Nationaal Computer Forum
Voor al je problemen met computers, tablets en smartphones


Problemen of vragen over je computer? Plaats hier een bericht!

Ook Buma/Stemra virus (nieuwe versie)

Weergegeven resultaten: 1 t/m 10 van 10
  1. #1
    New Member
    Geregistreerd
    18 maart 2012
    Berichten
    1
    Bedankt
    0
    Is bedankt: 0

    Standaard Ook Buma/Stemra virus (nieuwe versie)

    Ey,

    Ik heb het ook. Heb het voor een deel opgelost.

    stap 1: Start computer in MS DOS op(CMD)
    StaP 2: Verwijder %AppData%\flint4ytw.exe VIA CMD.

    Stap 3: Start nu in veilige modus op. Ja je krijgt nu wel je Taakbalk
    Stap 4: Klik op uitvoeren en dan typ je msconfig in.
    Stap 5: ga naar tabblad opstarten en vink de onbetrouwbare bestanden uit.
    Stap 6: start je pc opnieuw op en je komt erin.

    Probleem nu nog. Ik kan me taakbeheer niet meer in. Taakbeheer is uitgeschakeld door de systeembeheerder. Hoe los ik dit op?

  2. #2
    Moderator Abraham54's schermafbeelding
    Geregistreerd
    9 augustus 2007
    Locatie
    Grootste stad in Twente
    Berichten
    70.192
    Bedankt
    13
    Is bedankt: 823

    Standaard Re: Ook Buma/Stemra virus (nieuwe versie)

    Hallo Timothy,
    welkom op dit geweldige forum.

    Download OTL en plaats het bestand op je bureaublad.

    "OTL.com" gebruiken:
    • Sluit nu eerst alle nog openstaande programmavensters!
      • Windows 2000 en Windows XP: start het tool middels dubbelklik op "OTL.com".
      • Windows Vista en Windows 7: start het tool middels rechtsklik op "OTL.com" en dan kiezen voor Als Administrator uitvoeren.

    • Zet een vinkje bij Scan All Users.
    • Klik op de knop Quick Scan.
    • Verander de instellingen van OTL niet, tenzij ik hiervoor specifiek instructies geef.
    • De scan zal niet heel erg lang duren.
      • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.txt.
      • Deze logbestanden zijn opgeslagen in dezelfde locatie als OTL.
      • Ga naar DDRMMR's kleurcodeerder (Klik)
      • Kopieer en plak de inhoud van OTL.Txt in het webvenster en klik op de knop 'Converteer'.
      • Kopieer en plak de inhoud van de kleurcodeerder vervolgens in je aansluitende bericht.
      • De inhoud van Extras.txt plak je gewoon onder het andere log in je bericht erbij (hoeft niet via de kleurcodeerder).

    OTL produceert een behoorlijk groot log, dus kan het gebeuren, dat je het log moet splitsen en in twee of meerdere keren moet posten.
    Proud member of


    Wens je als dank voor de goede hulp een donatie te doen? Kijk dan
    hier

    Waarom geïnformeerde mensen Google Chrome gebruiken, is onverklaarbaar voor mij.
    Het is niets meer dan een vermomming om persoonlijke data te collecteren, net zo als zusje Google toolbar dat doet
    .

  3. #3
    New Member
    Geregistreerd
    21 maart 2012
    Berichten
    2
    Bedankt
    0
    Is bedankt: 0

    Standaard Re: Ook Buma/Stemra virus (nieuwe versie)

    Citaat Oorspronkelijk geplaatst door timothydegraaf Bekijk bericht
    Ey,

    Ik heb het ook. Heb het voor een deel opgelost.

    stap 1: Start computer in MS DOS op(CMD)
    StaP 2: Verwijder %AppData%\flint4ytw.exe VIA CMD.

    Stap 3: Start nu in veilige modus op. Ja je krijgt nu wel je Taakbalk
    Stap 4: Klik op uitvoeren en dan typ je msconfig in.
    Stap 5: ga naar tabblad opstarten en vink de onbetrouwbare bestanden uit.
    Stap 6: start je pc opnieuw op en je komt erin.

    Probleem nu nog. Ik kan me taakbeheer niet meer in. Taakbeheer is uitgeschakeld door de systeembeheerder. Hoe los ik dit op?
    Windows vanaf Vista heeft een beschermd systeem Administrator account met de aller hoogste rechten. Standaard is dat uitgeschakeld i.v.m. de beveiliging van Windows. Soms echter heb je toch de systeem Administrator nodig omdat de rechten van de standaard Administrator niet voldoende zijn. Ga als volg te werk als het nodig is de de systeem Administrator in te schakelen (lijkt me in jou geval wel noodzakelijk).

    Voer de volgende opdracht in het "Programma's en Bestanden zoeken" (onderaan het Windows start menu) veld in:

    C:\Windows\System32\lusrmgr.msc

    Klik op lusrmgr.msc om de locale groepen manager te openen en volg onderstaande procedure om de systeem administrator account actief te maken.


    • Klik in het linker venster op "Gebruikers"
    • In het midden venster zie je een aantal accounts staan waaronder "Administrator".
    • Klik met de rechtermuistoets op "Administrator" en kies eigenschappen.
    • In het venster dat nu opend haal je het vinkje weg bij "Account is uitgeschakeld" om de systeem Administrator te activeren.
    • Start de PC opnieuw, en kies als opstart mogelijkheid Administrator (geen wachtwoord).
    • Je bent nu als systeem administrator ingelogd en hebt de aller hoogste rechten, nu kun je wel taakbeheer starten en andere benodigde acties op bestanden uitvoeren.
    • Vergeet niet de systeem Administrator nadat alles weer werkt, te deactiveren i.v.m. het gevaar dat kwaadwillenden je PC kunnen overnemen bij een volgende aanval.


    Succes, Z.

  4. #4
    New Member
    Geregistreerd
    25 augustus 2008
    Berichten
    26
    Bedankt
    0
    Is bedankt: 0

    Standaard Re: Ook Buma/Stemra virus (nieuwe versie)

    Maar bovenstaande handelingen gaan niet op voor Vista Home Primium.....

  5. #5
    Moderator Abraham54's schermafbeelding
    Geregistreerd
    9 augustus 2007
    Locatie
    Grootste stad in Twente
    Berichten
    70.192
    Bedankt
    13
    Is bedankt: 823

    Standaard Re: Ook Buma/Stemra virus (nieuwe versie)

    Hoi, ik heb niks meer vernomen.
    Is je probleem misschien opgelost?
    Proud member of


    Wens je als dank voor de goede hulp een donatie te doen? Kijk dan
    hier

    Waarom geïnformeerde mensen Google Chrome gebruiken, is onverklaarbaar voor mij.
    Het is niets meer dan een vermomming om persoonlijke data te collecteren, net zo als zusje Google toolbar dat doet
    .

  6. #6
    New Member
    Geregistreerd
    18 april 2012
    Berichten
    3
    Bedankt
    0
    Is bedankt: 0

    Standaard Re: Ook Buma/Stemra virus (nieuwe versie)

    HOi,

    Heb bovenstaande ook gedaan en log hieronder geplaatst.
    Alvast bedankt.

    [hjt]
    otl logfile created on: 18-4-2012 0:38:42 - run 1
    otl by oldtimer - version 3.2.40.0 folder = c:\users\alexander\downloads
    ultimate edition service pack 1 (version = 6.1.7601) - type = ntworkstation
    internet explorer (version = 9.0.8112.16421)
    locale: 00000413 | country: nederland | language: nld | date format: d-m-yyyy

    2,91 gb total physical memory | 1,69 gb available physical memory | 57,97% memory free
    5,83 gb paging file | 4,40 gb available in paging file | 75,51% paging file free
    paging file location(s): ?:\pagefile.sys [binary data]

    %systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
    drive c: | 465,66 gb total space | 222,84 gb free space | 47,85% space free | partition type: ntfs
    drive d: | 100,00 mb total space | 78,71 mb free space | 78,71% space free | partition type: ntfs

    computer name: win732 | user name: alexander | logged in as administrator.
    boot mode: normal | scan mode: all users | quick scan
    company name whitelist: on | skip microsoft files: on | no company name whitelist: on | file age = 30 days

    ========== processes (safelist) ==========

    prc - [2012-04-18 00:37:52 | 000,595,968 | ---- | m] (oldtimer tools) -- c:\users\alexander\downloads\otl.com
    prc - [2012-04-15 14:31:03 | 000,353,440 | ---- | m] (adobe systems incorporated) -- c:\windows\system32\macromed\flash\flashutil32_11_2_202_233_activex.exe
    prc - [2012-04-04 15:56:40 | 000,654,408 | ---- | m] (malwarebytes corporation) -- c:\program files\malwarebytes' anti-malware\mbamservice.exe
    prc - [2012-04-04 15:56:38 | 000,462,408 | ---- | m] (malwarebytes corporation) -- c:\program files\malwarebytes' anti-malware\mbamgui.exe
    prc - [2011-09-23 19:37:42 | 000,641,832 | ---- | m] (nero ag) -- c:\program files\nero\update\nasvc.exe
    prc - [2011-08-11 20:57:28 | 000,348,672 | ---- | m] () -- c:\program files\sabnzbd\sabnzbd.exe
    prc - [2011-06-24 06:22:20 | 000,271,360 | ---- | m] (microsoft corporation) -- c:\windows\system32\conhost.exe
    prc - [2011-06-15 15:16:48 | 000,997,920 | ---- | m] (microsoft corporation) -- c:\program files\microsoft security client\msseces.exe
    prc - [2011-04-27 15:39:26 | 000,208,944 | ---- | m] (microsoft corporation) -- c:\program files\microsoft security client\antimalware\nissrv.exe
    prc - [2011-04-27 15:39:26 | 000,011,736 | ---- | m] (microsoft corporation) -- c:\program files\microsoft security client\antimalware\msmpeng.exe
    prc - [2011-02-25 07:30:54 | 002,616,320 | ---- | m] (microsoft corporation) -- c:\windows\explorer.exe
    prc - [2010-11-20 23:29:19 | 000,049,152 | ---- | m] (microsoft corporation) -- c:\windows\system32\taskhost.exe
    prc - [2010-11-20 23:29:12 | 000,302,592 | ---- | m] (microsoft corporation) -- c:\windows\system32\cmd.exe
    prc - [2010-11-17 10:53:16 | 000,113,288 | ---- | m] (renesas electronics corporation) -- c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe
    prc - [2010-03-13 13:58:58 | 000,075,048 | ---- | m] (cyberlink) -- c:\program files\cyberlink\shared files\brs.exe
    prc - [2010-02-03 01:08:56 | 000,087,336 | ---- | m] (cyberlink corp.) -- c:\program files\cyberlink\powerdvd10\pdvd10serv.exe
    prc - [2010-01-24 18:50:08 | 000,089,600 | ---- | m] (ivosoft) -- c:\program files\classic shell\classicstartmenu.exe


    ========== modules (no company name) ==========

    mod - [2011-08-31 19:13:52 | 000,094,208 | ---- | m] () -- c:\windows\system32\icclibdll.dll
    mod - [2011-08-11 20:57:28 | 000,348,672 | ---- | m] () -- c:\program files\sabnzbd\sabnzbd.exe
    mod - [2011-03-17 00:11:16 | 004,297,568 | ---- | m] () -- c:\program files\common files\microsoft shared\office14\cultures\office.odf
    mod - [2010-11-01 18:52:28 | 000,057,344 | ---- | m] () -- c:\program files\sabnzbd\lib\openssl.crypto.pyd
    mod - [2010-11-01 18:52:28 | 000,037,888 | ---- | m] () -- c:\program files\sabnzbd\lib\openssl.ssl.pyd
    mod - [2010-11-01 18:52:28 | 000,007,168 | ---- | m] () -- c:\program files\sabnzbd\lib\openssl.rand.pyd
    mod - [2010-10-08 04:37:34 | 000,546,205 | ---- | m] () -- c:\program files\sabnzbd\lib\sqlite3.dll
    mod - [2010-01-31 17:14:32 | 000,118,784 | ---- | m] () -- c:\program files\sabnzbd\lib\pywintypes25.dll
    mod - [2010-01-31 17:11:56 | 000,671,744 | ---- | m] () -- c:\program files\sabnzbd\lib\_ssl.pyd
    mod - [2010-01-31 17:11:52 | 000,294,912 | ---- | m] () -- c:\program files\sabnzbd\lib\_hashlib.pyd
    mod - [2010-01-31 17:11:52 | 000,135,168 | ---- | m] () -- c:\program files\sabnzbd\lib\pyexpat.pyd
    mod - [2010-01-31 17:11:52 | 000,086,016 | ---- | m] () -- c:\program files\sabnzbd\lib\_ctypes.pyd
    mod - [2010-01-31 17:11:52 | 000,053,248 | ---- | m] () -- c:\program files\sabnzbd\lib\_socket.pyd
    mod - [2010-01-31 17:11:52 | 000,049,152 | ---- | m] () -- c:\program files\sabnzbd\lib\_sqlite3.pyd
    mod - [2010-01-31 17:11:52 | 000,008,192 | ---- | m] () -- c:\program files\sabnzbd\lib\select.pyd
    mod - [2010-01-31 16:56:20 | 000,024,576 | ---- | m] () -- c:\program files\sabnzbd\lib\servicemanager.pyd
    mod - [2010-01-31 16:56:12 | 000,102,400 | ---- | m] () -- c:\program files\sabnzbd\lib\win32api.pyd
    mod - [2010-01-31 16:56:04 | 000,036,864 | ---- | m] () -- c:\program files\sabnzbd\lib\win32service.pyd
    mod - [2010-01-31 16:54:18 | 000,040,960 | ---- | m] () -- c:\program files\sabnzbd\lib\win32process.pyd
    mod - [2010-01-31 16:54:16 | 000,019,968 | ---- | m] () -- c:\program files\sabnzbd\lib\win32pipe.pyd
    mod - [2010-01-31 16:54:06 | 000,014,848 | ---- | m] () -- c:\program files\sabnzbd\lib\win32evtlog.pyd
    mod - [2010-01-31 16:54:04 | 000,110,592 | ---- | m] () -- c:\program files\sabnzbd\lib\win32file.pyd
    mod - [2010-01-31 16:54:04 | 000,013,824 | ---- | m] () -- c:\program files\sabnzbd\lib\win32event.pyd
    mod - [2009-03-03 19:21:18 | 000,012,288 | ---- | m] () -- c:\program files\sabnzbd\lib\cheetah._namemapper.pyd
    mod - [2006-08-12 17:47:52 | 000,009,728 | ---- | m] () -- c:\program files\sabnzbd\lib\_yenc.pyd


    ========== win32 services (safelist) ==========

    srv - [2012-04-15 14:31:03 | 000,253,088 | ---- | m] (adobe systems incorporated) [on_demand | stopped] -- c:\windows\system32\macromed\flash\flashplayerupdateservice.exe -- (adobeflashplayerupdatesvc)
    srv - [2012-04-04 19:05:26 | 000,008,192 | ---- | m] () [auto | stopped] -- c:\windows\system32\srvany.exe -- (kmservice)
    srv - [2012-04-04 15:56:40 | 000,654,408 | ---- | m] (malwarebytes corporation) [auto | running] -- c:\program files\malwarebytes' anti-malware\mbamservice.exe -- (mbamservice)
    srv - [2012-03-11 21:41:49 | 000,655,624 | ---- | m] (acresso software inc.) [on_demand | stopped] -- c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe -- (flexnet licensing service)
    srv - [2011-09-23 19:37:42 | 000,641,832 | ---- | m] (nero ag) [auto | running] -- c:\program files\nero\update\nasvc.exe -- (naupdate)
    srv - [2011-06-12 11:15:00 | 031,125,880 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\program files\microsoft office\office14\groove.exe -- (microsoft sharepoint workspace audit service)
    srv - [2011-05-08 00:13:56 | 001,343,400 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\wat\watadminsvc.exe -- (watadminsvc)
    srv - [2011-04-27 15:39:26 | 000,208,944 | ---- | m] (microsoft corporation) [on_demand | running] -- c:\program files\microsoft security client\antimalware\nissrv.exe -- (nissrv)
    srv - [2011-04-27 15:39:26 | 000,011,736 | ---- | m] (microsoft corporation) [auto | running] -- c:\program files\microsoft security client\antimalware\msmpeng.exe -- (msmpsvc)
    srv - [2010-08-08 12:45:26 | 000,013,080 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\program files\windows identity foundation\v3.5\c2wtshost.exe -- (c2wts)
    srv - [2009-07-14 03:16:13 | 000,025,088 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\sensrsvc.dll -- (sensrsvc)
    srv - [2009-07-14 03:16:12 | 001,004,544 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\windows\system32\peerdistsvc.dll -- (peerdistsvc)


    ========== driver services (safelist) ==========

    drv - file not found [kernel | on_demand | stopped] -- system32\drivers\rdvgkmd.sys -- (vgpu)
    drv - [2012-04-18 00:26:04 | 000,054,016 | ---- | m] () [kernel | boot | unknown] -- c:\windows\system32\drivers\kjwswvst.sys -- (cyfv)
    drv - [2012-04-04 15:56:40 | 000,022,344 | ---- | m] (malwarebytes corporation) [file_system | on_demand | running] -- c:\windows\system32\drivers\mbam.sys -- (mbamprotector)
    drv - [2011-05-27 20:50:47 | 000,443,448 | ---- | m] () [kernel | boot | running] -- c:\windows\system32\drivers\sptd.sys -- (sptd)
    drv - [2011-04-27 15:25:24 | 000,065,024 | ---- | m] (microsoft corporation) [kernel | on_demand | running] -- c:\windows\system32\drivers\nisdrvwfp.sys -- (nisdrv)
    drv - [2011-04-18 13:18:50 | 000,043,392 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\mpnwmon.sys -- (mpnwmon)
    drv - [2011-03-07 11:01:32 | 000,274,736 | r--- | m] (marvell semiconductor, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\mvs91xx.sys -- (mvs91xx)
    drv - [2011-03-04 17:00:16 | 000,309,224 | ---- | m] (asmedia technology inc) [kernel | on_demand | running] -- c:\windows\system32\drivers\asmtxhci.sys -- (asmtxhci)
    drv - [2011-03-04 17:00:14 | 000,100,328 | ---- | m] (asmedia technology inc) [kernel | on_demand | running] -- c:\windows\system32\drivers\asmthub3.sys -- (asmthub3)
    drv - [2011-03-04 13:46:18 | 000,032,896 | r--- | m] (advanced micro devices) [kernel | boot | running] -- c:\windows\system32\drivers\amd_xata.sys -- (amd_xata)
    drv - [2011-03-04 13:46:16 | 000,065,664 | r--- | m] (advanced micro devices) [kernel | boot | running] -- c:\windows\system32\drivers\amd_sata.sys -- (amd_sata)
    drv - [2011-02-17 12:41:00 | 000,317,216 | ---- | m] (marvell) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\yk62x86.sys -- (yukonw7)
    drv - [2011-02-14 08:07:54 | 000,021,808 | r--- | m] (marvell semiconductor inc.) [kernel | boot | running] -- c:\windows\system32\drivers\mv91cons.sys -- (mv91cons)
    drv - [2011-02-14 08:07:52 | 000,273,200 | r--- | m] (marvell semiconductor, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\mv91xx.sys -- (mv91xx)
    drv - [2011-02-10 14:52:10 | 000,141,952 | ---- | m] (renesas electronics corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
    drv - [2011-02-10 14:52:10 | 000,063,872 | ---- | m] (renesas electronics corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nusb3hub.sys -- (nusb3hub)
    drv - [2011-02-09 15:26:44 | 000,023,640 | r--- | m] (jmicron technology corp.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\johci.sys -- (johci)
    drv - [2010-11-25 13:27:30 | 000,103,000 | r--- | m] (jmicron technology corp.) [kernel | boot | running] -- c:\windows\system32\drivers\jraid.sys -- (jraid)
    drv - [2010-11-20 23:29:34 | 000,015,872 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\rdpvideominiport.sys -- (rdpvideominiport)
    drv - [2010-11-20 23:29:24 | 000,052,224 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\tsusbflt.sys -- (tsusbflt)
    drv - [2010-11-20 23:29:03 | 000,175,360 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\vmbus.sys -- (vmbus)
    drv - [2010-11-20 23:29:03 | 000,112,640 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
    drv - [2010-11-20 23:29:03 | 000,077,184 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\synth3dvsc.sys -- (synth3dvsc)
    drv - [2010-11-20 23:29:03 | 000,062,464 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\dmvsc.sys -- (dmvsc)
    drv - [2010-11-20 23:29:03 | 000,040,704 | ---- | m] (microsoft corporation) [kernel | boot | running] -- c:\windows\system32\drivers\vmstorfl.sys -- (storflt)
    drv - [2010-11-20 23:29:03 | 000,035,968 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\winusb.sys -- (winusb)
    drv - [2010-11-20 23:29:03 | 000,028,032 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\storvsc.sys -- (storvsc)
    drv - [2010-11-20 23:29:03 | 000,027,264 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\tsusbgd.sys -- (tsusbgd)
    drv - [2010-11-20 23:29:03 | 000,025,600 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\terminpt.sys -- (terminpt)
    drv - [2010-11-20 23:29:03 | 000,017,920 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\vmbushid.sys -- (vmbushid)
    drv - [2010-11-20 23:29:03 | 000,005,632 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\vms3cap.sys -- (s3cap)
    drv - [2010-09-29 03:14:30 | 000,228,352 | ---- | m] (advanced micro devices, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\atikmpag.sys -- (amdkmdap)
    drv - [2010-09-23 17:47:20 | 000,214,096 | r--- | m] (advanced micro devices, inc) [kernel | boot | running] -- c:\windows\system32\drivers\ahcix86.sys -- (ahcix86)
    drv - [2010-07-21 07:30:26 | 000,031,256 | ---- | m] (initio corp.) [kernel | boot | running] -- c:\windows\system32\drivers\inic1620.sys -- (inic1620)
    drv - [2010-07-13 11:57:16 | 000,040,560 | ---- | m] (paragon software group) [kernel | boot | running] -- c:\windows\system32\drivers\hotcore3.sys -- (hotcore3)
    drv - [2010-06-15 02:09:30 | 000,407,120 | r--- | m] (lsi corporation, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\megasr1.sys -- (megasr1)
    drv - [2010-03-31 00:00:00 | 000,027,760 | ---- | m] () [kernel | on_demand | stopped] -- c:\tools\lavalys\everest ultimate edition\kerneld.wnt -- (everestdriver)
    drv - [2010-03-29 12:15:36 | 000,055,848 | ---- | m] (atheros communications, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\l1e62x86.sys -- (l1e)
    drv - [2010-03-13 13:58:52 | 000,087,536 | ---- | m] (cyberlink corp.) [2012/01/01 09:44:38] [kernel | auto | running] -- c:\program files\cyberlink\powerdvd10\navfilter\000.fcl -- ({1ba31e5a-c098-42d8-8f88-3c9f78a2fddc})
    drv - [2010-02-11 11:59:48 | 000,023,192 | ---- | m] (via technologies, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\xfilt.sys -- (xfilt)
    drv - [2010-02-11 11:59:18 | 000,013,976 | ---- | m] (via technologies, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\videx32.sys -- (videx32)
    drv - [2010-01-07 00:26:34 | 000,190,768 | r--- | m] (advanced micro devices, inc) [kernel | boot | running] -- c:\windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
    drv - [2009-11-09 04:11:22 | 000,043,552 | r--- | m] (areca technology corporation) [kernel | boot | running] -- c:\windows\system32\drivers\arcm_x86.sys -- (arcm_x86)
    drv - [2009-11-06 09:37:20 | 000,699,896 | ---- | m] (broadcom corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\bcmwlhigh6.sys -- (bcmh43xx)
    drv - [2009-10-11 15:58:10 | 000,016,512 | ---- | m] (adaptec) [kernel | auto | running] -- c:\windows\system32\drivers\aspi32.sys -- (aspi32)
    drv - [2009-09-14 16:24:12 | 000,155,688 | r--- | m] (marvell semiconductor, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\mv61xx.sys -- (mv61xx)
    drv - [2009-08-24 10:14:30 | 000,044,544 | ---- | m] (azurewave technologies, inc.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\azvusb.sys -- (azvusb)
    drv - [2009-08-04 19:44:12 | 000,139,296 | r--- | m] (nvidia corporation) [kernel | boot | running] -- c:\windows\system32\drivers\nvrd32.sys -- (nvrd32)
    drv - [2009-07-17 02:51:52 | 000,024,608 | ---- | m] (nvidia corporation) [kernel | boot | running] -- c:\windows\system32\drivers\nvamacpi.sys -- (nvamacpi)
    drv - [2009-07-16 12:36:30 | 000,013,216 | ---- | m] () [kernel | on_demand | stopped] -- c:\windows\system32\drivers\asacpi.sys -- (mtsensor)
    drv - [2009-07-14 00:02:53 | 000,044,032 | ---- | m] (via technologies, inc. ) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\fetnd6.sys -- (fetndis)
    drv - [2009-07-14 00:02:52 | 000,347,264 | ---- | m] (nvidia corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nvm62x32.sys -- (nvenetfd)
    drv - [2009-06-15 17:01:00 | 000,273,920 | ---- | m] (creative technology ltd.) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\v0540vid.sys -- (v0540dev)
    drv - [2009-06-10 23:19:48 | 009,853,248 | ---- | m] (nvidia corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nvlddmkm.sys -- (nvlddmkm)
    drv - [2009-04-28 17:14:12 | 000,015,008 | r--- | m] (highpoint technologies, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\hptiop.sys -- (hptiop)
    drv - [2009-02-05 12:38:24 | 000,212,520 | r--- | m] (silicon image, inc) [kernel | boot | running] -- c:\windows\system32\drivers\si3531.sys -- (si3531)
    drv - [2008-10-30 11:56:04 | 000,217,128 | r--- | m] (silicon image, inc) [kernel | boot | running] -- c:\windows\system32\drivers\si3132r5.sys -- (si3132r5)
    drv - [2008-10-30 11:56:04 | 000,012,200 | r--- | m] (silicon image, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\siremfil.sys -- (siremfil)
    drv - [2008-09-22 03:20:42 | 000,043,520 | ---- | m] (via technologies, inc. ) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\fetnd6v.sys -- (fetnd6v)
    drv - [2008-08-18 18:58:16 | 000,145,952 | ---- | m] (nvidia corporation) [kernel | boot | running] -- c:\windows\system32\drivers\nvstor32.sys -- (nvstor32)
    drv - [2007-10-03 16:55:08 | 000,080,424 | r--- | m] (silicon image, inc) [kernel | boot | running] -- c:\windows\system32\drivers\si3132.sys -- (si3132)
    drv - [2007-08-29 18:04:04 | 000,116,264 | r--- | m] (silicon image, inc) [kernel | boot | running] -- c:\windows\system32\drivers\si3112r.sys -- (si3112r)
    drv - [2007-08-29 18:04:04 | 000,019,240 | r--- | m] (silicon image, inc) [kernel | boot | running] -- c:\windows\system32\drivers\siwinacc.sys -- (sifilter)
    drv - [2007-06-19 14:48:26 | 000,075,672 | r--- | m] (intel corporation) [kernel | boot | running] -- c:\windows\system32\drivers\issetup.sys -- (issetup) intel(r)
    drv - [2007-04-11 14:32:48 | 000,110,384 | r--- | m] (silicon image, inc) [kernel | boot | running] -- c:\windows\system32\drivers\si3114r.sys -- (si3114r)
    drv - [2007-02-07 11:30:06 | 000,209,200 | r--- | m] (silicon image, inc) [kernel | boot | running] -- c:\windows\system32\drivers\si3114r5.sys -- (si3114r5)
    drv - [2007-01-26 13:55:08 | 000,069,168 | r--- | m] (silicon image, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\si3112.sys -- (si3112)
    drv - [2006-11-10 12:45:54 | 000,068,912 | r--- | m] (silicon image, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\si3114.sys -- (si3114)
    drv - [2006-11-02 16:20:30 | 000,076,208 | r--- | m] (silicon image, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\si3124.sys -- (si3124)
    drv - [2006-09-27 14:36:50 | 000,071,968 | r--- | m] (highpoint technologies, inc.) [kernel | boot | running] -- c:\windows\system32\drivers\hptmv.sys -- (hptmv)
    drv - [2006-09-20 11:38:26 | 000,207,152 | r--- | m] (silicon image, inc) [kernel | boot | running] -- c:\windows\system32\drivers\si3124r5.sys -- (si3124r5)
    drv - [2006-07-20 20:47:12 | 000,104,320 | r--- | m] (uli electronics inc.) [kernel | boot | running] -- c:\windows\system32\drivers\m5287.sys -- (m5287)
    drv - [2006-07-19 19:48:14 | 000,211,072 | r--- | m] (uli electronics inc.) [kernel | boot | running] -- c:\windows\system32\drivers\m5288.sys -- (m5288)
    drv - [2006-02-26 17:22:48 | 000,010,240 | ---- | m] (nvidia corporation) [kernel | on_demand | stopped] -- c:\windows\system32\drivers\nvmpu401.sys -- (nvmpu401) service for nvidia(r) nforce(tm)
    drv - [2005-07-04 15:21:00 | 000,052,480 | r--- | m] (uli electronics inc.) [kernel | boot | running] -- c:\windows\system32\drivers\m5289.sys -- (m5289)


    ========== standard registry (safelist) ==========


    ========== internet explorer ==========

    ie - hklm\..\searchscopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
    ie - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = http://www.bing.com/search?q={searchterms}&form=ie8src


    ie - hku\.default\software\microsoft\windows\currentver sion\internet settings: "proxyenable" = 0

    ie - hku\s-1-5-18\software\microsoft\windows\currentversion\inter net settings: "proxyenable" = 0



    ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,secondary start pages = http://facebook.com/ [binary data]
    ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,start page = http://www.google.nl/
    ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,start page redirect cache = http://nl.msn.com/?ocid=iehp
    ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,start page redirect cache acceptlangs = nl
    ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,start page redirect cache_timestamp = f0 ad c1 14 ec 47 cc 01 [binary data]
    ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\..\searchscopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
    ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = http://www.bing.com/search?q={searchterms}&src=ie-searchbox&form=ie8src
    ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\windows\currentversion\int ernet settings: "proxyenable" = 0


    ========== firefox ==========

    ff - hklm\software\mozillaplugins\@adobe.com/shockwaveplayer: c:\windows\system32\adobe\director\np32dsw.dll (adobe systems, inc.)
    ff - hklm\software\mozillaplugins\@google.com/nppicasa3,version=3.0.0: c:\program files\google\picasa3\nppicasa3.dll (google, inc.)
    ff - hklm\software\mozillaplugins\@java.com/javaplugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll (oracle corporation)
    ff - hklm\software\mozillaplugins\@microsoft.com/genuine: disabled file not found
    ff - hklm\software\mozillaplugins\@microsoft.com/npctrl,version=1.0: c:\program files\microsoft silverlight\4.1.10111.0\npctrl.dll ( microsoft corporation)
    ff - hklm\software\mozillaplugins\@microsoft.com/officeauthz,version=14.0: c:\progra~1\micros~3\office14\npauthz.dll (microsoft corporation)
    ff - hklm\software\mozillaplugins\@microsoft.com/sharepoint,version=14.0: c:\progra~1\micros~3\office14\npspwrap.dll (microsoft corporation)
    ff - hklm\software\mozillaplugins\@nero.com/km: c:\progra~1\common~1\nero\browse~1\npbrow~1.dll (nero ag)
    ff - hklm\software\mozillaplugins\@zylom.com/zylomgamesplayer: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll (zylom)
    ff - hkcu\software\mozillaplugins\@thrixxx.com/weblaunch: c:\program files\thrixxx\weblaunch\binaries\npweblaunch.dll file not found



    o1 hosts file: ([2012-03-11 12:49:52 | 000,000,859 | ---- | m]) - c:\windows\system32\drivers\etc\hosts

    o2 - bho: (explorerbho class) - {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\classicexplorer32.dll (ivosoft)
    o2 - bho: (groove gfs browser helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office14\grooveex.dll (microsoft corporation)
    o2 - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program files\microsoft office\office14\urlredir.dll (microsoft corporation)
    o2 - bho: (java(tm) plug-in 2 ssv helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll (oracle corporation)
    o3 - hklm\..\toolbar: (classic explorer bar) - {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\classicexplorer32.dll (ivosoft)
    o4 - hklm..\run: [adobecs4servicemanager] c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe (adobe systems incorporated)
    o4 - hklm..\run: [bcssync] c:\program files\microsoft office\office14\bcssync.exe (microsoft corporation)
    o4 - hklm..\run: [classic start menu] c:\program files\classic shell\classicstartmenu.exe (ivosoft)
    o4 - hklm..\run: [malwarebytes' anti-malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe (malwarebytes corporation)
    o4 - hklm..\run: [msc] c:\program files\microsoft security client\msseces.exe (microsoft corporation)
    o4 - hklm..\run: [nusb3mon] c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe (renesas electronics corporation)
    o4 - hklm..\runonce: [malwarebytes anti-malware (cleanup)] c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll (malwarebytes corporation)
    o4 - hku\s-1-5-19..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
    o4 - hku\s-1-5-20..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
    o4 - startup: c:\users\alexander\appdata\roaming\microsoft\windo ws\start menu\programs\startup\sabnzbd.lnk = c:\program files\sabnzbd\sabnzbd.exe ()
    o4 - startup: c:\users\anja\appdata\roaming\microsoft\windows\st art menu\programs\startup\dropbox.lnk = file not found
    o6 - hklm\software\microsoft\windows\currentversion\pol icies\system: consentpromptbehavioruser = 3
    o6 - hklm\software\microsoft\windows\currentversion\pol icies\system: consentpromptbehavioradmin = 0
    o6 - hklm\software\microsoft\windows\currentversion\pol icies\system: promptonsecuredesktop = 0
    o6 - hklm\software\microsoft\windows\currentversion\pol icies\system: localaccounttokenfilterpolicy = 0
    o6 - hklm\software\microsoft\windows\currentversion\pol icies\system: enablelinkedconnections = 1
    o7 - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\windows\currentversion\pol icies\explorer: nodrivetypeautorun = 145
    o7 - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\windows\currentversion\pol icies\explorer: nodesktop = 0
    o8 - extra context menu item: add to google photos screensa&ver - c:\windows\system32\gphotos.scr (google inc.)
    o8 - extra context menu item: e&xporteren naar microsoft excel - c:\program files\microsoft office\office14\excel.exe (microsoft corporation)
    o13 - gopher prefix: missing
    o16 - dpf: {233c1507-6a77-46a4-9443-f871f945d258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (shockwave activex control)
    o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (java plug-in 10.1.0)
    o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab (messengerstatsclient class)
    o16 - dpf: {cafeefac-0016-0000-0025-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (java plug-in 1.6.0_25)
    o16 - dpf: {cafeefac-0017-0000-0001-abcdeffedcba} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (java plug-in 1.7.0_01)
    o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (java plug-in 1.7.0_01)
    o16 - dpf: {e6f480fc-bd44-4cba-b74a-89af7842937d} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (reg error: key error.)
    o16 - dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab (minesweeper flags class)
    o17 - hklm\system\ccs\services\tcpip\parameters: dhcpnameserver = 192.168.0.1
    o17 - hklm\system\ccs\services\tcpip\parameters\interfac es\{848fdce2-d440-457c-8b50-e80147d5f0be}: dhcpnameserver = 192.168.0.1
    o17 - hklm\system\ccs\services\tcpip\parameters\interfac es\{fa67fbbd-4ac8-4099-9f22-3234183ecdca}: dhcpnameserver = 192.168.0.1
    o20 - hklm winlogon: shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
    o20 - hklm winlogon: userinit - (c:\windows\system32\userinit.exe) - c:\windows\system32\userinit.exe (microsoft corporation)
    o20 - hklm winlogon: vmapplet - (systempropertiesperformance.exe) - c:\windows\system32\systempropertiesperformance.exe (microsoft corporation)
    o20 - hklm winlogon: vmapplet - (/pagefile) - file not found
    o20 - hku\s-1-5-21-1772702603-541345436-1298147513-1002 winlogon: shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
    o20 - hku\s-1-5-21-1772702603-541345436-1298147513-1002 winlogon: userinit - (c:\windows\system32\userinit.exe) - c:\windows\system32\userinit.exe (microsoft corporation)
    o21 - ssodl: webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
    o28 - hklm shellexecutehooks: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office14\grooveex.dll (microsoft corporation)
    o32 - hklm cdrom: autorun - 1
    o32 - autorun file - [2009-06-10 23:42:20 | 000,000,024 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
    o34 - hklm bootexecute: (autocheck autochk *)
    o35 - hklm\..comfile [open] -- "%1" %*
    o35 - hklm\..exefile [open] -- "%1" %*
    o37 - hklm\...com [@ = comfile] -- "%1" %*
    o37 - hklm\...exe [@ = exefile] -- "%1" %*

    ========== files/folders - created within 30 days ==========

    [2012-04-18 00:37:09 | 000,000,000 | ---d | c] -- c:\windows\pss
    [2012-04-18 00:08:13 | 000,000,000 | ---d | c] -- c:\programdata\hitmanpro
    [2012-04-18 00:06:52 | 000,000,000 | ---d | c] -- c:\users\alexander\nieuwe map
    [2012-04-17 23:48:14 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{e1bb5744-0bb6-490a-8e0f-8f32eb175e66}
    [2012-04-17 23:48:03 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{6f0120a1-1580-49ea-8f79-83c144fb4e92}
    [2012-04-17 23:03:21 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware
    [2012-04-17 23:03:19 | 000,022,344 | ---- | c] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
    [2012-04-16 17:25:46 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{87ddf74a-439c-4057-95ae-bb50ef5a11ac}
    [2012-04-16 17:25:36 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{e6bc2aed-97a8-4421-9d29-6c93e515a88d}
    [2012-04-15 14:46:51 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{31ce6bbc-2fcc-4c83-8e88-a674d7d275a9}
    [2012-04-15 14:46:40 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{d6846fea-3432-4ec2-913f-80457b464c39}
    [2012-04-13 07:49:10 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{527477ec-b3c0-4ad1-9760-e42f4b046262}
    [2012-04-13 07:49:00 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{31011154-068c-4952-a973-8d4854f58711}
    [2012-04-12 19:48:36 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{d9228532-0079-441b-9edb-467cba4600b1}
    [2012-04-12 19:48:26 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{bbc17437-2578-4167-a503-c9f6b0e5b564}
    [2012-04-11 22:26:02 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{d834d613-eb20-4fab-9130-56b2dd54ba1c}
    [2012-04-11 22:25:52 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{05436bbd-509d-4bd8-b46b-7064de2ae9e7}
    [2012-04-11 07:22:24 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{7cb0b219-9344-43c3-b108-b70a1991df0e}
    [2012-04-11 07:22:13 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{06d9c0bf-93b1-41ea-b4a2-1d79beb2ed58}
    [2012-04-10 15:38:10 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{8085bfaa-2c44-4017-870f-7c024bc2b1de}
    [2012-04-10 15:38:00 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{2fc07a09-728f-4bed-8aaf-106e28767275}
    [2012-04-10 15:37:45 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\virtualstore
    [2012-04-09 14:17:46 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\dvdfab 8 qt
    [2012-04-09 14:17:39 | 000,000,000 | ---d | c] -- c:\program files\dvdfab 8 qt
    [2012-04-09 10:03:35 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\roaming\symantec
    [2012-04-09 09:57:48 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{88123464-6a0f-47c5-ae3d-c2b4357334f9}
    [2012-04-09 09:57:38 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\{f1d93624-ca71-4f4d-863f-4f1cc39fbd5a}
    [2012-04-09 09:53:53 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\windows live
    [2012-04-09 09:51:17 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\save2pc
    [2012-04-09 09:51:16 | 000,000,000 | ---d | c] -- c:\program files\fdrlab
    [2012-04-04 18:54:35 | 000,000,000 | ---d | c] -- c:\program files\microsoft synchronization services
    [2012-04-04 18:54:34 | 000,000,000 | ---d | c] -- c:\program files\common files\designer
    [2012-04-04 18:54:18 | 000,000,000 | ---d | c] -- c:\program files\microsoft sql server compact edition
    [2012-04-04 18:53:18 | 000,000,000 | ---d | c] -- c:\program files\microsoft analysis services
    [2012-04-04 18:52:31 | 000,000,000 | rh-d | c] -- c:\msocache
    [2012-04-04 18:16:18 | 000,000,000 | ---d | c] -- c:\users\alexander\desktop\nieuwe map (2)
    [2012-04-02 08:06:13 | 000,000,000 | ---d | c] -- c:\users\alexander\desktop\nieuwe samenstelling daan
    [2012-04-02 08:02:41 | 000,000,000 | ---d | c] -- c:\users\alexander\desktop\backup daan
    [2012-04-01 09:18:06 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\ambrasoft familiepakket 0910
    [2012-04-01 09:15:39 | 000,000,000 | ---d | c] -- c:\program files\common files\ambrasoft
    [2012-04-01 09:15:39 | 000,000,000 | ---d | c] -- c:\program files\ambrasoft
    [2012-04-01 08:52:04 | 000,000,000 | ---d | c] -- c:\users\alexander\documents\4videosoft studio
    [2012-04-01 08:50:40 | 000,000,000 | ---d | c] -- c:\program files\4videosoft studio
    [2012-03-30 20:29:04 | 000,000,000 | ---d | c] -- c:\users\alexander\documents\belastingdienst
    [2012-03-30 20:29:04 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\roaming\belastingdienst
    [2012-03-30 20:08:52 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\roaming\divx
    [2012-03-30 20:01:50 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\ziggotvstreamer
    [2012-03-30 20:01:48 | 000,000,000 | ---d | c] -- c:\program files\ziggotvstreamer
    [2012-03-30 18:53:42 | 000,000,000 | ---d | c] -- c:\users\alexander\documents\my cheat tables
    [2012-03-30 18:53:29 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\cheat engine 6.1
    [2012-03-30 18:53:25 | 000,000,000 | ---d | c] -- c:\program files\cheat engine 6.1
    [2012-03-25 21:19:29 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\pctv systems
    [2012-03-25 21:16:20 | 000,000,000 | ---d | c] -- c:\programdata\pctv systems
    [2012-03-25 21:15:58 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\divx
    [2012-03-25 21:15:58 | 000,000,000 | ---d | c] -- c:\program files\divx
    [2012-03-25 20:46:32 | 000,000,000 | ---d | c] -- c:\program files\installdir
    [2012-03-25 11:59:28 | 000,000,000 | ---d | c] -- c:\pc_play&learn
    [2012-03-20 20:50:34 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\apple
    [2012-03-19 17:47:42 | 000,000,000 | ---d | c] -- c:\programdata\xml_param
    [2012-03-19 17:44:53 | 000,000,000 | ---d | c] -- c:\users\alexander\documents\wondershare video converter platinum
    [2012-03-19 17:44:33 | 000,892,928 | ---- | c] (free software foundation) -- c:\windows\system32\iconv.dll
    [2012-03-19 17:44:29 | 000,000,000 | ---d | c] -- c:\program files\wondershare
    [2011-10-28 22:15:19 | 000,047,360 | ---- | c] (vso software) -- c:\users\alexander\appdata\roaming\pcouffin.sys
    [2010-11-28 07:30:28 | 317,590,022 | ---- | c] (user, nocompany, E-MAILADRES VERWIJDERD - Stuur een privébericht naar deze gebruiker i.p.v. een e-mail.) -- c:\program files\office2003nl.exe
    [1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

    ========== files - modified within 30 days ==========

    [2012-04-18 00:31:00 | 000,000,940 | ---- | m] () -- c:\windows\tasks\adobe flash player updater.job
    [2012-04-18 00:26:04 | 000,054,016 | ---- | m] () -- c:\windows\system32\drivers\kjwswvst.sys
    [2012-04-18 00:23:23 | 000,017,360 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
    [2012-04-18 00:23:23 | 000,017,360 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
    [2012-04-18 00:23:14 | 000,886,814 | ---- | m] () -- c:\windows\system32\perfh013.dat
    [2012-04-18 00:23:14 | 000,702,158 | ---- | m] () -- c:\windows\system32\perfh009.dat
    [2012-04-18 00:23:14 | 000,199,608 | ---- | m] () -- c:\windows\system32\perfc013.dat
    [2012-04-18 00:23:14 | 000,161,944 | ---- | m] () -- c:\windows\system32\perfc009.dat
    [2012-04-18 00:16:11 | 000,067,584 | --s- | m] () -- c:\windows\bootstat.dat
    [2012-04-18 00:15:35 | 000,003,288 | ---- | m] () -- c:\bootsqm.dat
    [2012-04-17 23:03:22 | 000,001,067 | ---- | m] () -- c:\users\public\desktop\malwarebytes anti-malware.lnk
    [2012-04-17 16:20:42 | 000,021,504 | ---- | m] () -- c:\windows\system32\umstartup.etl
    [2012-04-12 19:48:32 | 000,001,101 | ---- | m] () -- c:\users\alexander\application data\microsoft\internet explorer\quick launch\microsoft outlook.lnk
    [2012-04-09 15:09:17 | 000,054,156 | -h-- | m] () -- c:\windows\qtfont.qfn
    [2012-04-09 15:09:17 | 000,001,409 | ---- | m] () -- c:\windows\qtfont.for
    [2012-04-09 14:17:48 | 000,001,011 | ---- | m] () -- c:\users\alexander\desktop\dvdfab profile editor.lnk
    [2012-04-09 14:17:48 | 000,000,998 | ---- | m] () -- c:\users\alexander\application data\microsoft\internet explorer\quick launch\dvdfab 8 qt.lnk
    [2012-04-09 14:17:48 | 000,000,974 | ---- | m] () -- c:\users\alexander\desktop\dvdfab 8 qt.lnk
    [2012-04-09 09:55:06 | 099,957,822 | ---- | m] () -- c:\users\alexander\desktop\kids club rkc waalwijk rondleiding en persconferentie.avi
    [2012-04-09 09:51:18 | 000,001,064 | ---- | m] () -- c:\users\alexander\desktop\save2pc ultimate.lnk
    [2012-04-05 14:23:01 | 003,707,344 | ---- | m] () -- c:\windows\system32\fntcache.dat
    [2012-04-04 19:18:07 | 000,203,776 | ---- | m] () -- c:\users\alexander\documents\lynnverjaardag.pub
    [2012-04-04 19:05:26 | 000,008,192 | ---- | m] () -- c:\windows\system32\srvany.exe
    [2012-04-04 18:55:30 | 000,003,119 | ---- | m] () -- c:\users\alexander\desktop\microsoft outlook 2010.lnk
    [2012-04-04 15:56:40 | 000,022,344 | ---- | m] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
    [2012-04-01 09:18:06 | 000,001,034 | ---- | m] () -- c:\users\public\desktop\familiepakket 0910.lnk
    [2012-03-30 20:01:50 | 000,001,049 | ---- | m] () -- c:\users\alexander\desktop\ziggotvstreamer.lnk
    [2012-03-30 18:53:32 | 000,001,043 | ---- | m] () -- c:\users\alexander\desktop\cheat engine.lnk
    [2012-03-30 18:47:15 | 000,112,862 | ---- | m] () -- c:\windows\run32a50.mch
    [2012-03-30 18:40:44 | 000,000,213 | ---- | m] () -- c:\windows\mfont.dat
    [2012-03-30 18:09:01 | 000,000,035 | ---- | m] () -- c:\windows\a5w.ini
    [2012-03-25 21:19:34 | 000,000,349 | ---- | m] () -- c:\users\public\documents\pclechal.ini
    [1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

    ========== files created - no company name ==========

    [2012-04-18 00:26:04 | 000,054,016 | ---- | c] () -- c:\windows\system32\drivers\kjwswvst.sys
    [2012-04-18 00:15:35 | 000,003,288 | ---- | c] () -- c:\bootsqm.dat
    [2012-04-17 23:03:22 | 000,001,067 | ---- | c] () -- c:\users\public\desktop\malwarebytes anti-malware.lnk
    [2012-04-09 15:09:17 | 000,054,156 | -h-- | c] () -- c:\windows\qtfont.qfn
    [2012-04-09 15:09:17 | 000,001,409 | ---- | c] () -- c:\windows\qtfont.for
    [2012-04-09 14:17:48 | 000,001,011 | ---- | c] () -- c:\users\alexander\desktop\dvdfab profile editor.lnk
    [2012-04-09 14:17:48 | 000,000,998 | ---- | c] () -- c:\users\alexander\application data\microsoft\internet explorer\quick launch\dvdfab 8 qt.lnk
    [2012-04-09 14:17:48 | 000,000,974 | ---- | c] () -- c:\users\alexander\desktop\dvdfab 8 qt.lnk
    [2012-04-09 09:56:31 | 000,002,432 | ---- | c] () -- c:\programdata\microsoft\windows\start menu\programs\windows live messenger.lnk
    [2012-04-09 09:53:34 | 099,957,822 | ---- | c] () -- c:\users\alexander\desktop\kids club rkc waalwijk rondleiding en persconferentie.avi
    [2012-04-09 09:51:18 | 000,001,064 | ---- | c] () -- c:\users\alexander\desktop\save2pc ultimate.lnk
    [2012-04-04 19:18:36 | 000,001,101 | ---- | c] () -- c:\users\alexander\application data\microsoft\internet explorer\quick launch\microsoft outlook.lnk
    [2012-04-04 19:18:06 | 000,203,776 | ---- | c] () -- c:\users\alexander\documents\lynnverjaardag.pub
    [2012-04-04 19:06:07 | 000,008,192 | ---- | c] () -- c:\windows\system32\srvany.exe
    [2012-04-04 18:55:30 | 000,003,119 | ---- | c] () -- c:\users\alexander\desktop\microsoft outlook 2010.lnk
    [2012-04-02 19:51:54 | 000,000,940 | ---- | c] () -- c:\windows\tasks\adobe flash player updater.job
    [2012-04-01 09:18:06 | 000,001,034 | ---- | c] () -- c:\users\public\desktop\familiepakket 0910.lnk
    [2012-03-30 20:01:50 | 000,001,049 | ---- | c] () -- c:\users\alexander\desktop\ziggotvstreamer.lnk
    [2012-03-30 18:53:32 | 000,001,043 | ---- | c] () -- c:\users\alexander\desktop\cheat engine.lnk
    [2012-03-25 21:18:51 | 000,000,349 | ---- | c] () -- c:\users\public\documents\pclechal.ini
    [2012-03-19 17:44:33 | 000,675,840 | ---- | c] () -- c:\windows\system32\ac3filter.ax
    [2011-12-15 15:17:08 | 000,000,064 | ---- | c] () -- c:\windows\system32\rp_stats.dat
    [2011-12-15 15:17:08 | 000,000,044 | ---- | c] () -- c:\windows\system32\rp_rules.dat
    [2011-10-28 22:15:19 | 000,087,608 | ---- | c] () -- c:\users\alexander\appdata\roaming\inst.exe
    [2011-10-28 22:15:19 | 000,007,887 | ---- | c] () -- c:\users\alexander\appdata\roaming\pcouffin.cat
    [2011-10-28 22:15:19 | 000,001,144 | ---- | c] () -- c:\users\alexander\appdata\roaming\pcouffin.inf
    [2011-10-25 21:26:36 | 000,650,752 | ---- | c] () -- c:\windows\system32\xvidcore.dll
    [2011-10-25 21:26:36 | 000,240,640 | ---- | c] () -- c:\windows\system32\xvidvfw.dll
    [2011-10-09 21:27:27 | 000,087,552 | ---- | c] () -- c:\windows\system32\cpwmon2k.dll
    [2011-08-31 19:46:18 | 000,145,804 | ---- | c] () -- c:\windows\system32\igcompkrng600.bin
    [2011-08-31 19:46:14 | 000,216,000 | ---- | c] () -- c:\windows\system32\igfcg600m.bin
    [2011-08-31 19:46:10 | 000,963,116 | ---- | c] () -- c:\windows\system32\igkrng600.bin
    [2011-08-31 19:46:00 | 000,056,832 | ---- | c] () -- c:\windows\system32\igdde32.dll
    [2011-08-31 19:26:20 | 013,903,872 | ---- | c] () -- c:\windows\system32\ig4icd32.dll
    [2011-08-31 19:15:48 | 000,004,096 | ---- | c] ( ) -- c:\windows\system32\igfxdevlib.dll
    [2011-08-31 19:14:12 | 000,000,151 | ---- | c] () -- c:\windows\system32\gfxui.exe.config
    [2011-08-31 19:13:52 | 000,094,208 | ---- | c] () -- c:\windows\system32\icclibdll.dll
    [2011-08-27 08:42:47 | 000,302,592 | ---- | c] () -- c:\windows\mauninst.exe
    [2011-08-24 20:33:27 | 000,000,392 | ---- | c] () -- c:\windows\odbc.ini
    [2011-08-20 10:51:02 | 000,000,213 | ---- | c] () -- c:\windows\mfont.dat
    [2011-08-20 10:50:50 | 000,000,035 | ---- | c] () -- c:\windows\a5w.ini
    [2011-08-20 10:32:16 | 000,000,053 | ---- | c] () -- c:\windows\davilex.ini
    [2011-08-17 10:28:45 | 000,004,096 | ---- | c] () -- c:\windows\d3dx.dat
    [2011-07-30 13:45:27 | 000,110,032 | ---- | c] () -- c:\windows\system32\aloaha_prntmon.dll
    [2011-07-25 21:47:49 | 000,000,069 | ---- | c] () -- c:\windows\nerodigital.ini
    [2011-07-23 08:22:34 | 000,000,034 | ---- | c] () -- c:\windows\cdplayer.ini
    [2011-05-21 09:14:14 | 000,061,024 | ---- | c] () -- c:\windows\system32\zlib.dll
    [2011-05-07 23:48:01 | 000,021,552 | ---- | c] () -- c:\windows\system32\emptyregdb.dat
    [2011-05-02 11:25:52 | 000,001,769 | ---- | c] () -- c:\windows\language_trs.ini
    [2011-04-01 01:49:01 | 000,080,416 | ---- | c] () -- c:\windows\system32\rtnicprop32.dll
    [2010-11-28 00:20:13 | 000,002,857 | ---- | c] () -- c:\windows\system32\atipblag.dat
    [2010-11-21 01:57:58 | 000,886,814 | ---- | c] () -- c:\windows\system32\perfh013.dat
    [2010-11-21 01:57:58 | 000,341,322 | ---- | c] () -- c:\windows\system32\perfi013.dat
    [2010-11-21 01:57:58 | 000,199,608 | ---- | c] () -- c:\windows\system32\perfc013.dat
    [2010-11-21 01:57:58 | 000,043,068 | ---- | c] () -- c:\windows\system32\perfd013.dat
    [2010-11-20 23:29:34 | 000,080,896 | ---- | c] () -- c:\windows\system32\rdvghelper.exe
    [2010-11-20 23:29:26 | 000,066,048 | ---- | c] () -- c:\windows\system32\printbrmui.exe
    [2010-11-03 22:19:39 | 000,013,216 | ---- | c] () -- c:\windows\system32\drivers\asacpi.sys
    [2010-10-13 13:16:35 | 000,000,008 | rhs- | c] () -- c:\programdata\ntuser.pol
    [2010-10-11 21:30:43 | 000,175,616 | ---- | c] () -- c:\windows\system32\unrar.dll
    [2010-08-08 13:29:04 | 000,000,711 | ---- | c] () -- c:\windows\system32\rtslcs.dll

    ========== lop check ==========

    [2011-10-28 22:07:11 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\anvsoft
    [2012-03-05 22:48:08 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\avidemux
    [2012-03-30 20:35:23 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\belastingdienst
    [2012-02-05 13:41:19 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\downloaded installations
    [2012-04-09 08:45:09 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\dropbox
    [2011-09-08 21:41:17 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\grabit
    [2011-09-25 17:33:00 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\jumb-o-fun games
    [2011-12-17 12:45:05 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\makemusic
    [2011-08-18 21:46:32 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\thrixxx
    [2011-07-22 21:00:02 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\tuneup software
    [2011-08-17 11:37:41 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\tweetdeckfast.f ff259dc0ce2657847bbb4aff0e62062efc56543.1
    [2011-11-12 01:31:25 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\vso
    [2012-03-05 14:34:59 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\xilisoft
    [2011-07-31 10:24:04 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\zylom
    [2012-03-06 17:50:58 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\avidemux
    [2012-03-14 21:28:33 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\belastingdienst
    [2011-08-27 09:34:08 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\blamgames
    [2011-08-29 22:08:11 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\charles
    [2012-04-16 15:37:59 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\dropbox
    [2011-09-05 22:28:22 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\grabit
    [2011-08-31 18:55:16 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\jumb-o-fun games
    [2011-07-21 21:00:01 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\tuneup software
    [2011-10-02 13:04:53 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\tweetdeckfast.fff259 dc0ce2657847bbb4aff0e62062efc56543.1
    [2012-03-06 19:05:18 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\xilisoft
    [2012-04-09 16:56:38 | 000,000,000 | ---d | m] -- c:\users\lynn\appdata\roaming\belastingdienst
    [2012-01-26 08:59:44 | 000,000,000 | ---d | m] -- c:\users\lynn\appdata\roaming\dropbox
    [2012-01-12 09:00:02 | 000,000,000 | ---d | m] -- c:\users\lynn\appdata\roaming\tuneup software
    [2011-05-07 23:46:03 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\expert pdf editor
    [2011-07-21 20:38:04 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\free download manager
    [2011-05-07 23:46:03 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\iobit
    [2011-05-07 23:46:05 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\tuneup software
    [2011-05-07 23:46:05 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\ursoft
    [2012-04-17 23:47:24 | 000,032,544 | ---- | m] () -- c:\windows\tasks\schedlgu.txt

    ========== purity check ==========



    ========== alternate data streams ==========

    @alternate data stream - 166 bytes -> c:\programdata\temp:b3d74a13
    @alternate data stream - 128 bytes -> c:\programdata\temp:dfc5a2b2
    @alternate data stream - 127 bytes -> c:\programdata\temp:430c6d84
    < end of report >

  7. #7
    New Member
    Geregistreerd
    18 april 2012
    Berichten
    3
    Bedankt
    0
    Is bedankt: 0

    Standaard Re: Ook Buma/Stemra virus (nieuwe versie)

    OTL Extras logfile created on: 18-4-2012 0:38:42 - Run 1
    OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\Alexander\Downloads
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    2,91 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 57,97% Memory free
    5,83 Gb Paging File | 4,40 Gb Available in Paging File | 75,51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465,66 Gb Total Space | 222,84 Gb Free Space | 47,85% Space Free | Partition Type: NTFS
    Drive D: | 100,00 Mb Total Space | 78,71 Mb Free Space | 78,71% Space Free | Partition Type: NTFS

    Computer Name: WIN732 | User Name: Alexander | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
    "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
    "{12947715-B6F0-4597-816F-5E13FB647921}_is1" = Spotnet
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
    "{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{3634C1D4-934F-45C0-8105-B77B021136D8}" = PCStreams
    "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE}" = Microsoft .NET Framework 4 Extended NLD Language Pack
    "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client NL-NL Language Pack
    "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
    "{574F093F-C32E-4265-9C25-BB09B3802ACD}" = TuneUp Utilities Language Pack (nl-NL)
    "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
    "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
    "{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
    "{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
    "{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
    "{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
    "{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
    "{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUS_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
    "{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUS_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
    "{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
    "{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUS_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
    "{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
    "{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90170413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
    "{90850413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{90AF0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{95140000-007F-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA86C803-F195-4593-A9EC-24D26D4F9C7E}" = Classic Shell
    "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
    "{AC76BA86-7AD7-1043-7B44-A94000000001}" = Adobe Reader 9.4.4 - Nederlands
    "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
    "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B7E01095-8BAA-456E-8AED-504C3CCADBA0}" = Nero 11
    "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
    "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
    "{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
    "{EBC4C458-CFBF-49A6-9437-1E6F9A561210}" = AmbraSoft Familiepakket 0910
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F2558AA8-506F-4C58-AB64-C05C6F675756}" = RT 7 Lite x86
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
    "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
    "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
    "{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFFF19AB-1C8D-42BA-A18A-396F06B4F488}" = PCStreams
    "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "CCleaner" = CCleaner
    "Cheat Engine 6.1_is1" = Cheat Engine 6.1
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "DVDFab 8 Qt_is1" = DVDFab 8.1.7.5 (07/04/2012) Qt
    "FLV Player2.0.25" = FLV Player
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.61.0.1400
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Picasa 3" = Picasa 3
    "QuickTime" = QuickTime
    "SABnzbd" = SABnzbd 0.6.8
    "save2pc Ultimate_is1" = save2pc Ultimate 5.11
    "SopCast" = SopCast 3.4.8
    "Sure Cuts A Lot_is1" = Sure Cuts A Lot 1.007
    "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC 56543.1" = TweetDeck
    "Web Album Generator_is1" = Web Album Generator 1.8.2
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "Xvid Video Codec 1.3.1" = Xvid Video Codec
    "ZiggoTVStreamer_is1" = ZiggoTVStreamer

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1772702603-541345436-1298147513-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
    "b6dd32bfba89e6fb" = Shutdown Monitor

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7-4-2012 3:58:12 | Computer Name = Win732 | Source = SideBySide | ID = 16842824
    Description = Kan activeringscontext voor 'c:\program files\microsoft security client\MSESysprep.dll'
    niet maken. Fout in manifest of beleidsbestand 'c:\program files\microsoft security
    client\MSESysprep.dll' op regel 10. Het element imaging wordt weergegeven als onderliggend
    element van element urn:schemas-microsoft-com:asm.v1^assembly, wat niet door deze
    versie van Windows wordt ondersteund.

    Error - 7-4-2012 3:59:28 | Computer Name = Win732 | Source = SideBySide | ID = 16842785
    Description = Kan activeringscontext voor 'c:\program files\Nero\Nero 11\nero backitup\NBVSSTool_x64.exe'
    niet maken. Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64 ",publicKeyToken="6595b64144ccf1df",type="win32",v ersion="6.0.0.0"
    niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

    Error - 7-4-2012 14:01:45 | Computer Name = Win732 | Source = WinMgmt | ID = 10
    Description =

    Error - 8-4-2012 1:10:57 | Computer Name = Win732 | Source = WinMgmt | ID = 10
    Description =

    Error - 9-4-2012 1:50:24 | Computer Name = Win732 | Source = WinMgmt | ID = 10
    Description =

    Error - 9-4-2012 2:46:36 | Computer Name = Win732 | Source = WinMgmt | ID = 10
    Description =

    Error - 9-4-2012 3:55:05 | Computer Name = Win732 | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Kan toepassing of service 'Windows Live Messenger' niet afsluiten.

    Error - 9-4-2012 3:55:37 | Computer Name = Win732 | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Kan toepassing of service 'Internet Explorer' niet afsluiten.

    Error - 9-4-2012 3:55:37 | Computer Name = Win732 | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Kan toepassing of service 'Internet Explorer' niet afsluiten.

    Error - 9-4-2012 3:55:37 | Computer Name = Win732 | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Kan toepassing of service 'Internet Explorer' niet afsluiten.

    [ System Events ]
    Error - 17-4-2012 17:49:26 | Computer Name = Win732 | Source = Service Control Manager | ID = 7023
    Description = De PnP-X IP Bus Enumerator-service is gestopt met de volgende foutcode:
    %%-2147023728.

    Error - 17-4-2012 17:57:26 | Computer Name = Win732 | Source = Ntfs | ID = 262199
    Description = De structuur van het bestandssysteem op de schijf is beschadigd en
    onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume \Device\HarddiskVolume2.

    Error - 17-4-2012 18:00:46 | Computer Name = Win732 | Source = volmgr | ID = 262190
    Description = Crashdumpinitialisatie is mislukt!

    Error - 17-4-2012 18:00:51 | Computer Name = Win732 | Source = volmgr | ID = 262190
    Description = Crashdumpinitialisatie is mislukt!

    Error - 17-4-2012 18:02:58 | Computer Name = Win732 | Source = Service Control Manager | ID = 7023
    Description = De PnP-X IP Bus Enumerator-service is gestopt met de volgende foutcode:
    %%-2147023728.

    Error - 17-4-2012 18:10:54 | Computer Name = Win732 | Source = Ntfs | ID = 262199
    Description = De structuur van het bestandssysteem op de schijf is beschadigd en
    onbruikbaar. Voer het hulpprogramma Chkdsk uit op volume \Device\HarddiskVolume2.

    Error - 17-4-2012 18:16:07 | Computer Name = Win732 | Source = volmgr | ID = 262190
    Description = Crashdumpinitialisatie is mislukt!

    Error - 17-4-2012 18:16:09 | Computer Name = Win732 | Source = volmgr | ID = 262190
    Description = Crashdumpinitialisatie is mislukt!

    Error - 17-4-2012 18:16:29 | Computer Name = Win732 | Source = Microsoft Antimalware | ID = 3002
    Description = Real-timebeveiligingsonderdeel van %%860 heeft een fout aangetroffen
    en is niet uitgevoerd. Onderdeel: %%835 Foutcode: 0x80004005 Foutbeschrijving: Niet
    nader omschreven fout Reden: %%842

    Error - 17-4-2012 18:18:19 | Computer Name = Win732 | Source = Service Control Manager | ID = 7023
    Description = De PnP-X IP Bus Enumerator-service is gestopt met de volgende foutcode:
    %%-2147023728.


    < End of report >

  8. #8
    Moderator Abraham54's schermafbeelding
    Geregistreerd
    9 augustus 2007
    Locatie
    Grootste stad in Twente
    Berichten
    70.192
    Bedankt
    13
    Is bedankt: 823

    Standaard Re: Ook Buma/Stemra virus (nieuwe versie)

    Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters!

    Start OTL
    • Plak de volgende (vetgedrukte, blauwe tekst) onder Custom Scans/Fixes


      :OTL
      [1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
      @alternate data stream - 166 bytes -> c:\programdata\temp:b3d74a13
      @alternate data stream - 128 bytes -> c:\programdata\temp:dfc5a2b2
      @alternate data stream - 127 bytes -> c:\programdata\temp:430c6d84
      < end of report >

      :Services


      :Reg


      :Files


      :Commands
      [purity]

      [emptytemp]
      [emptyjava]
      [emptyflash]
      [createrestorepoint]
      [reboot]


    • Klik daarna bovenaan op de knop Run Fix
    • Laat het programma ongestoord zijn werk doen.
    • De pc zal na afloop opnieuw opgestart worden.
    • Post tevens de inhoud van het OTL-scanlog
    Proud member of


    Wens je als dank voor de goede hulp een donatie te doen? Kijk dan
    hier

    Waarom geïnformeerde mensen Google Chrome gebruiken, is onverklaarbaar voor mij.
    Het is niets meer dan een vermomming om persoonlijke data te collecteren, net zo als zusje Google toolbar dat doet
    .

  9. #9
    New Member
    Geregistreerd
    18 april 2012
    Berichten
    3
    Bedankt
    0
    Is bedankt: 0

    Standaard Re: Ook Buma/Stemra virus (nieuwe versie)

    Goedeavond,

    Bedankt voor je reactie ik heb de fix gedraaid en daar is onderstaand log uit voortgekomen. Mijn pc werkt weer naar behoren behalve dat ik het taakbeheer niet kan opstarten PC geeft aan dat "taakbeheer is uitgeschakeld door de systeembeheerder.

    All processes killed
    ========== OTL ==========
    c:\windows\msdownld.tmp folder deleted successfully.
    ADS c:\programdata\temp:b3d74a13 deleted successfully.
    ADS c:\programdata\temp:dfc5a2b2 deleted successfully.
    ADS c:\programdata\temp:430c6d84 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alexander
    ->Temp folder emptied: 193912 bytes
    ->Temporary Internet Files folder emptied: 72935127 bytes
    ->Java cache emptied: 50986088 bytes
    ->Flash cache emptied: 58644 bytes

    User: All Users

    User: Anja
    ->Temp folder emptied: 158748481 bytes
    ->Temporary Internet Files folder emptied: 270648527 bytes
    ->Java cache emptied: 15060963 bytes
    ->Google Chrome cache emptied: 8852285 bytes
    ->Flash cache emptied: 324082 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Lynn
    ->Temp folder emptied: 32424097 bytes
    ->Temporary Internet Files folder emptied: 319284216 bytes
    ->Java cache emptied: 21223 bytes
    ->Flash cache emptied: 186815 bytes

    User: Public

    User: user
    ->Temp folder emptied: 336017 bytes
    ->Temporary Internet Files folder emptied: 5049055 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 485 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 536610 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 281 bytes

    Total Files Cleaned = 892,00 mb


    [EMPTYJAVA]

    User: Alexander
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Anja
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Lynn
    ->Java cache emptied: 0 bytes

    User: Public

    User: user
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Alexander
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Anja
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Lynn
    ->Flash cache emptied: 0 bytes

    User: Public

    User: user
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb



    OTL by OldTimer - Version 3.2.40.0 log created on 04182012_210308

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

  10. #10
    Moderator Abraham54's schermafbeelding
    Geregistreerd
    9 augustus 2007
    Locatie
    Grootste stad in Twente
    Berichten
    70.192
    Bedankt
    13
    Is bedankt: 823

    Standaard Re: Ook Buma/Stemra virus (nieuwe versie)

    Post maar een nieuw OTL-log.
    Het tweede log wordt daarbij niet meer aangemaakt.
    Proud member of


    Wens je als dank voor de goede hulp een donatie te doen? Kijk dan
    hier

    Waarom geïnformeerde mensen Google Chrome gebruiken, is onverklaarbaar voor mij.
    Het is niets meer dan een vermomming om persoonlijke data te collecteren, net zo als zusje Google toolbar dat doet
    .



Soortgelijke discussies

  1. laptop met probleem
    By marcel-beets in forum Hardware Problemen
    Reacties: 82
    Laatste bericht: 25 augustus 2007, 11:24
  2. Onbekend Virus
    By Youssef123456789 in forum Beveiliging
    Reacties: 59
    Laatste bericht: 5 juni 2007, 16:54
  3. Reacties: 0
    Laatste bericht: 24 maart 2007, 18:27
  4. Reacties: 1
    Laatste bericht: 22 maart 2007, 02:37
  5. Beveilig uw Pc optimaal (kopie)
    By *Kingpin* in forum Beveiliging
    Reacties: 0
    Laatste bericht: 29 april 2004, 22:06

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •