Polizei theo

    Polizei theo

    Ik kreeg enkele dagen geleden eenmalig dat Bundespolizei scherm dat alles blokkeerde, ondertussen scande ik met Windows Security essentials en nu zoals obsessed beschreef hier de log van de Hijack
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:09:49, on 19/03/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\DOS2USB\elSVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBT ip.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\\Updater\Updater.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
    C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\Administrator\Sjablonen\18771_7937\npkusv c.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Documents and Settings\Administrator\Sjablonen\npmon.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\\GenericAskToolbar.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\Administrator\Application Data\Complitly\Complitly.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBT ip.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\\Updater\Updater.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUISta rtMenu.exe" "C:\Program Files\CyberLink\PowerDirector10" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\10.0"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKCU\..\Run: [EPSON S22 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIG EE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-1177238915-152049171-1547161642-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1177238915-152049171-1547161642-1004\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'UpdatusUser')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} -;EN-US;KBHOWTO (file missing)
    O9 - Extra 'Tools' menuitem: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} -;EN-US;KBHOWTO (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: elAPI - Service Server (elAPIsvc) - Unknown owner - C:\Program Files\DOS2USB\elSVC.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: npkusvc - MGB - C:\Documents and Settings\Administrator\Sjablonen\18771_7937\npkusv c.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    End of file - 13740 bytes

    Malaware 1
    Malwarebytes Anti-Malware (-evaluatieversie-)
    Databaseversie: v2012.03.19.02
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: UNATTEND-B7D527 [administrator]
    Realtime bescherming: Ingeschakeld
    19/03/2012 14:10:33
    mbam-log-2012-03-19 (14-10-33).txt
    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 216914
    Verstreken tijd: 12 minuut/minuten, 8 seconde
    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Registerwaarden gedetecteerd: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Succesvol in quarantaine geplaatst en verwijderd.
    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)
    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mal aware 2
    2012/03/19 14:10:04 +0100 UNATTEND-B7D527 Administrator MESSAGE Starting protection
    2012/03/19 14:10:12 +0100 UNATTEND-B7D527 Administrator MESSAGE Protection started successfully
    2012/03/19 14:10:15 +0100 UNATTEND-B7D527 Administrator MESSAGE Starting IP protection
    2012/03/19 14:10:29 +0100 UNATTEND-B7D527 Administrator MESSAGE IP Protection started successfully
    2012/03/19 14:25:54 +0100 UNATTEND-B7D527 Administrator MESSAGE Executing scheduled update: Daily
    2012/03/19 14:25:54 +0100 UNATTEND-B7D527 Administrator MESSAGE Database already up-to-date
    2012/03/19 15:42:11 +0100 UNATTEND-B7D527 Administrator MESSAGE Starting protection
    2012/03/19 15:42:34 +0100 UNATTEND-B7D527 Administrator MESSAGE Protection started successfully
    2012/03/19 15:42:37 +0100 UNATTEND-B7D527 Administrator MESSAGE Starting IP protection
    2012/03/19 15:42:49 +0100 UNATTEND-B7D527 Administrator MESSAGE IP Protection started successfully
    2012/03/19 16:55:22 +0100 UNATTEND-B7D527 MESSAGE Starting protection
    2012/03/19 16:55:37 +0100 UNATTEND-B7D527 MESSAGE Protection started successfully
    2012/03/19 16:55:40 +0100 UNATTEND-B7D527 MESSAGE Starting IP protection
    2012/03/19 16:56:18 +0100 UNATTEND-B7D527 Administrator MESSAGE IP Protection started successfully

    Download OTL naar je Bureaublad
    • Dubbelklik op om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
    • Zet een vinkje bij Scan All Users.
    • Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
      • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
      • Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

    Graag toch twee vraagjes:
    1) is er iets in mijn logjes dat been exdtra behandeling nodig maakt? Een patient weet dat graag en leert zo iets bij.
    2) Is dat OTL zoveel beter dat het de problemen oplost die malware enz. die obsessed aanraadde, niet vond oplost? Waarom start men daar dan niet mee

    OTL logfile created on: 20/03/2012 10:01:23 - Run 1
    OTL by OldTimer - Version Folder = C:\Documents and Settings\Administrator\Bureaublad
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

    2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,49% Memory free
    3,85 Gb Paging File | 3,07 Gb Available in Paging File | 79,69% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97,43 Gb Total Space | 61,74 Gb Free Space | 63,37% Space Free | Partition Type: NTFS
    Drive D: | 74,52 Gb Total Space | 68,12 Gb Free Space | 91,41% Space Free | Partition Type: NTFS
    Drive H: | 55,23 Gb Total Space | 35,67 Gb Free Space | 64,59% Space Free | Partition Type: NTFS

    Computer Name: UNATTEND-B7D527 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/20 09:59:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\
    PRC - [2012/03/20 09:44:38 | 001,431,160 | ---- | M] (Phoenix Studio) -- C:\Documents and Settings\Administrator\Sjablonen\npmon.exe
    PRC - [2012/03/20 09:43:33 | 001,822,208 | ---- | M] () -- C:\WINDOWS\system32\destract.exe
    PRC - [2012/02/05 15:17:19 | 003,564,032 | ---- | M] (MGB) -- C:\Documents and Settings\Administrator\Sjablonen\18771_7937\npkusv c.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\\Updater\Updater.exe
    PRC - [2011/10/08 05:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/09/21 10:26:30 | 015,759,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    PRC - [2011/07/21 23:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/03/23 14:02:38 | 000,045,056 | ---- | M] () -- C:\Program Files\DOS2USB\elsvc.exe
    PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2008/09/23 13:00:00 | 001,701,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/09/23 13:00:00 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
    PRC - [2007/06/01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    PRC - [2007/04/16 21:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2007/02/20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    PRC - [2006/10/05 20:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
    PRC - [2004/03/05 00:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
    PRC - [2004/02/13 14:37:00 | 000,094,208 | ---- | M] (Jetsoft Development Company) -- C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
    PRC - [2004/02/13 14:07:00 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
    PRC - [2002/01/23 10:20:16 | 000,675,840 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

    ========== Modules (No Company Name) ==========

    MOD - [2012/03/20 09:43:33 | 001,822,208 | ---- | M] () -- C:\WINDOWS\system32\destract.exe
    MOD - [2012/01/03 14:10:50 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
    MOD - [2010/03/23 14:02:38 | 000,045,056 | ---- | M] () -- C:\Program Files\DOS2USB\elsvc.exe
    MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    MOD - [2008/09/23 13:00:00 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2008/09/23 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/03/23 00:01:42 | 000,026,576 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vshell32.dll
    MOD - [2008/03/23 00:01:40 | 000,040,400 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vuser32.dll
    MOD - [2008/03/23 00:01:40 | 000,011,216 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vuxtheme.dll
    MOD - [2008/03/23 00:01:36 | 000,082,384 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vntdll.dll
    MOD - [2008/03/23 00:01:36 | 000,058,320 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vkernel32.dll
    MOD - [2008/03/23 00:01:34 | 000,019,920 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vmsvcrt.dll
    MOD - [2008/03/23 00:01:32 | 000,046,032 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vadvapi32.dll
    MOD - [2008/03/23 00:01:30 | 000,047,056 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vgdiplus.dll
    MOD - [2008/03/23 00:01:30 | 000,008,144 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vdwmapi.dll
    MOD - [2008/03/23 00:00:36 | 000,096,208 | ---- | M] () -- C:\Program Files\Alky for Applications\Libraries\vcomctl32.dll
    MOD - [2007/02/16 17:40:42 | 005,521,408 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
    MOD - [2007/02/16 17:40:40 | 001,466,368 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
    MOD - [2006/10/05 20:56:28 | 000,280,779 | ---- | M] () -- C:\WINDOWS\VistaDrive\VistaDrive.exe
    MOD - [2004/02/04 15:27:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
    MOD - [2003/12/05 15:42:00 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBVPP5C .DLL

    ========== Win32 Services (SafeList) ==========

    SRV - [2012/02/20 17:40:19 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
    SRV - [2012/02/05 15:17:19 | 003,564,032 | ---- | M] (MGB) [Auto | Running] -- C:\Documents and Settings\Administrator\Sjablonen\18771_7937\npkusv c.exe -- (npkusvc)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/10/08 05:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/03/23 14:02:38 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\DOS2USB\elsvc.exe -- (elAPIsvc)
    SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
    SRV - [2004/03/05 00:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/02/07 15:39:29 | 000,057,136 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2012/02/07 15:39:29 | 000,023,721 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2012/02/04 20:30:57 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
    DRV - [2012/02/01 18:29:51 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/11/12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2008/05/02 05:15:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2008/01/24 22:36:16 | 004,127,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2007/11/21 00:09:22 | 000,104,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
    DRV - [2002/03/19 10:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
    DRV - [2002/01/23 10:40:30 | 000,206,208 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
    DRV - [2002/01/23 10:38:54 | 000,233,984 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
    DRV - [2002/01/23 10:30:30 | 000,024,470 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2002/01/23 10:30:20 | 000,024,918 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2002/01/23 10:30:10 | 000,107,430 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [1997/06/17 04:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope = {510FA35A-407D-4A72-A5E4-29A0926A1088}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =}
    IE - HKLM\..\SearchScopes\{510FA35A-407D-4A72-A5E4-29A0926A1088}: "URL" ={sear...}&sourceid=ie7

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 45 E1 91 CA 01 CD 01 [binary data]
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =}
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" ={search...00000c6ee2e2cd
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes\{510FA35A-407D-4A72-A5E4-29A0926A1088}: "URL" ={sear...}&sourceid=ie7
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes\{C09ED1D4-B134-4F60-8B26-5E6FF788D1F7}: "URL" =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes\{F4DB6E09-0970-41F1-9C8C-0F2D864EBBAE}: "URL" =
    IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\Software\Microsoft\Windows\CurrentVersion\Inte rnet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - ""
    FF - ""
    FF - ""
    FF - ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\ C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\ Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/04 11:32:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/03/04 11:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2012/03/04 11:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/02/16 16:12:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/16 11:53:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/16 11:58:11 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
    [2012/02/16 11:58:11 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
    [2012/02/16 11:58:11 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
    CHR - Extension: Ask Toolbar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaakfopmidbfddimafofbdn gbkidf\\

    O1 HOSTS File: ([2008/09/23 13:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Documents and Settings\Administrator\Application Data\Complitly\Complitly.dll (SimplyGen)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
    O4 - HKLM..\Run: [Lexmark 2200 Series] C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUISta rtMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
    O4 - HKLM..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe ()
    O4 - HKU\.DEFAULT..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe File not found
    O4 - HKU\S-1-5-18..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe File not found
    O4 - HKU\S-1-5-19..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe File not found
    O4 - HKU\S-1-5-20..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe File not found
    O4 - HKU\S-1-5-21-1177238915-152049171-1547161642-1004..\Run: [SkinClock] C:\Program Files\Desktop Tray Clock\DTClock.exe File not found
    O4 - HKU\S-1-5-21-1177238915-152049171-1547161642-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKU\S-1-5-21-1177238915-152049171-1547161642-500..\Run: [EPSON S22 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIG EE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-1177238915-152049171-1547161642-500..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O4 - HKU\S-1-5-21-1177238915-152049171-1547161642-1004..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRemoteRecursiveEvents = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Inspirat\Inspirat.msst yles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Ultimate.theme ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: NoInternetOpenWith = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoUserNameInStartMenu = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoSaveSettings = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoUserNameInStartMenu = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoUserNameInStartMenu = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoUserNameInStartMenu = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-21-1177238915-152049171-1547161642-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1177238915-152049171-1547161642-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoUserNameInStartMenu = 1
    O7 - HKU\S-1-5-21-1177238915-152049171-1547161642-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Windows\CurrentVersion\poli cies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Windows\CurrentVersion\poli cies\Explorer: NoUserNameInStartMenu = 1
    O7 - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Windows\CurrentVersion\poli cies\Explorer: NoSaveSettings = 0
    O7 - HKU\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Windows\CurrentVersion\poli cies\Explorer: NoDriveAutorun = 0
    O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} -;EN-US;KBHOWTO File not found
    O9 - Extra 'Tools' menuitem : MS-KB - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} -;EN-US;KBHOWTO File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{61D41C96-10C5-400E-A777-6BB58869832F}: DhcpNameServer =
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/02/01 18:28:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (pgdfgsvc C 1)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\ [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/20 09:59:02 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\
    [2012/03/19 17:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/03/19 17:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programma's\HiJackThis
    [2012/03/19 15:44:21 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\TFC.exe
    [2012/03/19 14:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2012/03/19 14:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
    [2012/03/19 14:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/03/19 14:08:29 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/03/19 14:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/19 14:06:34 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Bureaublad\mbam--setup-
    [2012/03/18 18:20:49 | 000,000,000 | R-SD | C] -- D:\Mijn documenten\My Stationery
    [2012/03/17 14:56:07 | 000,000,000 | ---D | C] -- D:\Mijn documenten\Downloads
    [2012/03/16 13:53:18 | 000,000,000 | ---D | C] -- D:\Mijn documenten\Mijn ontvangen bestanden
    [2012/03/15 16:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\kodak
    [2012/03/15 16:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
    [2012/03/15 15:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2012/03/15 15:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
    [2012/03/15 15:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Live
    [2012/03/15 15:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2012/03/15 15:18:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Onlangs geopend
    [2012/03/13 16:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2012/03/13 16:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
    [2012/03/10 15:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2012/03/09 15:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2012/03/08 15:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documenten\Pinnacle
    [2012/03/08 14:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Revo Uninstaller Pro
    [2012/03/08 14:58:10 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
    [2012/03/08 14:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2012/03/06 11:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\CyberLink
    [2012/03/06 10:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CyberLink
    [2012/03/06 10:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
    [2012/03/06 10:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programma's\CyberLink WaveEditor
    [2012/03/06 10:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\NewBlue
    [2012/03/06 10:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2012/03/06 10:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
    [2012/03/06 10:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programma's\CyberLink PowerDirector 10
    [2012/03/06 10:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
    [2012/03/06 10:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2012/03/05 09:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Free Screen Recorder
    [2012/03/05 09:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Free Screen Recorder
    [2012/03/04 11:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/03/02 15:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2012/03/02 15:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2012/03/02 15:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)
    [2012/03/01 12:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\DOSPRN
    [2012/03/01 12:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\DOSPRN
    [2012/03/01 11:44:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2012/02/28 09:14:38 | 000,339,968 | R--- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMGMAN32.DLL
    [2012/02/28 09:14:38 | 000,098,345 | R--- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IMHOST32.DLL
    [2012/02/28 09:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Lexmark Faxoplossingen
    [2012/02/28 09:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Fax Solutions
    [2012/02/28 09:14:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FaxCtr
    [2012/02/28 09:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\ABBYY FineReader Tools
    [2012/02/28 09:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 5.0 Sprint
    [2012/02/28 09:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Lexmark 2200 Series
    [2012/02/28 08:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2200 Series
    [2012/02/28 08:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FaxCtr
    [2012/02/27 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Fax Solutions(2)
    [2012/02/27 13:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FaxCtr(2)
    [2012/02/27 13:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 5.0 Sprint(2)
    [2012/02/27 13:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2200 Series(2)
    [2012/02/27 13:32:28 | 000,098,304 | R--- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XPNG.DEL
    [2012/02/27 13:32:28 | 000,069,632 | R--- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31XTIF.DEL
    [2012/02/27 13:32:28 | 000,049,152 | R--- | C] (Data Techniques, Inc.) -- C:\WINDOWS\System32\IM31IMG.DIL
    [2012/02/24 13:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
    [2012/02/23 17:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2012/02/23 17:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
    [2012/02/23 17:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2012/02/20 18:33:52 | 000,000,000 | ---D | C] -- D:\Mijn documenten\Outlook-bestanden
    [2012/02/20 17:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
    [2012/02/20 17:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Office
    [2012/02/20 17:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2012/02/20 17:16:22 | 000,000,000 | RH-D | C] -- C:\MSOCache
    [2012/02/20 14:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
    [2012/02/20 14:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2012/02/20 14:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
    [2012/02/20 14:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    [2012/02/20 14:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\DealPly
    [2012/02/20 14:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
    [2012/02/20 14:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Complitly
    [2012/02/20 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
    [2012/02/20 14:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012/02/20 14:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
    [2012/02/20 14:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Babylon
    [2012/02/20 14:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
    [2012/02/19 11:37:05 | 000,000,000 | ---D | C] -- D:\Mijn documenten\My Videos

    ========== Files - Modified Within 30 Days ==========

    [2012/03/20 10:05:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/03/20 09:59:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\
    [2012/03/20 09:56:03 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/20 09:48:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2012/03/20 09:44:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/03/20 09:43:33 | 001,822,208 | ---- | M] () -- C:\WINDOWS\System32\destract.exe
    [2012/03/20 09:43:09 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/20 09:43:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/03/19 17:06:42 | 000,002,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\HiJackThis.lnk
    [2012/03/19 15:44:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\TFC.exe
    [2012/03/19 14:08:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
    [2012/03/19 14:06:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Bureaublad\mbam--setup-
    [2012/03/19 11:32:25 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documenten\PCLECHAL.INI
    [2012/03/19 11:03:46 | 000,196,930 | ---- | M] () -- C:\WINDOWS\System32\AdobeFnt.lst
    [2012/03/16 15:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/03/15 15:36:38 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\Windows Live Messenger .lnk
    [2012/03/14 09:22:51 | 000,565,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/03/11 17:43:21 | 000,000,000 | RHS- | M] () -- C:\winx.ld
    [2012/03/11 17:43:16 | 000,203,836 | RHS- | M] () -- C:\grldr
    [2012/03/08 16:00:24 | 000,000,108 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
    [2012/03/08 16:00:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/03/08 14:58:16 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Revo Uninstaller Pro.lnk
    [2012/03/06 18:10:44 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\CyberLink PowerDirector 10.lnk
    [2012/03/06 12:58:40 | 000,000,576 | ---- | M] () -- C:\WINDOWS\videoimp.ini
    [2012/03/06 10:40:48 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\CyberLink WaveEditor.lnk
    [2012/03/05 09:56:13 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/05 09:21:05 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\Free Screen Recorder.lnk
    [2012/03/04 11:32:14 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/03/01 12:30:20 | 000,001,883 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
    [2012/03/01 12:30:20 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\DOSPRN.lnk
    [2012/02/28 09:15:11 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Lexmark 2200 Series Takencentrum.lnk
    [2012/02/28 09:11:58 | 000,000,100 | ---- | M] () -- C:\WINDOWS\lexstat.ini
    [2012/02/25 11:01:43 | 000,004,096 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\keyfile3.drm
    [2012/02/25 10:47:41 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
    [2012/02/23 17:34:50 | 000,637,152 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
    [2012/02/23 17:34:50 | 000,554,790 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/02/23 17:34:50 | 000,146,918 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
    [2012/02/23 17:34:50 | 000,115,496 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/02/20 17:40:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\srvany.exe
    [2012/02/20 16:16:35 | 000,696,320 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\MicrosoftFixit50 450.msi
    [2012/02/20 14:39:55 | 000,001,491 | ---- | M] () -- C:\user.js

    ========== Files Created - No Company Name ==========

    [2012/03/19 17:04:30 | 000,002,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\HiJackThis.lnk
    [2012/03/19 14:08:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
    [2012/03/16 11:34:08 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\Windows Live Messenger .lnk
    [2012/03/11 17:43:21 | 000,000,000 | RHS- | C] () -- C:\winx.ld
    [2012/03/08 14:58:16 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Revo Uninstaller Pro.lnk
    [2012/03/06 10:40:48 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\CyberLink WaveEditor.lnk
    [2012/03/06 10:39:15 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\CyberLink PowerDirector 10.lnk
    [2012/03/05 09:21:05 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\Free Screen Recorder.lnk
    [2012/03/04 11:32:14 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/03/04 11:32:14 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Mozilla Firefox.lnk
    [2012/03/01 12:30:20 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\DOSPRN.lnk
    [2012/02/28 09:15:11 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Lexmark 2200 Series Takencentrum.lnk
    [2012/02/28 09:14:38 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
    [2012/02/28 09:14:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
    [2012/02/28 09:13:40 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\ABBYY FineReader 5.0 Sprint Plus.lnk
    [2012/02/28 09:11:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2012/02/28 09:11:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbvvs.dll
    [2012/02/28 09:11:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
    [2012/02/28 09:10:59 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbvcoin.ini
    [2012/02/25 11:01:43 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\keyfile3.drm
    [2012/02/23 17:34:55 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Windows Search.lnk
    [2012/02/23 17:34:55 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk
    [2012/02/20 17:05:30 | 000,696,320 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\MicrosoftFixit50 450.msi
    [2012/02/20 17:05:08 | 000,002,748 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\KMS Activator for Microsoft Office 2010 Applications x86 x64
    [2012/02/20 14:39:52 | 000,001,491 | ---- | C] () -- C:\user.js
    [2012/02/16 12:19:09 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2012/02/15 13:56:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/09 10:41:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2012/02/09 10:40:47 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/08 14:23:58 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool2.dat
    [2012/02/08 11:54:32 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
    [2012/02/08 11:54:32 | 000,000,177 | ---- | C] () -- C:\WINDOWS\kpcms.ini
    [2012/02/08 11:54:29 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
    [2012/02/08 11:54:29 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
    [2012/02/07 15:39:31 | 000,000,576 | ---- | C] () -- C:\WINDOWS\videoimp.ini
    [2012/02/07 15:39:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
    [2012/02/05 15:42:24 | 001,910,592 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/02/05 15:17:21 | 001,822,208 | ---- | C] () -- C:\WINDOWS\System32\destract.exe
    [2012/02/04 19:23:05 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/02/04 19:23:05 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/02/04 19:23:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/02/03 20:07:17 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
    [2012/02/02 03:47:28 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2012/02/02 00:56:57 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
    [2012/02/01 19:09:31 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2012/02/01 19:04:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2012/02/01 19:02:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2012/02/01 18:59:25 | 000,565,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/02/01 18:34:05 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\DesktopTrayClock.ini
    [2012/02/01 18:34:05 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\alarms.ini
    [2012/02/01 18:31:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012/02/01 18:23:34 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/05/21 06:01:00 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\

    ========== LOP Check ==========

    [2012/02/20 14:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon
    [2012/02/02 03:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
    [2012/02/20 14:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Complitly
    [2012/02/15 16:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Desktopicon
    [2012/02/26 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
    [2012/02/08 14:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
    [2012/02/01 19:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IEPro
    [2012/02/03 20:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MAGIX
    [2012/02/02 03:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MiniDm
    [2012/02/28 11:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
    [2012/02/08 16:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
    [2012/02/16 10:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TP
    [2012/02/25 10:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2012/02/24 13:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
    [2012/02/20 14:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012/02/05 16:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2012/02/08 10:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2012/02/05 15:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KLS Soft
    [2012/02/08 15:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2012/02/04 15:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
    [2012/02/14 12:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2012/02/14 12:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus
    [2012/02/10 16:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
    [2012/02/14 12:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
    [2012/03/08 11:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2012/02/10 15:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 12
    [2012/02/14 12:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 14
    [2012/03/08 15:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Studio 15
    [2012/03/06 10:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2012/02/08 10:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2012/02/20 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
    [2012/02/04 11:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Desktopicon
    [2012/02/01 18:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Desktopicon
    [2012/03/20 09:48:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2012/03/20 10:05:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========

    < End of report >

    OTL Extras logfile created on: 20/03/2012 10:01:23 - Run 1
    OTL by OldTimer - Version Folder = C:\Documents and Settings\Administrator\Bureaublad
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

    2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,49% Memory free
    3,85 Gb Paging File | 3,07 Gb Available in Paging File | 79,69% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97,43 Gb Total Space | 61,74 Gb Free Space | 63,37% Space Free | Partition Type: NTFS
    Drive D: | 74,52 Gb Total Space | 68,12 Gb Free Space | 91,41% Space Free | Partition Type: NTFS
    Drive H: | 55,23 Gb Total Space | 35,67 Gb Free Space | 64,59% Space Free | Partition Type: NTFS

    Computer Name: UNATTEND-B7D527 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Beveiliginscentrum] -- control wscui.cpl
    Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
    Directory [Deze computer] -- explorer.exe /e, %2 (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Geluid Eigenschappen] -- control mmsys.cpl
    Directory [Msconfig] -- msconfig.exe
    Directory [Netwerkverbindingen] -- control ncpa.cpl
    Directory [Open Outlook Express] -- msimn.exe /e,
    Directory [Open Systemcontrol] -- control.exe sysdm.cpl,,0 (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Register Editer] -- regedt32.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Directory [Software] -- control appwiz.cpl
    Directory [Verstuur een E-Mail] -- c:\program files\outlook express\msimn.exe /mailurl: (Microsoft Corporation)
    Directory [XP Logboeken] -- eventvwr.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
    "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled :Teamviewer Remote Control Application -- (TeamViewer GmbH)
    "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:* :Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)
    "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
    "C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
    "C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1A6A6531-08FC-47AD-BAC4-C41497E71043}" = Nero 7 Essentials
    "{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{220C5102-2566-337F-9E9B-C81C5C761BA2}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
    "{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client NL-NL Language Pack
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64371D22-A18B-436E-863B-2E12DA8042FF}" = Microsoft .NET Framework 3.0 Dutch Language Pack
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.7
    "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle videodriver
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7EB94EB2-9A5E-4FCC-B940-9E11AB8AF933}" = Album Art Fixer
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8851E12C-0EF9-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Platinum
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90140000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 14
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
    "{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
    "{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
    "{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
    "{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
    "{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
    "{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUS_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
    "{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUS_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
    "{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
    "{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUS_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
    "{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
    "{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A395750A-78D7-36D1-A59D-1A0B601D4BDC}" = Microsoft .NET Framework 3.5 Language Pack - nld
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
    "{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Nederlands
    "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 285.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 285.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe
    "{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
    "{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call
    "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
    "{E1230694-33DA-4E74-82E1-06CC9D545E9B}" = Windows Vista Sounds Pack
    "{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Type Manager 4.0" = Adobe Type Manager 4.0
    "CCleaner" = CCleaner
    "Complitly_is1" = Complitly
    "DealPly" = DealPly
    "DOSPRN_is1" = DOSPRN 1.79
    "DriverAgent.exe" = DriverAgent by
    "EPSON S22 Series" = EPSON S22 Series Printer Uninstall
    "EPSON S22 Series Manual" = EPSON S22 Series Handboek
    "Free Screen Recorder_is1" = Free Screen Recorder v2.9
    "Free YouTube Download_is1" = Free YouTube Download version
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version
    "GVOX Encore 32 v4.5" = GVOX Encore 32 v4.5
    "HashTab" = HashTab 2.1.1
    "Hollywood FX 5" = Pinnacle Hollywood FX 5
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
    "InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Faxoplossingen
    "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
    "Lexmark 2200 Series" = Lexmark 2200 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.0 Dutch Language Pack" = Microsoft .NET Framework 3.0 Nederlands taalpakket
    "Microsoft .NET Framework 3.5 Language Pack - nld" = Microsoft .NET Framework 3.5 Service Pack 1 Nederlands taalpakket
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 Service Pack 1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 10.0.2 (x86 nl)" = Mozilla Firefox 10.0.2 (x86 nl)
    "NewBlue Art Effects for PDR10" = Art Effects for PDR10
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Speccy" = Speccy
    "TeamViewer 7" = TeamViewer 7
    "Unlocker" = Unlocker 1.8.7
    "VLC media player" = VLC media player 1.1.11
    "Windows Sidebar" = Windows Sidebar
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.10 (32-bit)
    "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1177238915-152049171-1547161642-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Unin stall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 19/03/2012 4:53:36 | Computer Name = UNATTEND-B7D527 | Source = Outlook | ID = 35
    Description = Kan niet vaststellen of het archief zich in het verkenningsbereik
    bevindt (fout=0x80004005).

    Error - 19/03/2012 6:56:33 | Computer Name = UNATTEND-B7D527 | Source = Application Error | ID = 1000
    Description = Vastgelopen toepassing: nmindexstoresvr.exe, versie:, vastgelopen
    module: nmfulltextextraction.dll, versie:, vastgelopen op: 0x000062cc.

    Error - 19/03/2012 12:23:33 | Computer Name = UNATTEND-B7D527 | Source = Outlook | ID = 34
    Description = Kan het bereik van verkennerbeheer niet ophalen. Fout: 0x80004005.

    Error - 19/03/2012 12:23:33 | Computer Name = UNATTEND-B7D527 | Source = Outlook | ID = 34
    Description = Kan het bereik van verkennerbeheer niet ophalen. Fout: 0x80004005.

    Error - 19/03/2012 12:23:33 | Computer Name = UNATTEND-B7D527 | Source = Outlook | ID = 35
    Description = Kan niet vaststellen of het archief zich in het verkenningsbereik
    bevindt (fout=0x80004005).

    Error - 19/03/2012 12:23:33 | Computer Name = UNATTEND-B7D527 | Source = Outlook | ID = 35
    Description = Kan niet vaststellen of het archief zich in het verkenningsbereik
    bevindt (fout=0x80004005).

    Error - 20/03/2012 4:46:21 | Computer Name = UNATTEND-B7D527 | Source = Outlook | ID = 34
    Description = Kan het bereik van verkennerbeheer niet ophalen. Fout: 0x80004005.

    Error - 20/03/2012 4:46:21 | Computer Name = UNATTEND-B7D527 | Source = Outlook | ID = 34
    Description = Kan het bereik van verkennerbeheer niet ophalen. Fout: 0x80004005.

    Error - 20/03/2012 4:46:21 | Computer Name = UNATTEND-B7D527 | Source = Outlook | ID = 35
    Description = Kan niet vaststellen of het archief zich in het verkenningsbereik
    bevindt (fout=0x80004005).

    Error - 20/03/2012 4:46:21 | Computer Name = UNATTEND-B7D527 | Source = Outlook | ID = 35
    Description = Kan niet vaststellen of het archief zich in het verkenningsbereik
    bevindt (fout=0x80004005).

    [ System Events ]
    Error - 19/03/2012 11:49:35 | Computer Name = UNATTEND-B7D527 | Source = Service Control Manager | ID = 7001
    Description = De DHCP Client-service is afhankelijk van de NetBios over Tcpip-service,
    die vanwege de volgende fout niet kan worden gestart: %%31

    Error - 19/03/2012 11:49:35 | Computer Name = UNATTEND-B7D527 | Source = Service Control Manager | ID = 7001
    Description = De DNS Client-service is afhankelijk van de Stuurprogramma voor TCP/IP-protocol-service,
    die vanwege de volgende fout niet kan worden gestart: %%31

    Error - 19/03/2012 11:49:35 | Computer Name = UNATTEND-B7D527 | Source = Service Control Manager | ID = 7001
    Description = De TCP/IP NetBIOS Helper-service is afhankelijk van de AFD-service,
    die vanwege de volgende fout niet kan worden gestart: %%31

    Error - 19/03/2012 11:49:35 | Computer Name = UNATTEND-B7D527 | Source = Service Control Manager | ID = 7001
    Description = De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service,
    die vanwege de volgende fout niet kan worden gestart: %%31

    Error - 19/03/2012 11:49:35 | Computer Name = UNATTEND-B7D527 | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: AFD ATMhelpr

    Error - 19/03/2012 11:49:48 | Computer Name = UNATTEND-B7D527 | Source = DCOM | ID = 10005
    Description = DCOM kreeg foutmelding '%1084' bij het starten van de netman-service
    met de argumenten '' om de server {BA126AE5-2166-11D1-B1D0-00805FC1270E} te starten

    Error - 19/03/2012 11:49:52 | Computer Name = UNATTEND-B7D527 | Source = DCOM | ID = 10005
    Description = DCOM kreeg foutmelding '%1084' bij het starten van de StiSvc-service
    met de argumenten '' om de server {A1F4E726-8CF1-11D1-BF92-0060081ED811} te starten

    Error - 19/03/2012 11:50:34 | Computer Name = UNATTEND-B7D527 | Source = Service Control Manager | ID = 7031
    Description = De Microsoft Antimalware Service-service is onverwacht gestopt. Dit
    is 1 keer gebeurd. De volgende herstelbewerking zal over 15000 milliseconden worden
    uitgevoerd: Service opnieuw starten.

    Error - 19/03/2012 11:53:54 | Computer Name = UNATTEND-B7D527 | Source = DCOM | ID = 10005
    Description = DCOM kreeg foutmelding '%1084' bij het starten van de EventSystem-service
    met de argumenten '' om de server {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

    Error - 19/03/2012 12:23:17 | Computer Name = UNATTEND-B7D527 | Source = PlugPlayManager | ID = 11
    Description = Het apparaat Root\LEGACY_MPKSL19876156\0000 is uit het systeem verdwenen
    zonder dat de verwijdering is voorbereid.

    < End of report >

    Citaat Oorspronkelijk geplaatst door theo2602 Bekijk bericht
    Graag toch twee vraagjes:
    1) is er iets in mijn logjes dat been exdtra behandeling nodig maakt? Een patient weet dat graag en leert zo iets bij.
    2) Is dat OTL zoveel beter dat het de problemen oplost die malware enz. die obsessed aanraadde, niet vond oplost? Waarom start men daar dan niet mee
    1. ja natuurlijk.
    2. Anders, en hier kan ik mee fixen. Niet voor de startpost nodig, DDS is does not do squat.

    Start OTL
    • Plak het volgende onder Custom Scans/Fixes


      IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\\GenericAskToolbar.dll (Ask)

      IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
      IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" ={search...00000c6ee2e2cd

      IE - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\SearchScopes\{F4DB6E09-0970-41F1-9C8C-0F2D864EBBAE}: "URL" =
      FF - ""
      FF - ""
      FF - ""
      FF - ""
      FF - prefs.js..browser.startup.homepage: ""
      CHR - Extension: Ask Toolbar = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaakfopmidbfddimafofbdn gbkidf\\
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-1177238915-152049171-1547161642-500\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [] File not found



      ipconfig /flushdns /c

    • Klik daarna bovenaan op de knop Run Fix
    • Laat het programma ongestoord zijn werk doen. De pc zal na afloop opnieuw opgestart worden.

    Ondertussen is dat twee en een half uur en nog geen einde in zicht?

  9. #8
    Erelid   Juisterr's schermafbeelding
    31 July 2006
    kotje aan de kust
    1.837 keer in 1.166 posts
    Doe het eens in Veilige modus.

    Op minder dan één minuut was het klaar. Misschien bij volgende hulpbehoeftigen dat dadelijk voorstellen.
    Hartelijk dank en hier onder de laatste log (?)
    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-1177238915-152049171-1547161642-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000000 0-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
    C:\Program Files\\GenericAskToolbar.dll moved successfully.
    Registry key HKEY_USERS\S-1-5-21-1177238915-152049171-1547161642-500\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbdda a-5d3f-42ee-b79c-185a7020515b}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1177238915-152049171-1547161642-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF79 6-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1177238915-152049171-1547161642-500\Software\Microsoft\Internet Explorer\SearchScopes\{F4DB6E09-0970-41F1-9C8C-0F2D864EBBAE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4DB6E0 9-0970-41F1-9C8C-0F2D864EBBAE}\ not found.
    Prefs.js: "" removed from
    Prefs.js: "" removed from
    Prefs.js: "" removed from
    Prefs.js: "" removed from
    Prefs.js: "" removed from browser.startup.homepage
    File C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaakfopmidbfddimafofbdn gbkidf\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    File C:\Program Files\\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-1177238915-152049171-1547161642-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7 F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\ deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP-configuratie
    De DNS-omzettingscache is leeggemaakt.
    C:\Documents and Settings\Administrator\Bureaublad\cmd.bat deleted successfully.
    C:\Documents and Settings\Administrator\Bureaublad\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully


    User: Administrator
    ->Temp folder emptied: 15996215 bytes
    ->Temporary Internet Files folder emptied: 19739271 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 1664 bytes

    User: All Users
    ->Temp folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Eigenaar

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 10698 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 19175 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 34,00 mb


    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: Eigenaar

    User: LocalService

    User: NetworkService

    User: UpdatusUser

    Total Flash Files Cleaned = 0,00 mb

    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    OTL by OldTimer - Version log created on 03212012_075000
    Files\Folders moved on Reboot...
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DVX0D2ZB\78500-Polizei-theo[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\45FTUPT8\ads[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    Registry entries deleted on Reboot...

