | 000,000,000 | R--D | C] -- C:\Users\Marion\Desktop\New Look
[2012-09-25 17:05:04 | 000,000,000 | R--D | C] -- C:\Users\Marion\Desktop\JoyFul
[2012-09-25 17:04:41 | 000,000,000 | R--D | C] -- C:\Users\Marion\Desktop\Alg. Begraf. Ver
[2012-09-25 14:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012-09-25 14:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012-09-25 14:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012-09-25 14:28:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012-09-25 14:28:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012-09-25 14:26:32 | 000,000,000 | ---D | C] -- C:\Users\Marion\Documents\Outlook-bestanden
[2012-09-25 14:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012-09-25 14:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012-09-25 14:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-09-25 14:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012-09-25 14:08:08 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012-09-25 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012-09-25 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012-09-25 14:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012-09-25 14:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012-09-25 14:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012-09-25 14:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012-09-25 14:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012-09-25 14:06:16 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Microsoft Help
[2012-09-25 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012-09-25 14:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012-09-25 14:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012-09-25 14:06:03 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012-09-25 12:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012-09-25 12:27:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012-09-25 11:58:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012-09-25 11:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012-09-25 11:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012-09-25 11:34:32 | 000,000,000 | R--D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012-09-25 11:34:32 | 000,000,000 | R--D | C] -- C:\Users\Marion\Searches
[2012-09-25 11:34:32 | 000,000,000 | R--D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012-09-25 11:34:32 | 000,000,000 | -H-D | C] -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012-09-25 11:34:26 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Identities
[2012-09-25 11:34:25 | 000,000,000 | R--D | C] -- C:\Users\Marion\Contacts
[2012-09-25 11:34:25 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\VirtualStore
[2012-09-25 11:34:23 | 000,000,000 | --SD | C] -- C:\Users\Marion\AppData\Roaming\Microsoft
[2012-09-25 11:34:23 | 000,000,000 | RHSD | C] -- C:\Users\Marion\Documents\Mijn video's
[2012-09-25 11:34:23 | 000,000,000 | RHSD | C] -- C:\Users\Marion\Documents\Mijn muziek
[2012-09-25 11:34:23 | 000,000,000 | RHSD | C] -- C:\Users\Marion\Documents\Mijn afbeeldingen
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\Videos
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\Saved Games
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\Pictures
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\Music
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\Favorites
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\Downloads
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\Documents
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\Desktop
[2012-09-25 11:34:23 | 000,000,000 | R--D | C] -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\AppData\Local\Temporary Internet Files
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\Sjablonen
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\SendTo
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\Recent
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\Netwerkprinteromgeving
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\NetHood
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\Mijn documenten
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\Menu Start
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\Local Settings
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\AppData\Local\Geschiedenis
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\Cookies
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\Application Data
[2012-09-25 11:34:23 | 000,000,000 | -HSD | C] -- C:\Users\Marion\AppData\Local\Application Data
[2012-09-25 11:34:23 | 000,000,000 | -H-D | C] -- C:\Users\Marion\AppData
[2012-09-25 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Temp
[2012-09-25 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Microsoft
[2012-09-25 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Media Center Programs
[2012-09-25 11:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Sjablonen
[2012-09-25 11:34:14 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012-09-25 11:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start
[2012-09-25 11:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorieten
[2012-09-25 11:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documenten
[2012-09-25 11:34:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Bureaublad
[2012-09-25 11:34:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012-09-25 11:28:19 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012-09-25 11:28:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012-10-17 19:06:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-17 19:05:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marion\Desktop\OTL.com
[2012-10-17 18:58:07 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-17 18:58:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-10-17 17:57:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-17 15:15:29 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-10-17 15:15:29 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-10-17 15:14:46 | 001,687,912 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-10-17 15:14:46 | 000,750,990 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-10-17 15:14:46 | 000,665,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-10-17 15:14:46 | 000,151,626 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-10-17 15:14:46 | 000,124,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-10-17 15:08:16 | 3119,964,160 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-17 10:29:25 | 208,039,036 | ---- | M] () -- C:\Users\Marion\Desktop\EmsisoftEmergencyKit.zip
[2012-10-15 15:29:37 | 000,000,671 | ---- | M] () -- C:\Users\Marion\Documents\Blues Piano MasterClass Volume 1.lnk
[2012-10-15 07:44:32 | 002,484,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-10-13 12:02:54 | 000,120,200 | ---- | M] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012-10-13 12:02:36 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013.lnk
[2012-10-13 11:58:28 | 000,002,069 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
[2012-10-13 11:58:26 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\simplicheck.lnk
[2012-10-12 15:11:50 | 000,000,031 | ---- | M] () -- C:\Users\Marion\AppData\Roaming\Days5.ini
[2012-10-12 14:26:41 | 000,000,017 | ---- | M] () -- C:\Users\Marion\AppData\Local\resmon.resmoncfg
[2012-10-12 09:20:41 | 000,002,541 | ---- | M] () -- C:\Users\Public\Desktop\SolidConverterPDF.lnk
[2012-10-09 15:11:50 | 000,002,037 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012-10-06 12:16:14 | 000,002,271 | ---- | M] () -- C:\Users\Marion\Desktop\Free MP4 Video Converter.lnk
[2012-10-06 11:22:20 | 000,001,001 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Resize Genius.lnk
[2012-10-05 11:29:31 | 000,001,302 | ---- | M] () -- C:\Users\Marion\Desktop\Free YouTube Download.lnk
[2012-10-02 15:49:52 | 000,104,086 | ---- | M] () -- C:\Users\Marion\Documents\Leden.rtf
[2012-10-01 16:40:05 | 000,005,632 | ---- | M] () -- C:\Users\Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-10-01 15:40:15 | 000,002,271 | ---- | M] () -- C:\Users\Marion\Desktop\Free 3GP Video Converter.lnk
[2012-10-01 15:40:15 | 000,001,239 | ---- | M] () -- C:\Users\Marion\Desktop\DVDVideoSoft Free Studio.lnk
[2012-10-01 12:59:07 | 000,000,020 | ---- | M] () -- C:\Windows\Ðõß
[2012-10-01 12:29:02 | 002,451,588 | ---- | M] () -- C:\Users\Marion\Desktop\VIDEO0010.3gp
[2012-10-01 11:25:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012-10-01 10:07:02 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012-09-29 12:31:39 | 000,002,132 | ---- | M] () -- C:\Users\Marion\Desktop\PDFill PDF Tools (Free).lnk
[2012-09-29 12:31:39 | 000,002,118 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFill PDF Editor.lnk
[2012-09-28 10:55:00 | 000,611,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012-09-28 10:49:24 | 000,001,101 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012-09-27 16:20:23 | 001,577,016 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-09-27 15:56:29 | 000,000,604 | -H-- | M] () -- C:\Program Files (x86)\STLL Notifier
[2012-09-27 15:46:21 | 000,000,464 | ---- | M] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012-09-27 15:46:16 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Sibelius 6.lnk
[2012-09-27 15:41:24 | 000,000,222 | ---- | M] () -- C:\Users\Marion\Desktop\Inloggen Mijn ING.url
[2012-09-27 14:49:52 | 000,000,228 | ---- | M] () -- C:\Users\Marion\Desktop\RegioBank - Internet Bankieren.url
[2012-09-26 17:18:31 | 000,001,137 | ---- | M] () -- C:\Users\Marion\Desktop\Adobe Photoshop CS3.lnk
[2012-09-26 16:48:36 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Administratieve Software van Davilex.lnk
[2012-09-26 16:40:29 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Website Maker 5.lnk
[2012-09-26 14:33:59 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2012-09-26 14:33:59 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2012-09-26 10:44:46 | 000,017,408 | ---- | M] () -- C:\Users\Marion\AppData\Local\WebpageIcons.db
[2012-09-26 10:40:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-09-26 07:43:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012-09-25 17:28:31 | 000,002,975 | ---- | M] () -- C:\Users\Marion\Desktop\Word.lnk
[2012-09-25 16:20:47 | 000,000,912 | ---- | M] () -- C:\Users\Marion\Desktop\Mijn documenten.lnk
[2012-09-25 16:10:01 | 000,000,274 | ---- | M] () -- C:\Users\Marion\Desktop\Hotmail.url
[2012-09-25 12:38:48 | 000,001,425 | ---- | M] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-09-25 11:49:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012-09-25 11:49:59 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012-09-25 11:30:05 | 000,169,693 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012-09-25 11:30:05 | 000,169,693 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012-10-17 10:21:06 | 208,039,036 | ---- | C] () -- C:\Users\Marion\Desktop\EmsisoftEmergencyKit.zip
[2012-10-15 14:48:37 | 003,220,580 | ---- | C] () -- C:\Users\Marion\Desktop\15 Nummer 15.wma
[2012-10-13 12:02:36 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013.lnk
[2012-10-13 11:58:28 | 000,002,069 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
[2012-10-13 11:58:26 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\simplicheck.lnk
[2012-10-12 14:26:41 | 000,000,017 | ---- | C] () -- C:\Users\Marion\AppData\Local\resmon.resmoncfg
[2012-10-12 09:20:41 | 000,002,541 | ---- | C] () -- C:\Users\Public\Desktop\SolidConverterPDF.lnk
[2012-10-09 15:11:50 | 000,002,037 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2012-10-09 15:11:47 | 000,002,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012-10-09 15:11:47 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012-10-09 15:11:47 | 000,001,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012-10-06 13:44:58 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-06 12:16:14 | 000,002,271 | ---- | C] () -- C:\Users\Marion\Desktop\Free MP4 Video Converter.lnk
[2012-10-06 11:22:29 | 000,000,031 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\Days5.ini
[2012-10-06 11:22:20 | 000,001,001 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Picture Resize Genius.lnk
[2012-10-05 11:29:31 | 000,001,302 | ---- | C] () -- C:\Users\Marion\Desktop\Free YouTube Download.lnk
[2012-10-02 15:49:47 | 000,104,086 | ---- | C] () -- C:\Users\Marion\Documents\Leden.rtf
[2012-10-01 15:45:48 | 002,451,588 | ---- | C] () -- C:\Users\Marion\Desktop\VIDEO0010.3gp
[2012-10-01 15:40:15 | 000,002,271 | ---- | C] () -- C:\Users\Marion\Desktop\Free 3GP Video Converter.lnk
[2012-10-01 15:40:15 | 000,001,239 | ---- | C] () -- C:\Users\Marion\Desktop\DVDVideoSoft Free Studio.lnk
[2012-10-01 14:53:18 | 000,005,632 | ---- | C] () -- C:\Users\Marion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-10-01 12:59:55 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012-10-01 12:59:07 | 000,000,020 | ---- | C] () -- C:\Windows\Ðõß
[2012-10-01 12:59:00 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012-10-01 12:58:57 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012-10-01 12:56:52 | 000,002,180 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012-10-01 11:25:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012-10-01 10:07:02 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012-09-29 12:35:12 | 000,002,132 | ---- | C] () -- C:\Users\Marion\Desktop\PDFill PDF Tools (Free).lnk
[2012-09-29 12:31:39 | 000,002,118 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\PDFill PDF Editor.lnk
[2012-09-27 15:56:29 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2012-09-27 15:46:16 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Sibelius 6.lnk
[2012-09-27 15:45:55 | 000,000,464 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012-09-27 15:41:23 | 000,000,222 | ---- | C] () -- C:\Users\Marion\Desktop\Inloggen Mijn ING.url
[2012-09-27 14:49:51 | 000,000,228 | ---- | C] () -- C:\Users\Marion\Desktop\RegioBank - Internet Bankieren.url
[2012-09-26 17:18:31 | 000,001,137 | ---- | C] () -- C:\Users\Marion\Desktop\Adobe Photoshop CS3.lnk
[2012-09-26 17:15:53 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012-09-26 17:14:14 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012-09-26 17:13:08 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012-09-26 17:12:56 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012-09-26 17:11:04 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012-09-26 16:48:36 | 000,002,190 | ---- | C] () -- C:\Users\Public\Desktop\Administratieve Software van Davilex.lnk
[2012-09-26 16:40:29 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Website Maker 5.lnk
[2012-09-26 10:44:46 | 000,017,408 | ---- | C] () -- C:\Users\Marion\AppData\Local\WebpageIcons.db
[2012-09-26 07:43:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012-09-25 17:47:01 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-25 17:47:01 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-25 17:28:31 | 000,002,975 | ---- | C] () -- C:\Users\Marion\Desktop\Word.lnk
[2012-09-25 16:20:47 | 000,000,912 | ---- | C] () -- C:\Users\Marion\Desktop\Mijn documenten.lnk
[2012-09-25 16:10:01 | 000,000,274 | ---- | C] () -- C:\Users\Marion\Desktop\Hotmail.url
[2012-09-25 14:26:58 | 000,001,101 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012-09-25 12:41:05 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012-09-25 12:40:03 | 001,577,016 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-09-25 12:38:48 | 000,001,425 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-09-25 11:49:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012-09-25 11:49:59 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012-09-25 11:34:37 | 000,001,397 | ---- | C] () -- C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012-09-25 11:34:23 | 000,000,290 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012-09-25 11:34:23 | 000,000,272 | ---- | C] () -- C:\Users\Marion\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012-09-25 11:29:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012-09-25 11:29:51 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012-09-25 11:28:09 | 3119,964,160 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-10-01 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Babylon
[2012-10-11 13:34:49 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\BrowserCompanion
[2012-10-06 12:16:13 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DVDVideoSoft
[2012-10-05 11:29:34 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\DVDVideoSoftIEHelpers
[2012-09-28 16:30:09 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Fighters
[2012-10-05 11:51:12 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Foxit Software
[2012-10-11 10:33:53 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\GetRightToGo
[2012-10-01 10:07:20 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\HTC
[2012-10-01 10:10:32 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012-10-13 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\MAGIX
[2012-10-01 15:18:58 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\MOVAVI
[2012-10-08 14:15:19 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Musicnotes
[2012-09-27 15:55:46 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Neuratron
[2012-10-01 14:24:11 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\OpenCandy
[2012-10-13 11:58:28 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\simplitec
[2012-09-27 09:49:18 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\SmartFix
[2012-10-12 09:20:40 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\SolidDocuments
[2012-10-04 16:43:34 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Marion\Documents\Wondershare PDF 2 Word Converter:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marion\Desktop\New Look:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Marion\Desktop\15 Nummer 15.wma:Roxio EMC Stream
< End of report >
dblokvesnter:


Omhoog
 Profiel  
 
BerichtGeplaatst: wo okt 17, 2012 7:22 pm 
Offline
Lid

Geregistreerd: za sep 15, 2012 12:58 pm
Berichten: 54
Besturingssysteem: Windows XP
Bescherming: Kaspersky Internet Security
2e Kladblokvenster:


OTL Extras logfile created on: 17-10-2012 19:06:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marion\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,87 Gb Total Physical Memory | 3,20 Gb Available Physical Memory | 82,60% Memory free
7,75 Gb Paging File | 6,25 Gb Available in Paging File | 80,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 45,50 Gb Free Space | 38,19% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 13,67 Gb Free Space | 5,87% Space Free | Partition Type: NTFS

Computer Name: MARION-PC | User Name: Marion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-454336999-1231512863-1852832593-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020CB03F-EC3B-4D27-B870-66ECF4926CCA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{03E6B1BA-83A4-485E-AA8D-E38D808C0954}" = rport=137 | protocol=17 | dir=out | app=system |
"{1B6ABEBA-50CB-4C18-AF1F-BE1EAF35057F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A7220F4-A07B-4FE1-90D0-5C26F0AA04F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CF9616C-183D-4A93-9C86-F63658373654}" = rport=139 | protocol=6 | dir=out | app=system |
"{34C06F97-5F8F-4AD2-AD0E-929FD8099209}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DBC4168-9DC2-497D-ACED-67A584A063EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4FC5EFD0-FE0F-4ABA-864D-94F035EC60FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{76DB9424-4F49-46D6-AAFF-AE06372DA154}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7704ED9E-23C2-43FC-86E2-B8EF7875487B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{774DA10B-A4FF-4DC1-A07F-5413B375CD45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79905C95-537E-42A5-9B94-0818DFAF8535}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79B57705-82E2-439F-9D92-B9D8EE4A04C2}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B71CA74-7203-41DD-9DA9-B2C2C8D40AE4}" = lport=138 | protocol=17 | dir=in | app=system |
"{8CA38F87-4723-499B-ACD4-247EC93E115B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E1EBFDF-4402-4E67-85A8-58828D4B126E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0132205-48C5-45E3-B99B-67EC7ED4D46C}" = lport=139 | protocol=6 | dir=in | app=system |
"{ACC770CC-8435-4686-9BF1-B0C390E66F00}" = rport=445 | protocol=6 | dir=out | app=system |
"{ADD54E59-777D-43F1-9CA5-94A835A09ED2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C4523058-3663-47CF-972F-917E8B1CD551}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D60925CB-E2A2-4A45-AA5B-B802D00D8EEB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D8FC465F-8749-45D9-826B-F7FE01989A38}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E08CFD6F-7384-4D3C-8A39-9109E0BBC7F9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EA542774-FC6D-4B86-8680-2D2D68BA3CF9}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA33607B-AE90-4BC5-9ABC-8504A37D3B51}" = lport=137 | protocol=17 | dir=in | app=system |
"{FFA8BA9B-CFA7-4C31-952F-BCB094637431}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11853CBE-6781-4B6A-A54D-BFBEC576BBCA}" = protocol=6 | dir=out | app=system |
"{158099B4-C684-4481-B9C2-4630B0437181}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EF0D59B-CA83-4B4D-9D8E-AC2241C58491}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E4C6F1A-AF02-4BEE-B5A4-0007C9B071BD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2E9E2C89-F267-4AD9-A776-6BF85DEEA4A4}" = dir=in | app=c:\users\marion\appdata\local\microsoft\skydrive\skydrive.exe |
"{341D7D26-FB42-45DA-9462-E0B4188B4A75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46810CB7-1F02-40AE-8280-CA0B730BCAE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{526866E9-8F1D-483C-8BD7-54D102A9388B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5B967053-B661-4B97-84FB-FCF866E92734}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{64B9AFF8-FEF8-4DCA-8674-30A672253D47}" = protocol=6 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\regtool.exe |
"{6A5E2CA8-A7AA-4394-B04E-6144A67C34D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6A7208FF-7F8D-41D3-BFD4-B8EA3E3DD01F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A879A37-7345-4D0E-9227-E916B99B9737}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B22FF07-B4A3-46C1-BB3C-1A33D9762E60}" = protocol=6 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\sibelius.exe |
"{72BFCCCB-71C4-4DFC-A463-BB8CDCDB82B7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81D7CC86-83C7-4F66-84FA-0603D3EE3D92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F0CBC64-E776-4DF5-90BE-585FF198C068}" = protocol=17 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\regtool.exe |
"{91D701B7-C8FC-4B6F-9BFB-731C0E76BD02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92887606-2BC5-4D14-BC94-C6586729133F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{995BDC63-44B0-4CE7-83F2-F28D80FBBD6A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9DF5776F-F2CE-4AA5-948E-AAF3E19F7EDD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B170263F-5709-420A-AE90-471F9E851CBD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BB311B87-2380-4487-B25A-7D223F6CB1E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D9F6D064-1A2D-4748-ABE4-EB7879303D24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBDBDD3C-B754-443E-8B29-17566425C8CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0AF17A1-4A4E-4A5F-945B-8F390207BA02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0B6526B-A51E-4916-B28E-46C6D59FFAD3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1741287-11B1-44D2-B9F9-9A2D23CC7BBF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F28FA1D1-C7DF-462F-A4D8-7D6E415C7F04}" = protocol=17 | dir=in | app=c:\program files (x86)\sibelius software\sibelius 6\sibelius.exe |
"{F789A638-85DC-49E8-8F60-BFCDE824354E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611B3CC-B5DB-4B93-ACE4-97B8F938E6B7}" = 64 Bit HP CIO Components Installer
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C73E551-5AFA-42EE-B76E-64821590BCD3}" = MAGIX Video deluxe 2013
"{8F8CE323-4DF2-4F21-B964-661A6E7D944F}" = MAGIX Speed burnR (MSI)
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0413-1000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0413-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0413-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0413-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0413-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0413-1000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-1000-0000000FF1CE}_Office14.PROPLUS_{AA4240DC-855A-477B-8E38-89FBC16056E3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0413-1000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F6144043-F441-49EE-BC99-ECAAFD3C3A65}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0413-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Dutch) 2010
"{90140000-0043-0413-1000-0000000FF1CE}_Office14.PROPLUS_{ACB44C8D-AA50-44D2-B1DC-408A7F215FA2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0413-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-0044-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0413-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0413-1000-0000000FF1CE}_Office14.PROPLUS_{BA6AF386-8886-4907-8CDF-BE7B7071944A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0413-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0413-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-00BA-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
"{95140000-0081-0413-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bits
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AA59D7-B92D-4A06-8D06-0596081C0E68}" = Photo Gallery
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AE414B5-7FE6-49A3-93C8-D864162CDEBC}" = Windows Live UX Platform Language Pack
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition
"{318BE0A5-2BEC-4298-A5BF-E41C22AC4A37}" = SPAMfighter
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{37EF63D9-3E31-45A9-A90F-BDE07CE88095}" = Sibelius Scorch (all browsers)
"{38547BC2-D932-4D3D-88DB-B0C33A34B469}" = Windows Live Messenger
"{3B42DE10-B7AC-44C3-9040-996469B3272B}" = MAGIX Website Maker 5
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{420FFB19-8AA9-4199-B5AD-CD52E49451CE}" = simplitec simplicheck
"{43475DF9-3F29-4C45-9045-BDCEF39C17E8}" = Windows Live Writer
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{60ADEF86-A867-47A0-9C8E-9B7E2AB3F87C}" = Windows Live Writer Resources
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{698ED639-3A26-49EF-B1EF-CD89CB97C778}" = Windows Live Essentials
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BF29613-DEEF-44BA-93C1-431B9723041C}" = Windows Live Mail
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73954A36-638C-4052-91BF-3FB59948B301}" = Windows Live Family Safety
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CCDB7ADB-1643-4C30-B39D-1562CFE51420}" = Movie Maker
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D77A6FED-256C-4E2F-9873-59C92C854A4E}" = Photo Common
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E475F460-DA74-4E7E-9941-64E5856F4214}" = Administratieve Software van Davilex
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"DealPly" = DealPly
"Foxit Reader_is1" = Foxit Reader
"Free 3D Video Maker_is1" = Free 3D Video Maker version 1.1.8.903
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.17.903
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.18.1005
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"GPL Ghostscript 8.56" = GPL Ghostscript 8.56
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"InstallShield_{E475F460-DA74-4E7E-9941-64E5856F4214}" = Administratieve Software van Davilex
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MAGIX_{8C73E551-5AFA-42EE-B76E-64821590BCD3}" = MAGIX Video deluxe 2013
"MAGIX_{8F8CE323-4DF2-4F21-B964-661A6E7D944F}" = MAGIX Speed burnR (MSI)
"MAGIX_MSI_Website_Maker_5" = MAGIX Website Maker 5
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.7.2
"Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
"Picture Resize Genius_is1" = Picture Resize Genius 2.9.9
"SPAMfighter" = SPAMfighter
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-454336999-1231512863-1852832593-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16-10-2012 5:08:23 | Computer Name = Marion-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 16-10-2012 5:08:27 | Computer Name = Marion-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 16-10-2012 8:09:03 | Computer Name = Marion-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: ComboFix.exe, versie: 12.10.16.2, tijdstempel:
0x4b1ae3c6 Naam van module met fout: brwmngr.dll, versie: 2.2.587.187, tijdstempel:
0x5035e1e9 Uitzonderingscode: 0xc0000417 Foutoffset: 0x0011a45e Id van proces met
fout: 0x1774 Starttijd van toepassing met fout: 0x01cdab9704ffc9c0 Pad naar toepassing
met fout: C:\Users\Marion\Desktop\ComboFix.exe Pad naar module met fout: c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll
Rapport-id:
460543a0-178a-11e2-b343-002215555ee7

Error - 16-10-2012 8:09:25 | Computer Name = Marion-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: ERUNT.3XE, versie: 0.0.0.0, tijdstempel:
0x2a425e19 Naam van module met fout: brwmngr.dll, versie: 2.2.587.187, tijdstempel:
0x5035e1e9 Uitzonderingscode: 0xc0000417 Foutoffset: 0x0011a45e Id van proces met
fout: 0x14d4 Starttijd van toepassing met fout: 0x01cdab9712e3d180 Pad naar toepassing
met fout: C:\32788R22FWJFW\ERUNT.3XE Pad naar module met fout: c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll
Rapport-id:
539399e0-178a-11e2-b343-002215555ee7

Error - 16-10-2012 8:09:42 | Computer Name = Marion-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: WerFault.exe, versie: 6.1.7600.16385,
tijdstempel: 0x4a5bc2d9 Naam van module met fout: brwmngr.dll, versie: 2.2.587.187,
tijdstempel: 0x5035e1e9 Uitzonderingscode: 0xc0000417 Foutoffset: 0x0011a45e Id van
proces met fout: 0x12f0 Starttijd van toepassing met fout: 0x01cdab971aae91c0 Pad
naar toepassing met fout: C:\Windows\SysWOW64\WerFault.exe Pad naar module met fout:
c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll Rapport-id: 5d276220-178a-11e2-b343-002215555ee7

Error - 16-10-2012 8:09:55 | Computer Name = Marion-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: cmd.exe, versie: 6.1.7601.17514, tijdstempel:
0x4ce78e2b Naam van module met fout: brwmngr.dll, versie: 2.2.587.187, tijdstempel:
0x5035e1e9 Uitzonderingscode: 0xc0000417 Foutoffset: 0x0011a45e Id van proces met
fout: 0x1200 Starttijd van toepassing met fout: 0x01cdab9722795200 Pad naar toepassing
met fout: C:\Windows\SysWOW64\cmd.exe Pad naar module met fout: c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll
Rapport-id:
6521bde0-178a-11e2-b343-002215555ee7

Error - 16-10-2012 8:10:42 | Computer Name = Marion-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: NirCmd.3XE, versie: 2.3.5.189, tijdstempel:
0x49ec5532 Naam van module met fout: brwmngr.dll, versie: 2.2.587.187, tijdstempel:
0x5035e1e9 Uitzonderingscode: 0xc0000417 Foutoffset: 0x0011a45e Id van proces met
fout: 0x15b4 Starttijd van toepassing met fout: 0x01cdab973ea6a360 Pad naar toepassing
met fout: C:\32788R22FWJFW\NirCmd.3XE Pad naar module met fout: c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll
Rapport-id:
814a4c80-178a-11e2-b343-002215555ee7

Error - 16-10-2012 8:10:56 | Computer Name = Marion-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: cmd.exe, versie: 6.1.7601.17514, tijdstempel:
0x4ce78e2b Naam van module met fout: brwmngr.dll, versie: 2.2.587.187, tijdstempel:
0x5035e1e9 Uitzonderingscode: 0xc0000417 Foutoffset: 0x0011a45e Id van proces met
fout: 0x2dc Starttijd van toepassing met fout: 0x01cdab9748a0c6c0 Pad naar toepassing
met fout: C:\Windows\SysWOW64\cmd.exe Pad naar module met fout: c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll
Rapport-id:
8952f080-178a-11e2-b343-002215555ee7

Error - 16-10-2012 8:11:06 | Computer Name = Marion-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: cmd.3XE, versie: 6.1.7601.17514, tijdstempel:
0x4ce78e2b Naam van module met fout: brwmngr.dll, versie: 2.2.587.187, tijdstempel:
0x5035e1e9 Uitzonderingscode: 0xc0000417 Foutoffset: 0x0011a45e Id van proces met
fout: 0x7a8 Starttijd van toepassing met fout: 0x01cdab974ec89500 Pad naar toepassing
met fout: C:\32788R22FWJFW\cmd.3XE Pad naar module met fout: c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll
Rapport-id:
8f81e2e0-178a-11e2-b343-002215555ee7

Error - 16-10-2012 8:11:21 | Computer Name = Marion-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Hidec.3XE, versie: 0.0.0.0, tijdstempel:
0x42c12411 Naam van module met fout: brwmngr.dll, versie: 2.2.587.187, tijdstempel:
0x5035e1e9 Uitzonderingscode: 0xc0000417 Foutoffset: 0x0011a45e Id van proces met
fout: 0x1628 Starttijd van toepassing met fout: 0x01cdab9758090d20 Pad naar toepassing
met fout: C:\32788R22FWJFW\Hidec.3XE Pad naar module met fout: c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll
Rapport-id:
98b8d580-178a-11e2-b343-002215555ee7

[ Media Center Events ]
Error - 15-10-2012 1:49:27 | Computer Name = Marion-PC | Source = MCUpdate | ID = 0
Description = 7:49:27 - Fout bij verbinden met internet. 7:49:27 - Kan geen contact
maken met server..

Error - 15-10-2012 1:50:17 | Computer Name = Marion-PC | Source = MCUpdate | ID = 0
Description = 7:50:14 - Fout bij verbinden met internet. 7:50:14 - Kan geen contact
maken met server..

Error - 15-10-2012 2:51:06 | Computer Name = Marion-PC | Source = MCUpdate | ID = 0
Description = 8:51:06 - Fout bij verbinden met internet. 8:51:06 - Kan geen contact
maken met server..

Error - 15-10-2012 2:51:54 | Computer Name = Marion-PC | Source = MCUpdate | ID = 0
Description = 8:51:54 - Fout bij verbinden met internet. 8:51:54 - Kan geen contact
maken met server..

[ System Events ]
Error - 16-10-2012 4:34:44 | Computer Name = Marion-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Er is een onherstelbare hardwarefout opgetreden. Gerapporteerd door
onderdeel: Processorcore Foutbron: 3 Fouttype: 256 Processor-id: 1 Zie de detailweergave
van deze vermelding voor aanvullende informatie.

Error - 16-10-2012 4:34:44 | Computer Name = Marion-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Er is een onherstelbare hardwarefout opgetreden. Gerapporteerd door
onderdeel: Processorcore Foutbron: 3 Fouttype: 256 Processor-id: 1 Zie de detailweergave
van deze vermelding voor aanvullende informatie.

Error - 16-10-2012 8:12:32 | Computer Name = Marion-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Er is een onherstelbare hardwarefout opgetreden. Gerapporteerd door
onderdeel: Processorcore Foutbron: 3 Fouttype: 256 Processor-id: 1 Zie de detailweergave
van deze vermelding voor aanvullende informatie.

Error - 16-10-2012 8:12:32 | Computer Name = Marion-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Er is een onherstelbare hardwarefout opgetreden. Gerapporteerd door
onderdeel: Processorcore Foutbron: 3 Fouttype: 256 Processor-id: 1 Zie de detailweergave
van deze vermelding voor aanvullende informatie.

Error - 17-10-2012 1:37:32 | Computer Name = Marion-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Er is een onherstelbare hardwarefout opgetreden. Gerapporteerd door
onderdeel: Processorcore Foutbron: 3 Fouttype: 256 Processor-id: 1 Zie de detailweergave
van deze vermelding voor aanvullende informatie.

Error - 17-10-2012 1:37:32 | Computer Name = Marion-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Er is een onherstelbare hardwarefout opgetreden. Gerapporteerd door
onderdeel: Processorcore Foutbron: 3 Fouttype: 256 Processor-id: 1 Zie de detailweergave
van deze vermelding voor aanvullende informatie.

Error - 17-10-2012 6:11:54 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: lmhosts.

Error - 17-10-2012 6:11:55 | Computer Name = Marion-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: Netman.

Error - 17-10-2012 9:08:27 | Computer Name = Marion-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Er is een onherstelbare hardwarefout opgetreden. Gerapporteerd door
onderdeel: Processorcore Foutbron: 3 Fouttype: 256 Processor-id: 1 Zie de detailweergave
van deze vermelding voor aanvullende informatie.

Error - 17-10-2012 9:08:27 | Computer Name = Marion-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Er is een onherstelbare hardwarefout opgetreden. Gerapporteerd door
onderdeel: Processorcore Foutbron: 3 Fouttype: 256 Processor-id: 1 Zie de detailweergave
van deze vermelding voor aanvullende informatie.


< End of report >


Omhoog
 Profiel  
 
BerichtGeplaatst: wo okt 17, 2012 7:34 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33163
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Start OTL
  • Plak het volgende onder Custom Scans/Fixes

    Citaat:

    :Commands
    [createrestorepoint]
    :OTL
    IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-454336999-1231512863-1852832593-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110824&tt=071012_17_4112_3&babsrc=SP_ss&mntrId=bc9bea67000000000000002215555ee7
    CHR - homepage: http://search.babylon.com/?affID=110824 ... 2215555ee7
    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://search.babylon.com/?affID=110824 ... 2215555ee7
    CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5\
    CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
    CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2\
    CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
    CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
    CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
    CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
    CHR - Extension: No name found = C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
    O2 - BHO: (no name) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
    O18:64bit: - Protocol\Handler\base64 - No CLSID value found
    O18:64bit: - Protocol\Handler\chrome - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\prox - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\base64 - No CLSID value found
    O18 - Protocol\Handler\chrome - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\prox - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012-10-01 10:07:24 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Roaming\Babylon
    [2012-10-01 10:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012-09-26 10:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012-09-26 10:25:55 | 000,000,000 | ---D | C] -- C:\Users\Marion\AppData\Local\Conduit
    [2012-10-01 12:59:07 | 000,000,020 | ---- | M] () -- C:\Windows\Ðõß
    [2012-10-01 10:07:24 | 000,000,000 | ---D | M] -- C:\Users\Marion\AppData\Roaming\Babylon

    :Services

    :Reg

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [reboot]


  • Klik daarna bovenaan op de knop Run Fix
  • Laat het programma ongestoord zijn werk doen. De pc zal na afloop opnieuw opgestart worden.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 62 berichten ]  Ga naar pagina 1, 2, 3, 4, 5  Volgende

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Bing [Bot] en 1 gast


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
cron
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling