[Opgelost] windows 7 niet legitiem maar is het wel

[BartL]

Hallo allemaal,

Ik start net mijn pc op en ik krijg een melding dat windows 7 niet legitiem is, maar dat klopt niet. Toen kreeg ik een site van microsoft waar ik een update moet installeren. Nadat ik dat gedaan had stond er op de site dat windows niet geactiveerd is met een legitieme code. Weet iemand wat ik nu moet doen?

Bart

 

[Abraham54]

Re: windows 7 niet legitiem maar is het wel

Hallo Bart, ik heb jouw topic inmiddels verplaatst.
Meestal is het malware dat instelling veranderd.

Welk programma: OTL.exe
Waarvoor/waarom: multifunktioneel tool - analyse en fix
Moeilijkheidsgraad: geen.
Download: OTL.exe en plaats het bestand op het bureaublad.
Sluit voordat OTL.exe gaat scannen, eerst alle andere openstaande vensters!

OTL.exe gebruiken:

• Sluit nu eerst alle nog openstaande programmavensters!
  • Windows 2000 en Windows XP: dubbelklik op OTL.exe.
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op OTL.exe en kies voor "Als Administrator uitvoeren".

• Zet een vinkje bij Scan All Users, LOP Check en bij PURITY Check.
  
• Kopieer en plak ondervermelde (vetgedrukte, blauwe tekst) in het kader onder
  
  
  
  netsvcs
  BASESERVICES
  DRIVES
  netsvcs
  msconfig
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.sys /90
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\System32\config\*.sav
  %PROGRAMFILES%\*
  %USERPROFILE%\..|smtmp;true;true;true /FP
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
• Klik vervolgens op de knop
  
  .
• Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
• De scan zal niet heel erg lang duren.
  • Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: OTL.Txt en Extras.txt.
  • Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.
• Notabene: indien het log niet in n bericht past, spreidt het dan over twee of meer berichten.

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

Bedankt voor je bericht abraham. Dit is wat er in otl.txt staat (moet in 2 berichten):

OTL logfile created on: 2-1-2013 12:22:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bart\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

7,91 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,93% Memory free
15,83 Gb Paging File | 14,08 Gb Available in Paging File | 88,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 22,35 Gb Free Space | 20,01% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 798,21 Gb Free Space | 85,69% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 70,34 Mb Free Space | 70,34% Space Free | Partition Type: NTFS

Computer Name: BART-PC | User Name: Bart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-01-02 12:20:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bart\Desktop\OTL.exe
PRC - [2012-12-21 13:12:48 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012-12-03 19:29:07 | 001,354,736 | ---- | M] (Valve Corporation) -- E:\Games\Steam.exe
PRC - [2012-10-26 15:29:25 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Bart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-10-10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-02-14 17:11:56 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-01-14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2012-01-06 10:47:32 | 001,711,616 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
PRC - [2011-12-28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2011-11-14 18:59:52 | 000,199,680 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\Corsair\K90 Keyboard\CorsTra.exe
PRC - [2011-04-14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2007-12-19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2012-12-21 13:12:51 | 000,647,168 | ---- | M] () -- E:\Games\sdl.dll
MOD - [2012-12-21 13:12:48 | 020,320,240 | ---- | M] () -- E:\Games\bin\libcef.dll
MOD - [2012-12-21 13:12:48 | 001,100,800 | ---- | M] () -- E:\Games\bin\avcodec-53.dll
MOD - [2012-12-21 13:12:48 | 000,969,280 | ---- | M] () -- E:\Games\bin\chromehtml.dll
MOD - [2012-12-21 13:12:48 | 000,192,000 | ---- | M] () -- E:\Games\bin\avformat-53.dll
MOD - [2012-12-21 13:12:48 | 000,124,416 | ---- | M] () -- E:\Games\bin\avutil-51.dll
MOD - [2012-05-30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\wincfi39.dll
MOD - [2012-01-14 12:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2011-12-28 16:29:18 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
MOD - [2011-04-14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2009-10-19 15:50:28 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Corsair\K90 Keyboard\hidGetKey.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-09-28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-12-21 13:12:48 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-12-13 15:47:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-10-10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe -- (NIS)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-02-14 17:11:56 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-01-01 19:13:41 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012-10-08 18:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012-10-03 18:40:36 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012-10-03 18:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2012-10-03 18:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012-09-28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-09-28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-07-27 20:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012-07-22 18:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012-05-24 22:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012-05-14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-21 17:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-09-21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011-09-12 12:37:45 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011-09-12 12:37:45 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011-06-21 09:38:24 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CORSGKB.sys -- (CORSGKB)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-02-14 18:19:56 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-10-01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010-03-23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013-01-01 19:46:28 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130101.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013-01-01 19:34:34 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130101.023\ex64.sys -- (NAVEX15)
DRV - [2013-01-01 19:34:34 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013-01-01 19:34:34 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130101.023\eng64.sys -- (NAVENG)
DRV - [2012-11-30 00:13:05 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012-08-18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-176856173-1054761186-3379111034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-176856173-1054761186-3379111034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-176856173-1054761186-3379111034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 85 61 F9 8C 77 CC 01 [binary data]
IE - HKU\S-1-5-21-176856173-1054761186-3379111034-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-176856173-1054761186-3379111034-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-176856173-1054761186-3379111034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bart\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bart\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013-01-01 19:13:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013-01-02 11:26:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-10-01 18:17:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011-09-30 15:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bart\AppData\Roaming\mozilla\Extensions
[2012-10-22 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-06-15 12:48:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012-09-01 09:54:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012-10-22 18:13:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2011-10-01 18:17:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-09-23 02:22:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-09-23 03:00:23 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2011-09-23 03:00:23 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011-09-23 03:00:23 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bart\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bart\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bart\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bart\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bart\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Zoeken = C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Norton Identity Protection = C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: Gmail = C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe (Corsair Components Inc)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-176856173-1054761186-3379111034-1000..\Run: [Spotify Web Helper] C:\Users\Bart\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-176856173-1054761186-3379111034-1000..\Run: [Steam] E:\Games\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 188.142.0.6 188.142.0.22 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6034FF8-D7E5-44B6-B34C-E9EEBAD03B70}: DhcpNameServer = 188.142.0.6 188.142.0.22 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-01-02 12:21:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bart\Desktop\OTL.exe
[2013-01-02 11:33:18 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Roaming\Malwarebytes
[2013-01-02 11:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-01-02 11:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-01-02 11:33:10 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-01-02 11:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-01-02 11:33:05 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Local\Programs
[2013-01-01 19:13:41 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013-01-01 19:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013-01-01 19:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013-01-01 19:13:35 | 001,133,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa64.sys
[2013-01-01 19:13:35 | 000,776,864 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys
[2013-01-01 19:13:35 | 000,493,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds64.sys
[2013-01-01 19:13:35 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys
[2013-01-01 19:13:35 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ironx64.sys
[2013-01-01 19:13:35 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.sys
[2013-01-01 19:13:35 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys
[2013-01-01 19:13:35 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symelam.sys
[2013-01-01 19:13:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1402000.013
[2013-01-01 19:12:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013-01-01 19:12:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013-01-01 19:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013-01-01 19:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2012-12-21 14:08:51 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012-12-21 14:08:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012-12-21 14:08:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012-12-21 14:08:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012-12-13 17:22:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-12-13 17:22:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-12-13 17:22:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-12-13 17:22:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-12-13 17:22:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-12-13 17:22:29 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-12-13 17:22:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-12-13 17:22:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-12-13 17:22:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-12-13 17:22:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-12-13 17:22:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-12-13 17:22:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-12-13 17:22:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-12-13 17:22:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-12-13 17:22:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012-12-13 15:44:59 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012-12-13 15:44:59 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012-12-13 15:44:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012-12-13 15:44:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012-12-13 15:44:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012-12-13 15:44:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012-12-13 15:44:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012-12-13 15:44:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012-12-13 15:44:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012-12-13 15:44:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012-12-13 15:44:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012-12-13 15:44:59 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012-12-13 15:44:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012-12-13 15:44:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012-12-13 15:44:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012-12-13 15:44:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012-12-13 15:44:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012-12-13 15:44:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012-12-13 15:44:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-12-13 15:44:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012-12-13 15:44:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012-12-13 15:44:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012-12-13 15:44:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012-12-13 15:44:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012-12-13 15:44:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012-12-13 15:44:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012-12-13 15:44:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012-12-13 15:44:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012-12-13 15:44:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012-12-13 15:44:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012-12-13 15:44:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012-12-13 15:44:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012-12-13 15:44:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012-12-13 15:44:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012-12-13 15:44:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012-12-13 15:44:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012-12-13 15:44:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012-12-13 15:44:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012-12-13 15:44:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012-12-13 15:44:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012-12-13 15:44:56 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012-12-13 15:44:56 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012-12-03 14:26:28 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012-12-03 14:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-12-03 14:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2013-01-02 12:20:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bart\Desktop\OTL.exe
[2013-01-02 11:47:13 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-01-02 11:47:12 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\VT20121114.016
[2013-01-02 11:33:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-01-02 11:32:13 | 001,549,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-01-02 11:32:13 | 000,701,548 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-01-02 11:32:13 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-01-02 11:32:13 | 000,133,580 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-01-02 11:32:13 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-01-02 11:32:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-176856173-1054761186-3379111034-1000UA.job
[2013-01-02 11:26:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-01-02 11:26:15 | 2078,724,095 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-01 19:58:57 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-01-01 19:58:57 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-01-01 19:13:47 | 001,988,035 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB
[2013-01-01 19:13:41 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013-01-01 19:13:41 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013-01-01 19:13:41 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013-01-01 19:05:31 | 000,000,199 | ---- | M] () -- C:\Users\Bart\Desktop\Half-Life 2.url
[2012-12-23 16:32:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-176856173-1054761186-3379111034-1000Core.job
[2012-12-22 17:06:12 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
[2012-12-21 17:57:30 | 000,275,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-12-16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012-12-16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012-12-16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012-12-16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012-12-14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-12-13 16:32:57 | 000,002,440 | ---- | M] () -- C:\Users\Bart\Desktop\Google Chrome.lnk
[2012-12-13 15:47:10 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-12-13 15:47:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-12-03 14:26:28 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2013-01-02 11:47:30 | 000,013,946 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\VT20121114.016
[2013-01-02 11:33:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-01-01 19:13:41 | 001,988,035 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\Cat.DB
[2013-01-01 19:13:41 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013-01-01 19:13:41 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013-01-01 19:13:35 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symelam64.cat
[2013-01-01 19:13:35 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.cat
[2013-01-01 19:13:35 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.cat
[2013-01-01 19:13:35 | 000,007,603 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa64.cat
[2013-01-01 19:13:35 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnet64.cat
[2013-01-01 19:13:35 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.cat
[2013-01-01 19:13:35 | 000,007,597 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds64.cat
[2013-01-01 19:13:35 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\iron.cat
[2013-01-01 19:13:35 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa.inf
[2013-01-01 19:13:35 | 000,002,851 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds.inf
[2013-01-01 19:13:35 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnet.inf
[2013-01-01 19:13:35 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.inf
[2013-01-01 19:13:35 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.inf
[2013-01-01 19:13:35 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symelam.inf
[2013-01-01 19:13:35 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.inf
[2013-01-01 19:13:35 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\iron.inf
[2013-01-01 19:13:35 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402000.013\isolate.ini
[2012-12-22 17:06:12 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
[2012-05-02 18:51:39 | 000,012,256 | ---- | C] () -- C:\Users\Bart\AppData\Local\Temp9.html
[2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-05-01 12:15:47 | 000,012,256 | ---- | C] () -- C:\Users\Bart\AppData\Local\Temp16.html
[2012-04-08 19:57:44 | 001,180,753 | ---- | C] () -- C:\Windows\unins001.exe
[2012-04-08 19:57:44 | 000,007,911 | ---- | C] () -- C:\Windows\unins001.dat
[2012-04-08 19:54:44 | 001,174,097 | ---- | C] () -- C:\Windows\unins000.exe
[2012-04-08 19:54:44 | 000,033,741 | ---- | C] () -- C:\Windows\unins000.dat
[2012-03-05 17:46:31 | 000,001,955 | ---- | C] () -- C:\Users\Bart\AppData\Local\Temp1.html
[2012-02-15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-02-15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-12-01 02:59:26 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011-10-25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011-10-21 17:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011-10-21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011-10-21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011-09-13 18:31:58 | 000,281,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-09-13 18:31:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-09-13 18:31:58 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011-09-13 18:13:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-09-13 18:07:56 | 000,000,017 | ---- | C] () -- C:\Users\Bart\AppData\Local\resmon.resmoncfg
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-04-09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-03-26 00:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011-03-26 00:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011-11-24 15:49:30 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\.minecraft
[2012-11-26 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Bioshock
[2012-04-08 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Corsair Vengeance
[2011-12-04 14:34:32 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Crayon Physics Deluxe
[2012-05-17 21:06:14 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\fltk.org
[2012-02-14 16:44:46 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\LolClient
[2012-05-24 11:41:55 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\LolClient2
[2013-01-01 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Mumble
[2012-03-05 18:07:51 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Notepad++
[2012-12-22 16:58:54 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Origin
[2012-01-10 17:13:00 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Razer
[2013-01-01 19:40:18 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Spotify
[2012-01-24 17:41:10 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\TS3Client
[2011-11-05 16:07:01 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Voxatron

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009-07-14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010-11-20 14:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009-07-14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010-11-20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010-11-20 14:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011-11-17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009-07-14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009-07-14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012-07-04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012-06-02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012-06-02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010-11-20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010-11-20 14:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010-11-20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011-03-03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009-07-14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009-07-14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009-07-14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009-07-14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010-11-20 14:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009-07-14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009-07-14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009-07-14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009-07-14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009-07-14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012-10-03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009-07-14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011-05-24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012-02-11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011-11-17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009-07-14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010-11-20 14:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010-11-20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010-11-20 14:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011-11-17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009-07-14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010-11-20 14:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010-11-20 14:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010-11-20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010-11-20 14:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010-11-20 14:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010-11-20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009-07-14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012-05-01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010-11-20 14:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010-11-20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010-11-20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010-11-20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010-11-20 14:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010-11-20 14:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010-11-20 14:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010-11-20 14:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010-11-20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009-07-14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012-06-02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010-11-20 14:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009-07-14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010-11-20 14:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

en deel 2

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103SJ ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: OCZ-AGILITY3 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932,00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100,00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 112,00GB
Starting Offset: 105906176
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2013-01-02 11:26:15 | 2078,724,095 | -HS- | M] () -- C:\hiberfil.sys
[2013-01-02 11:26:16 | 4203,290,623 | -HS- | M] () -- C:\pagefile.sys
[2011-11-10 17:00:26 | 000,006,288 | ---- | M] () -- C:\shared.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2009-07-14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011-10-01 18:17:28 | 000,714,720 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011-10-01 18:17:28 | 000,714,720 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011-10-01 18:17:28 | 000,714,720 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011-10-01 18:17:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011-10-01 18:17:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011-10-01 18:17:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Bart\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Bart\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Bart\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Bart\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012-02-05 12:43:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012-02-05 12:43:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012-02-05 12:43:19 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012-11-14 03:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012-11-14 03:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011-10-01 18:17:28 | 000,714,720 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011-10-01 18:17:28 | 000,714,720 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011-10-01 18:17:28 | 000,714,720 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011-10-01 18:17:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011-10-01 18:17:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011-10-01 18:17:29 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\BART\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\BART\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\BART\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\BART\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012-12-05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012-02-05 12:43:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012-02-05 12:43:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012-02-05 12:43:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012-11-14 03:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012-11-14 03:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< End of report >

---------- Bericht toegevoegd op 12:33 ---------- Vorige bericht was op 12:32 ----------

en nog extras.txt. Btw norton geeft veel meldingen van een exploit toolkit 4 of zoiets.

OTL Extras logfile created on: 2-1-2013 12:22:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bart\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

7,91 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,93% Memory free
15,83 Gb Paging File | 14,08 Gb Available in Paging File | 88,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 22,35 Gb Free Space | 20,01% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 798,21 Gb Free Space | 85,69% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 70,34 Mb Free Space | 70,34% Space Free | Partition Type: NTFS

Computer Name: BART-PC | User Name: Bart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011CF524-8EA3-44EF-ABE3-D0A5D59A1103}" = protocol=17 | dir=in | app=e:\games\steamapps\common\skyrim\skyrimlauncher.exe |
"{014DF63E-BCC8-41B4-BEC5-A667B54A5761}" = protocol=17 | dir=in | app=e:\games\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{03E2267E-BE78-4093-A46D-0E7BEFB7703F}" = protocol=17 | dir=in | app=e:\games\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{0A8B7B2E-C231-46A1-A896-2722732421A4}" = protocol=17 | dir=in | app=e:\games\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{0C95DE10-B081-4747-BE58-89280246427B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 open beta\bf3.exe |
"{10490AE6-0BCD-4BFB-B298-6FD212542513}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 open beta\bf3.exe |
"{105B0067-1140-4A2A-A9A4-3C09D94A0084}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{106C9057-82FB-479D-9A43-EC26510E1BA2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1131ECBD-9FC8-4D7D-BD11-947C87F82743}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{16AAEAD1-B5C2-47DB-A807-A775D527A539}" = protocol=17 | dir=in | app=e:\games\steamapps\common\trauma\trauma.exe |
"{19656762-A76C-4BCA-A6CC-B720A83CE914}" = protocol=6 | dir=in | app=e:\games 2\lotr\game.dat |
"{21F7605A-695E-4053-BEBB-DCF8CB0B211D}" = protocol=17 | dir=in | app=e:\games\steamapps\common\bioshock\builds\release\bioshock.exe |
"{26A352E9-E236-4E77-8081-35D76A16AAA9}" = protocol=17 | dir=in | app=e:\games\steamapps\common\spacechem\spacechem.exe |
"{28963B88-50F8-4894-BDA8-6862BB60F2C6}" = protocol=17 | dir=in | app=e:\games\steam.exe |
"{2994AE3E-FBB1-4E51-8046-F0EF600481DD}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds survivor\shadowgrounds survivor launcher.exe |
"{2B1D2CC6-2486-4E3C-A143-8F6BFEAF2A0E}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shank\bin\shank.exe |
"{2DD3C72A-20AA-4F51-B191-95A5359E4741}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{315EF14E-FC72-42B9-A003-989667ED6797}" = protocol=17 | dir=in | app=e:\games\steamapps\common\trine\trine_launcher.exe |
"{3B44E1EF-6E95-4C52-9A50-AA7E64C10868}" = protocol=17 | dir=in | app=e:\games\steamapps\common\the binding of isaac\binding_of_isaac.exe |
"{3D56CD07-DD80-482E-9A8B-62BF9BF1C18B}" = protocol=6 | dir=in | app=e:\games\steamapps\common\bioshock\builds\release\bioshock.exe |
"{3EBA0348-9B53-4976-A9C3-6C4E9FE05FB3}" = protocol=6 | dir=in | app=e:\games\steamapps\common\aquaria\aquaria.exe |
"{41743487-2A7F-4079-BCF2-CBD43927808B}" = protocol=6 | dir=in | app=e:\games\steamapps\common\trauma\trauma.exe |
"{4DD11632-FB02-4DEE-895A-26160F776422}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4FCE698A-332A-463D-9318-CFD6D4E78650}" = protocol=17 | dir=in | app=e:\games\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{520830F0-E314-4948-948B-286B621E05A8}" = protocol=6 | dir=in | app=e:\games\steamapps\common\the binding of isaac\isaac.exe |
"{53725602-E997-4B0D-83F1-6FFE7F94714C}" = protocol=6 | dir=in | app=e:\games\steamapps\common\bit.trip runner\runner.exe |
"{542C68DB-E623-4455-9CF3-7656DD863DF3}" = protocol=17 | dir=in | app=e:\games\steamapps\common\uplink\uplink.exe |
"{55D1AE72-9093-4896-B645-75FA887F5C06}" = protocol=6 | dir=in | app=e:\games\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{5889A1B2-271F-4B91-9AF6-6EBAE279E1B2}" = protocol=17 | dir=in | app=e:\games\steamapps\common\frozen synapse\frozensynapse.exe |
"{5C66171F-9D00-4DF1-9C3C-9F8204ECFE0A}" = protocol=6 | dir=in | app=e:\games\steamapps\common\spacechem\spacechem.exe |
"{5DF53CD2-89C0-4C77-B7FD-CD69D9D85413}" = protocol=6 | dir=in | app=e:\games\steamapps\common\the binding of isaac\binding_of_isaac.exe |
"{606A1284-89D5-4971-AFC0-E20AF526B065}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{6246A48D-9074-4564-9B97-5EA98FAE1EDB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{62B37F8A-7A1C-4C3B-A51C-2352141EB332}" = protocol=6 | dir=in | app=e:\games\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{636D8FAD-820E-4971-BB31-A96799D61161}" = protocol=6 | dir=in | app=e:\games\steamapps\common\crayon physics deluxe\launcher.exe |
"{67077BAA-5E66-4130-907B-B398829FD85A}" = protocol=17 | dir=in | app=e:\games\steamapps\common\gish\gish.exe |
"{69FA857C-968C-4A60-8C1D-870919AD796B}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds survivor\shadowgrounds survivor launcher.exe |
"{6A334FF5-DABB-463F-A097-86D2355CEE32}" = protocol=17 | dir=in | app=e:\games\steamapps\common\darwinia\darwinia.exe |
"{74A6AA1B-DA43-4B89-897A-F3EA25310975}" = protocol=6 | dir=in | app=e:\games\steamapps\common\metro 2033\metro2033.exe |
"{74AF9673-8DE2-4D23-810D-EFC55E00F355}" = protocol=6 | dir=in | app=e:\games\steamapps\common\portal 2\portal2.exe |
"{75B9C758-DDFD-4895-BE4A-46F35C9A1601}" = protocol=17 | dir=in | app=e:\games\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{81BB2C68-0611-4CFC-A22F-1F685D05B491}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{86624088-F3EB-4197-8477-626397C02919}" = protocol=6 | dir=in | app=e:\games\steamapps\common\gish\gish.exe |
"{86D8CF96-A212-4C0D-8AD7-70D647472664}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shank\bin\shank.exe |
"{8ABD06FF-4CA6-43F0-B3CE-C264B3332CAC}" = protocol=17 | dir=in | app=e:\games\steamapps\common\aquaria\aquaria.exe |
"{8B3C0A4F-1B93-4E1C-B985-4989EC8461E1}" = protocol=6 | dir=in | app=e:\games\steamapps\common\nightsky\nightsky.exe |
"{91CE5919-72F1-4AA7-979A-3F7F6BBCDE55}" = protocol=6 | dir=in | app=e:\games\steamapps\common\amnesia the dark descent\launcher.exe |
"{91D19AD3-8CCB-4798-9EA1-72E27A3D984B}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgroundseditor.exe |
"{9372B4B3-3E4A-4C9C-888E-E95BF90EBE5B}" = protocol=6 | dir=in | app=e:\games\steam.exe |
"{96142816-FA52-4238-8FC9-1921FCE3ABA3}" = protocol=17 | dir=in | app=e:\games\steamapps\common\gratuitous space battles\gsb.exe |
"{9CB10EDC-4001-45D3-A1DE-7C43500DDD4E}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds survivor\survivor.exe |
"{9F91C7A1-D4CA-4AFF-8FA3-E4787ACA29A5}" = protocol=6 | dir=in | app=e:\games\steamapps\common\skyrim\skyrimlauncher.exe |
"{A26A3D49-723F-43D2-B815-78A288FBE1C6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{A49C7630-414E-4847-97FA-4755A8C427E3}" = protocol=17 | dir=in | app=e:\games\steamapps\common\nightsky\nightsky.exe |
"{A949901D-6FA0-4907-9A19-B387D538C44F}" = protocol=6 | dir=in | app=e:\games\steamapps\common\darwinia\darwinia.exe |
"{B2E67AAF-B889-4EAF-B9BE-38055C27590D}" = protocol=17 | dir=in | app=e:\games\steamapps\common\metro 2033\metro2033.exe |
"{B598C02D-21FD-40E4-8335-06B091A25631}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BA364150-3ABA-4FAD-B59A-33189389C33B}" = protocol=6 | dir=in | app=e:\games\steamapps\common\uplink\uplink.exe |
"{BD46F1CE-7076-41D8-8E99-6A7367D0660B}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds survivor\survivor.exe |
"{C3604AF9-FA7C-4CC4-AE24-99778F91B591}" = protocol=6 | dir=in | app=e:\games\steamapps\common\frozen synapse\frozensynapse.exe |
"{C3C37E66-2DE6-4E24-98DB-A58DD6FCA85E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C6D1295E-A2A8-4E67-8BDB-34E80CEE3958}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C9846798-A549-4BCB-8324-135CD964F995}" = protocol=6 | dir=in | app=e:\games\steamapps\common\multiwinia\multiwinia.exe |
"{CA494CFB-29B0-4313-9177-5B92084EAA92}" = protocol=17 | dir=in | app=e:\games\steamapps\common\bit.trip runner\runner.exe |
"{CA647EEE-E94F-47D3-9A2D-DB9730F1DDB4}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{CFB05A9C-F44A-4EE7-95A8-534E6042E8BB}" = protocol=17 | dir=in | app=e:\games\steamapps\common\amnesia the dark descent\launcher.exe |
"{D082F14D-B68D-453A-B23C-A44032ECFD6E}" = protocol=6 | dir=in | app=e:\games\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{D2720EE6-8F6D-4844-BC1A-D205F2A260F6}" = protocol=6 | dir=in | app=e:\games\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{D4284DC4-357F-42DD-94CC-6A9A46ECB2E0}" = protocol=6 | dir=in | app=e:\games\steamapps\common\dirt 3\dirt3.exe |
"{DCFE4981-506D-4535-AB13-E9BFA18AA5DB}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{EA5F9540-944F-455D-971E-54E4F0319407}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{EAC75CB7-D388-4F8D-8AF8-06566E49C95E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{EAF465AE-2D5A-482C-BD29-A26F06943816}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgroundseditor.exe |
"{EE003202-0F38-490B-9C36-C14BA443A28F}" = protocol=17 | dir=in | app=e:\games 2\lotr\game.dat |
"{EE52911C-0CB3-44A3-9B12-57FD090F84C6}" = protocol=6 | dir=in | app=e:\games\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{EE77FF29-4B4D-4EBD-976B-7BBC2B93F12E}" = protocol=17 | dir=in | app=e:\games\steamapps\common\crayon physics deluxe\launcher.exe |
"{EE7A7249-0AB1-483B-B3D0-888FC5089165}" = protocol=17 | dir=in | app=e:\games\steamapps\common\the binding of isaac\isaac.exe |
"{F053DA10-59B0-4980-8597-94FBEC0FA9EA}" = protocol=17 | dir=in | app=e:\games\steamapps\common\portal 2\portal2.exe |
"{F41EFBED-4558-4523-B003-74DA1BC0220B}" = protocol=17 | dir=in | app=e:\games\steamapps\common\dirt 3\dirt3.exe |
"{F959513E-9EE5-4A88-901F-CAE8A41D8224}" = protocol=6 | dir=in | app=e:\games\steamapps\common\trine\trine_launcher.exe |
"{FB6607B1-F1E4-4522-ABB5-46040191A690}" = protocol=17 | dir=in | app=e:\games\steamapps\common\multiwinia\multiwinia.exe |
"{FFF3A43B-7EF2-4568-AE8F-E5BC6AA7FA2B}" = protocol=6 | dir=in | app=e:\games\steamapps\common\gratuitous space battles\gsb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WhoCrashed_is1" = WhoCrashed 3.04

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07309579-6D30-4769-A5D2-A8B0DCBDD59A}_is1" = Corsair K90 Firmware Update Application
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{25A18E40-3263-416E-B672-BE85DA47BBFD}" = Mumble 1.2.3
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3 Open Beta
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1" = Crayon Physics Deluxe version 55
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect 3 Demo
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Nederlands
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E87D1F6D-954D-4BB4-B49D-D394EB460A09}_is1" = Corsair K90 Gaming Keyboard Driver V1.0
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype 6.0
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo III" = Diablo III
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Jack Claw_is1" = Jack Claw
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.70.0.1100
"Mozilla Firefox 7.0.1 (x86 nl)" = Mozilla Firefox 7.0.1 (x86 nl)
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 111800" = Blocks That Matter
"Steam App 11200" = Shadowgrounds: Survivor
"Steam App 113200" = The Binding Of Isaac
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 18120" = Unstoppable Gorg
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 207610" = The Walking Dead
"Steam App 220" = Half-Life 2
"Steam App 22000" = World of Goo
"Steam App 240" = Counter-Strike: Source
"Steam App 24420" = Aquaria
"Steam App 2500" = Shadowgrounds
"Steam App 2505" = Shadowgrounds Editor
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 29180" = Osmos
"Steam App 30" = Day of Defeat
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35700" = Trine
"Steam App 380" = Half-Life 2: Episode One
"Steam App 38700" = Toki Tori
"Steam App 38740" = EDGE
"Steam App 40" = Deathmatch Classic
"Steam App 400" = Portal
"Steam App 40700" = Machinarium
"Steam App 40800" = Super Meat Boy
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 44320" = DiRT 3
"Steam App 4560" = Company of Heroes
"Steam App 48000" = LIMBO
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 60" = Ricochet
"Steam App 6120" = Shank
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 6860" = Hitman: Blood Money
"Steam App 70300" = VVVVVV
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7670" = BioShock
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 8850" = BioShock 2
"Steam App 91200" = Anomaly Warzone Earth
"Steam App 92800" = SpaceChem
"Steam App 94200" = Jamestown
"Steam App 9500" = Gish
"Steam App 98100" = TRAUMA
"Steam App 98200" = Frozen Synapse
"Steam App 98800" = Dungeons of Dredmor
"Steam App 99700" = NightSky
"Super Meat Boy v1.5_is1" = Super Meat Boy v1.5
"Voxatron" = Voxatron 0.1.4
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-176856173-1054761186-3379111034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19-7-2012 10:22:14 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma League of Legends.exe, versie 1.0.0.142 reageert niet
meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het
probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel
Onderhoudscentrum in het Configuratiescherm. Proces-id: fe8 Starttijd: 01cd65b9b655edb0

Eindtijd:
1 Toepassingspad: E:\leagueoflegends\LOL\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.165\deploy\League
of Legends.exe Rapport-id: 161b0f09-d1ad-11e1-ac54-002522cc2a2b

Error - 19-7-2012 10:22:36 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma rads_user_kernel.exe, versie 0.0.0.0 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 1178 Starttijd: 01cd65b9e1027916 Eindtijd: 1

Toepassingspad:
E:\leagueoflegends\LOL\League of Legends\RADS\system\rads_user_kernel.exe Rapport-id:
2c9e05cb-d1ad-11e1-ac54-002522cc2a2b

Error - 19-7-2012 10:22:57 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma rads_user_kernel.exe, versie 0.0.0.0 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 13ac Starttijd: 01cd65b9f2a07750 Eindtijd: 1

Toepassingspad:
E:\leagueoflegends\LOL\League of Legends\RADS\system\rads_user_kernel.exe Rapport-id:
38eb4fc8-d1ad-11e1-ac54-002522cc2a2b

Error - 19-7-2012 10:27:24 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma rads_user_kernel.exe, versie 0.0.0.0 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: a44 Starttijd: 01cd65ba8f86c97c Eindtijd: 0 Toepassingspad:
E:\leagueoflegends\LOL\League of Legends\RADS\system\rads_user_kernel.exe Rapport-id:
d92dd834-d1ad-11e1-ac54-002522cc2a2b

Error - 24-11-2012 9:08:54 | Computer Name = Bart-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: bioshock.exe, versie: 1.0.0.0, tijdstempel:
0x474f5a3a Naam van module met fout: kernel32.dll, versie: 6.1.7601.17932, tijdstempel:
0x50327671 Uitzonderingscode: 0xc0000005 Foutoffset: 0x000113b0 Id van proces met
fout: 0x1278 Starttijd van toepassing met fout: 0x01cdca3ecc10ef77 Pad naar toepassing
met fout: E:\Games\steamapps\common\Bioshock\Builds\Release\bioshock.exe Pad naar
module met fout: C:\Windows\syswow64\kernel32.dll Rapport-id: 188a35e6-3638-11e2-912c-002522cc2a2b

Error - 8-12-2012 11:56:33 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma rads_user_kernel.exe, versie 0.0.0.0 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 884 Starttijd: 01cdd55c8b737170 Eindtijd: 2 Toepassingspad:
E:\leagueoflegends\LOL\League of Legends\RADS\system\rads_user_kernel.exe Rapport-id:
d335ad27-414f-11e2-a65e-002522cc2a2b

Error - 2-1-2013 6:29:39 | Computer Name = Bart-PC | Source = Software Protection Platform Service | ID = 8200
Description = Details van het mislukken van ophalen van licentie. hr=0xC004C533

Error - 2-1-2013 6:29:39 | Computer Name = Bart-PC | Source = Software Protection Platform Service | ID = 8208
Description = Ophalen van een legitiem ticket is mislukt (hr=0xC004C533) voor sjabloon
met id 66c92734-d682-4d71-983e-d6ec3f16059f

Error - 2-1-2013 6:36:45 | Computer Name = Bart-PC | Source = Software Protection Platform Service | ID = 8200
Description = Details van het mislukken van ophalen van licentie. hr=0xC004C533

Error - 2-1-2013 6:36:45 | Computer Name = Bart-PC | Source = Software Protection Platform Service | ID = 8208
Description = Ophalen van een legitiem ticket is mislukt (hr=0xC004C533) voor sjabloon
met id 66c92734-d682-4d71-983e-d6ec3f16059f

[ System Events ]
Error - 20-4-2012 13:19:26 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Steam Client Service.

Error - 20-4-2012 13:19:26 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7000
Description = De Steam Client Service-service kan vanwege de volgende fout niet
worden gestart: %%1053

Error - 1-5-2012 6:56:02 | Computer Name = Bart-PC | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 12:52:53 op ?1-?5-?2012 is
onverwacht gebeurd.

Error - 17-5-2012 11:10:46 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Steam Client Service.

Error - 17-5-2012 11:10:46 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7000
Description = De Steam Client Service-service kan vanwege de volgende fout niet
worden gestart: %%1053

Error - 18-5-2012 6:51:49 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Steam Client Service.

Error - 18-5-2012 6:51:49 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7000
Description = De Steam Client Service-service kan vanwege de volgende fout niet
worden gestart: %%1053

Error - 21-5-2012 10:01:17 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Steam Client Service.

Error - 21-5-2012 10:01:17 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7000
Description = De Steam Client Service-service kan vanwege de volgende fout niet
worden gestart: %%1053


< End of report >

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

en nog extras.txt. Norton geeft trouwens veel meldingen van een exploit toolkit website 4. edit: norton zegt dit elke keer als ik deze site refresh dus het heeft hier niks mee te maken.

OTL Extras logfile created on: 2-1-2013 12:22:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bart\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

7,91 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,93% Memory free
15,83 Gb Paging File | 14,08 Gb Available in Paging File | 88,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 22,35 Gb Free Space | 20,01% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 798,21 Gb Free Space | 85,69% Space Free | Partition Type: NTFS
Drive F: | 100,00 Mb Total Space | 70,34 Mb Free Space | 70,34% Space Free | Partition Type: NTFS

Computer Name: BART-PC | User Name: Bart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011CF524-8EA3-44EF-ABE3-D0A5D59A1103}" = protocol=17 | dir=in | app=e:\games\steamapps\common\skyrim\skyrimlauncher.exe |
"{014DF63E-BCC8-41B4-BEC5-A667B54A5761}" = protocol=17 | dir=in | app=e:\games\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{03E2267E-BE78-4093-A46D-0E7BEFB7703F}" = protocol=17 | dir=in | app=e:\games\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{0A8B7B2E-C231-46A1-A896-2722732421A4}" = protocol=17 | dir=in | app=e:\games\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{0C95DE10-B081-4747-BE58-89280246427B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 open beta\bf3.exe |
"{10490AE6-0BCD-4BFB-B298-6FD212542513}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3 open beta\bf3.exe |
"{105B0067-1140-4A2A-A9A4-3C09D94A0084}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{106C9057-82FB-479D-9A43-EC26510E1BA2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1131ECBD-9FC8-4D7D-BD11-947C87F82743}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{16AAEAD1-B5C2-47DB-A807-A775D527A539}" = protocol=17 | dir=in | app=e:\games\steamapps\common\trauma\trauma.exe |
"{19656762-A76C-4BCA-A6CC-B720A83CE914}" = protocol=6 | dir=in | app=e:\games 2\lotr\game.dat |
"{21F7605A-695E-4053-BEBB-DCF8CB0B211D}" = protocol=17 | dir=in | app=e:\games\steamapps\common\bioshock\builds\release\bioshock.exe |
"{26A352E9-E236-4E77-8081-35D76A16AAA9}" = protocol=17 | dir=in | app=e:\games\steamapps\common\spacechem\spacechem.exe |
"{28963B88-50F8-4894-BDA8-6862BB60F2C6}" = protocol=17 | dir=in | app=e:\games\steam.exe |
"{2994AE3E-FBB1-4E51-8046-F0EF600481DD}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds survivor\shadowgrounds survivor launcher.exe |
"{2B1D2CC6-2486-4E3C-A143-8F6BFEAF2A0E}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shank\bin\shank.exe |
"{2DD3C72A-20AA-4F51-B191-95A5359E4741}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{315EF14E-FC72-42B9-A003-989667ED6797}" = protocol=17 | dir=in | app=e:\games\steamapps\common\trine\trine_launcher.exe |
"{3B44E1EF-6E95-4C52-9A50-AA7E64C10868}" = protocol=17 | dir=in | app=e:\games\steamapps\common\the binding of isaac\binding_of_isaac.exe |
"{3D56CD07-DD80-482E-9A8B-62BF9BF1C18B}" = protocol=6 | dir=in | app=e:\games\steamapps\common\bioshock\builds\release\bioshock.exe |
"{3EBA0348-9B53-4976-A9C3-6C4E9FE05FB3}" = protocol=6 | dir=in | app=e:\games\steamapps\common\aquaria\aquaria.exe |
"{41743487-2A7F-4079-BCF2-CBD43927808B}" = protocol=6 | dir=in | app=e:\games\steamapps\common\trauma\trauma.exe |
"{4DD11632-FB02-4DEE-895A-26160F776422}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{4FCE698A-332A-463D-9318-CFD6D4E78650}" = protocol=17 | dir=in | app=e:\games\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{520830F0-E314-4948-948B-286B621E05A8}" = protocol=6 | dir=in | app=e:\games\steamapps\common\the binding of isaac\isaac.exe |
"{53725602-E997-4B0D-83F1-6FFE7F94714C}" = protocol=6 | dir=in | app=e:\games\steamapps\common\bit.trip runner\runner.exe |
"{542C68DB-E623-4455-9CF3-7656DD863DF3}" = protocol=17 | dir=in | app=e:\games\steamapps\common\uplink\uplink.exe |
"{55D1AE72-9093-4896-B645-75FA887F5C06}" = protocol=6 | dir=in | app=e:\games\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{5889A1B2-271F-4B91-9AF6-6EBAE279E1B2}" = protocol=17 | dir=in | app=e:\games\steamapps\common\frozen synapse\frozensynapse.exe |
"{5C66171F-9D00-4DF1-9C3C-9F8204ECFE0A}" = protocol=6 | dir=in | app=e:\games\steamapps\common\spacechem\spacechem.exe |
"{5DF53CD2-89C0-4C77-B7FD-CD69D9D85413}" = protocol=6 | dir=in | app=e:\games\steamapps\common\the binding of isaac\binding_of_isaac.exe |
"{606A1284-89D5-4971-AFC0-E20AF526B065}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{6246A48D-9074-4564-9B97-5EA98FAE1EDB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{62B37F8A-7A1C-4C3B-A51C-2352141EB332}" = protocol=6 | dir=in | app=e:\games\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{636D8FAD-820E-4971-BB31-A96799D61161}" = protocol=6 | dir=in | app=e:\games\steamapps\common\crayon physics deluxe\launcher.exe |
"{67077BAA-5E66-4130-907B-B398829FD85A}" = protocol=17 | dir=in | app=e:\games\steamapps\common\gish\gish.exe |
"{69FA857C-968C-4A60-8C1D-870919AD796B}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds survivor\shadowgrounds survivor launcher.exe |
"{6A334FF5-DABB-463F-A097-86D2355CEE32}" = protocol=17 | dir=in | app=e:\games\steamapps\common\darwinia\darwinia.exe |
"{74A6AA1B-DA43-4B89-897A-F3EA25310975}" = protocol=6 | dir=in | app=e:\games\steamapps\common\metro 2033\metro2033.exe |
"{74AF9673-8DE2-4D23-810D-EFC55E00F355}" = protocol=6 | dir=in | app=e:\games\steamapps\common\portal 2\portal2.exe |
"{75B9C758-DDFD-4895-BE4A-46F35C9A1601}" = protocol=17 | dir=in | app=e:\games\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{81BB2C68-0611-4CFC-A22F-1F685D05B491}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{86624088-F3EB-4197-8477-626397C02919}" = protocol=6 | dir=in | app=e:\games\steamapps\common\gish\gish.exe |
"{86D8CF96-A212-4C0D-8AD7-70D647472664}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shank\bin\shank.exe |
"{8ABD06FF-4CA6-43F0-B3CE-C264B3332CAC}" = protocol=17 | dir=in | app=e:\games\steamapps\common\aquaria\aquaria.exe |
"{8B3C0A4F-1B93-4E1C-B985-4989EC8461E1}" = protocol=6 | dir=in | app=e:\games\steamapps\common\nightsky\nightsky.exe |
"{91CE5919-72F1-4AA7-979A-3F7F6BBCDE55}" = protocol=6 | dir=in | app=e:\games\steamapps\common\amnesia the dark descent\launcher.exe |
"{91D19AD3-8CCB-4798-9EA1-72E27A3D984B}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgroundseditor.exe |
"{9372B4B3-3E4A-4C9C-888E-E95BF90EBE5B}" = protocol=6 | dir=in | app=e:\games\steam.exe |
"{96142816-FA52-4238-8FC9-1921FCE3ABA3}" = protocol=17 | dir=in | app=e:\games\steamapps\common\gratuitous space battles\gsb.exe |
"{9CB10EDC-4001-45D3-A1DE-7C43500DDD4E}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds survivor\survivor.exe |
"{9F91C7A1-D4CA-4AFF-8FA3-E4787ACA29A5}" = protocol=6 | dir=in | app=e:\games\steamapps\common\skyrim\skyrimlauncher.exe |
"{A26A3D49-723F-43D2-B815-78A288FBE1C6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{A49C7630-414E-4847-97FA-4755A8C427E3}" = protocol=17 | dir=in | app=e:\games\steamapps\common\nightsky\nightsky.exe |
"{A949901D-6FA0-4907-9A19-B387D538C44F}" = protocol=6 | dir=in | app=e:\games\steamapps\common\darwinia\darwinia.exe |
"{B2E67AAF-B889-4EAF-B9BE-38055C27590D}" = protocol=17 | dir=in | app=e:\games\steamapps\common\metro 2033\metro2033.exe |
"{B598C02D-21FD-40E4-8335-06B091A25631}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BA364150-3ABA-4FAD-B59A-33189389C33B}" = protocol=6 | dir=in | app=e:\games\steamapps\common\uplink\uplink.exe |
"{BD46F1CE-7076-41D8-8E99-6A7367D0660B}" = protocol=17 | dir=in | app=e:\games\steamapps\common\shadowgrounds survivor\survivor.exe |
"{C3604AF9-FA7C-4CC4-AE24-99778F91B591}" = protocol=6 | dir=in | app=e:\games\steamapps\common\frozen synapse\frozensynapse.exe |
"{C3C37E66-2DE6-4E24-98DB-A58DD6FCA85E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C6D1295E-A2A8-4E67-8BDB-34E80CEE3958}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{C9846798-A549-4BCB-8324-135CD964F995}" = protocol=6 | dir=in | app=e:\games\steamapps\common\multiwinia\multiwinia.exe |
"{CA494CFB-29B0-4313-9177-5B92084EAA92}" = protocol=17 | dir=in | app=e:\games\steamapps\common\bit.trip runner\runner.exe |
"{CA647EEE-E94F-47D3-9A2D-DB9730F1DDB4}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{CFB05A9C-F44A-4EE7-95A8-534E6042E8BB}" = protocol=17 | dir=in | app=e:\games\steamapps\common\amnesia the dark descent\launcher.exe |
"{D082F14D-B68D-453A-B23C-A44032ECFD6E}" = protocol=6 | dir=in | app=e:\games\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{D2720EE6-8F6D-4844-BC1A-D205F2A260F6}" = protocol=6 | dir=in | app=e:\games\steamapps\common\red faction guerrilla\rfg_launcher.exe |
"{D4284DC4-357F-42DD-94CC-6A9A46ECB2E0}" = protocol=6 | dir=in | app=e:\games\steamapps\common\dirt 3\dirt3.exe |
"{DCFE4981-506D-4535-AB13-E9BFA18AA5DB}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{EA5F9540-944F-455D-971E-54E4F0319407}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{EAC75CB7-D388-4F8D-8AF8-06566E49C95E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.0\sonarhost.exe |
"{EAF465AE-2D5A-482C-BD29-A26F06943816}" = protocol=6 | dir=in | app=e:\games\steamapps\common\shadowgrounds\shadowgroundseditor.exe |
"{EE003202-0F38-490B-9C36-C14BA443A28F}" = protocol=17 | dir=in | app=e:\games 2\lotr\game.dat |
"{EE52911C-0CB3-44A3-9B12-57FD090F84C6}" = protocol=6 | dir=in | app=e:\games\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{EE77FF29-4B4D-4EBD-976B-7BBC2B93F12E}" = protocol=17 | dir=in | app=e:\games\steamapps\common\crayon physics deluxe\launcher.exe |
"{EE7A7249-0AB1-483B-B3D0-888FC5089165}" = protocol=17 | dir=in | app=e:\games\steamapps\common\the binding of isaac\isaac.exe |
"{F053DA10-59B0-4980-8597-94FBEC0FA9EA}" = protocol=17 | dir=in | app=e:\games\steamapps\common\portal 2\portal2.exe |
"{F41EFBED-4558-4523-B003-74DA1BC0220B}" = protocol=17 | dir=in | app=e:\games\steamapps\common\dirt 3\dirt3.exe |
"{F959513E-9EE5-4A88-901F-CAE8A41D8224}" = protocol=6 | dir=in | app=e:\games\steamapps\common\trine\trine_launcher.exe |
"{FB6607B1-F1E4-4522-ABB5-46040191A690}" = protocol=17 | dir=in | app=e:\games\steamapps\common\multiwinia\multiwinia.exe |
"{FFF3A43B-7EF2-4568-AE8F-E5BC6AA7FA2B}" = protocol=6 | dir=in | app=e:\games\steamapps\common\gratuitous space battles\gsb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WhoCrashed_is1" = WhoCrashed 3.04

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07309579-6D30-4769-A5D2-A8B0DCBDD59A}_is1" = Corsair K90 Firmware Update Application
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{25A18E40-3263-416E-B672-BE85DA47BBFD}" = Mumble 1.2.3
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1" = Crayon Physics Deluxe version 55
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Nederlands
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E87D1F6D-954D-4BB4-B49D-D394EB460A09}_is1" = Corsair K90 Gaming Keyboard Driver V1.0
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"Diablo III" = Diablo III
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Jack Claw_is1" = Jack Claw
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.70.0.1100
"Mozilla Firefox 7.0.1 (x86 nl)" = Mozilla Firefox 7.0.1 (x86 nl)
"NIS" = Norton Internet Security
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 111800" = Blocks That Matter
"Steam App 11200" = Shadowgrounds: Survivor
"Steam App 113200" = The Binding Of Isaac
"Steam App 1500" = Darwinia
"Steam App 1510" = Uplink
"Steam App 1520" = DEFCON
"Steam App 1530" = Multiwinia
"Steam App 18120" = Unstoppable Gorg
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 20500" = Red Faction: Guerrilla
"Steam App 207610" = The Walking Dead
"Steam App 220" = Half-Life 2
"Steam App 22000" = World of Goo
"Steam App 240" = Counter-Strike: Source
"Steam App 24420" = Aquaria
"Steam App 2500" = Shadowgrounds
"Steam App 2505" = Shadowgrounds Editor
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 29180" = Osmos
"Steam App 30" = Day of Defeat
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 35700" = Trine
"Steam App 380" = Half-Life 2: Episode One
"Steam App 38700" = Toki Tori
"Steam App 38740" = EDGE
"Steam App 40" = Deathmatch Classic
"Steam App 400" = Portal
"Steam App 40700" = Machinarium
"Steam App 40800" = Super Meat Boy
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 44320" = DiRT 3
"Steam App 4560" = Company of Heroes
"Steam App 48000" = LIMBO
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 60" = Ricochet
"Steam App 6120" = Shank
"Steam App 620" = Portal 2
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 6860" = Hitman: Blood Money
"Steam App 70300" = VVVVVV
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7670" = BioShock
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 8850" = BioShock 2
"Steam App 91200" = Anomaly Warzone Earth
"Steam App 92800" = SpaceChem
"Steam App 94200" = Jamestown
"Steam App 9500" = Gish
"Steam App 98100" = TRAUMA
"Steam App 98200" = Frozen Synapse
"Steam App 98800" = Dungeons of Dredmor
"Steam App 99700" = NightSky
"Super Meat Boy v1.5_is1" = Super Meat Boy v1.5
"Voxatron" = Voxatron 0.1.4
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-176856173-1054761186-3379111034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19-7-2012 10:22:14 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma League of Legends.exe, versie 1.0.0.142 reageert niet
meer op Windows en is afgesloten. Als u wilt zien of er meer informatie over het
probleem beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel
Onderhoudscentrum in het Configuratiescherm. Proces-id: fe8 Starttijd: 01cd65b9b655edb0

Eindtijd:
1 Toepassingspad: E:\leagueoflegends\LOL\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.165\deploy\League
of Legends.exe Rapport-id: 161b0f09-d1ad-11e1-ac54-002522cc2a2b

Error - 19-7-2012 10:22:36 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma rads_user_kernel.exe, versie 0.0.0.0 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 1178 Starttijd: 01cd65b9e1027916 Eindtijd: 1

Toepassingspad:
E:\leagueoflegends\LOL\League of Legends\RADS\system\rads_user_kernel.exe Rapport-id:
2c9e05cb-d1ad-11e1-ac54-002522cc2a2b

Error - 19-7-2012 10:22:57 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma rads_user_kernel.exe, versie 0.0.0.0 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 13ac Starttijd: 01cd65b9f2a07750 Eindtijd: 1

Toepassingspad:
E:\leagueoflegends\LOL\League of Legends\RADS\system\rads_user_kernel.exe Rapport-id:
38eb4fc8-d1ad-11e1-ac54-002522cc2a2b

Error - 19-7-2012 10:27:24 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma rads_user_kernel.exe, versie 0.0.0.0 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: a44 Starttijd: 01cd65ba8f86c97c Eindtijd: 0 Toepassingspad:
E:\leagueoflegends\LOL\League of Legends\RADS\system\rads_user_kernel.exe Rapport-id:
d92dd834-d1ad-11e1-ac54-002522cc2a2b

Error - 24-11-2012 9:08:54 | Computer Name = Bart-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: bioshock.exe, versie: 1.0.0.0, tijdstempel:
0x474f5a3a Naam van module met fout: kernel32.dll, versie: 6.1.7601.17932, tijdstempel:
0x50327671 Uitzonderingscode: 0xc0000005 Foutoffset: 0x000113b0 Id van proces met
fout: 0x1278 Starttijd van toepassing met fout: 0x01cdca3ecc10ef77 Pad naar toepassing
met fout: E:\Games\steamapps\common\Bioshock\Builds\Release\bioshock.exe Pad naar
module met fout: C:\Windows\syswow64\kernel32.dll Rapport-id: 188a35e6-3638-11e2-912c-002522cc2a2b

Error - 8-12-2012 11:56:33 | Computer Name = Bart-PC | Source = Application Hang | ID = 1002
Description = Het programma rads_user_kernel.exe, versie 0.0.0.0 reageert niet meer
op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
in het Configuratiescherm. Proces-id: 884 Starttijd: 01cdd55c8b737170 Eindtijd: 2 Toepassingspad:
E:\leagueoflegends\LOL\League of Legends\RADS\system\rads_user_kernel.exe Rapport-id:
d335ad27-414f-11e2-a65e-002522cc2a2b

Error - 2-1-2013 6:29:39 | Computer Name = Bart-PC | Source = Software Protection Platform Service | ID = 8200
Description = Details van het mislukken van ophalen van licentie. hr=0xC004C533

Error - 2-1-2013 6:29:39 | Computer Name = Bart-PC | Source = Software Protection Platform Service | ID = 8208
Description = Ophalen van een legitiem ticket is mislukt (hr=0xC004C533) voor sjabloon
met id 66c92734-d682-4d71-983e-d6ec3f16059f

Error - 2-1-2013 6:36:45 | Computer Name = Bart-PC | Source = Software Protection Platform Service | ID = 8200
Description = Details van het mislukken van ophalen van licentie. hr=0xC004C533

Error - 2-1-2013 6:36:45 | Computer Name = Bart-PC | Source = Software Protection Platform Service | ID = 8208
Description = Ophalen van een legitiem ticket is mislukt (hr=0xC004C533) voor sjabloon
met id 66c92734-d682-4d71-983e-d6ec3f16059f

[ System Events ]
Error - 20-4-2012 13:19:26 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Steam Client Service.

Error - 20-4-2012 13:19:26 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7000
Description = De Steam Client Service-service kan vanwege de volgende fout niet
worden gestart: %%1053

Error - 1-5-2012 6:56:02 | Computer Name = Bart-PC | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 12:52:53 op ?1-?5-?2012 is
onverwacht gebeurd.

Error - 17-5-2012 11:10:46 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Steam Client Service.

Error - 17-5-2012 11:10:46 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7000
Description = De Steam Client Service-service kan vanwege de volgende fout niet
worden gestart: %%1053

Error - 18-5-2012 6:51:49 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Steam Client Service.

Error - 18-5-2012 6:51:49 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7000
Description = De Steam Client Service-service kan vanwege de volgende fout niet
worden gestart: %%1053

Error - 21-5-2012 10:01:17 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Steam Client Service.

Error - 21-5-2012 10:01:17 | Computer Name = Bart-PC | Source = Service Control Manager | ID = 7000
Description = De Steam Client Service-service kan vanwege de volgende fout niet
worden gestart: %%1053


< End of report >

 

[Abraham54]

Re: windows 7 niet legitiem maar is het wel

Doe de volgende twee stappen:

Stap •1•
Welk programma: AdwCleaner
Waarvoor/waarom: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
Moeilijkheidsgraad: Geen.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Download: AdwCleaner by Xplode.

Opmerkingen:

• Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
• Dat na opstarten van AdwCleaner de snelkoppelingen verdwijnen van bureaublad, is normaal.

AdwCleaner opstarten:

• Windows 2000 en Windows XP: dubbelklik op adwcleaner.exe.
• Windows Vista, Windows 7 en Windows 8: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".

AdwCleaner is opgestart:

• Klik op de knop Verwijderen
• Klik bij AdwCleaner – Afsluiting van de programma's op OK
• Klik bij AdwCleaner – Herstarten noodzakelijk op OK

AdwCleaner logbestand:

• Nadat de PC opnieuw is opgestart, opent een logfile.
• Post vervolgens de inhoud van dit log in je volgende bericht.

Stap •2•
Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via n van deze locaties:

• Bleepingcomputer
• ForoSpyware
• Geekstogo

Hier zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:

• Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

ComboFix opstarten:

• Windows 2000 en Windows XP: dubbelklik op ComboFix.exe.
• Windows Vista en Windows 7: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".

ComboFix is opgestart:

• Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
• Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
• Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
• Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
• Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
• Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt

Belangrijke opmerking:

• Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
• Start dan de computer opnieuw op.

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

ok, dit kreeg ik van het eerste programma:

# AdwCleaner v2.104 - Verslag gemaakt op 02/01/2013 om 13:27:37
# Geactualiseerd op 29/12/2012 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Bart - BART-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Bart\Desktop\adwcleaner.exe
# Optie [Verwijderen]


***** [Diensten] *****


***** [Files / Mappen] *****


***** [Register] *****

Sleutel Verwijdert : HKLM\Software\Freeze.com

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v7.0.1 (nl)

File : C:\Users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\473ioxmt.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[S1].txt - [980 octets] - [02/01/2013 13:27:37]

########## EOF - C:\AdwCleaner[S1].txt - [1039 octets] ##########

 

[Abraham54]

Re: windows 7 niet legitiem maar is het wel

Dat is in ieder geval een bevestiging van het gegeven dat ik wat jouw browsers betreft geen adware enz. in het OTL-log aangetroffen heb.
Wel ben ik benieuwd naar het komende ComboFix-log....

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

Die van combofix heb ik nu ook gedaan:

[hjt]
combofix 13-01-02.01 - bart 02-01-2013 13:38:56.1.4 - x64
microsoft windows 7 home premium 6.1.7601.1.1252.31.1043.18.8105.6601 [gmt 1:00]
gestart vanuit: c:\users\bart\desktop\combofix.exe
av: norton internet security *disabled/updated* {63df5164-9100-186d-2187-8dc619efd8bf}
fw: norton internet security *disabled* {5be4d041-db6f-1935-0ad8-24f3e73c9fc4}
sp: norton internet security *enabled/updated* {d8beb080-b73a-17e3-1b37-b6b462689202}
sp: windows defender *disabled/outdated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\install.exe
.
.
(((((((((((((((((((( bestanden gemaakt van 2012-12-02 to 2013-01-02 ))))))))))))))))))))))))))))))
.
.
2013-01-02 12:40 . 2013-01-02 12:40 -------- d-----w- c:\users\default\appdata\local\temp
2013-01-02 10:33 . 2013-01-02 10:33 -------- d-----w- c:\users\bart\appdata\roaming\malwarebytes
2013-01-02 10:33 . 2013-01-02 10:33 -------- d-----w- c:\programdata\malwarebytes
2013-01-02 10:33 . 2013-01-02 10:33 -------- d-----w- c:\program files (x86)\malwarebytes' anti-malware
2013-01-02 10:33 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-02 10:33 . 2013-01-02 10:33 -------- d-----w- c:\users\bart\appdata\local\programs
2013-01-01 18:13 . 2013-01-01 18:13 177312 ----a-w- c:\windows\system32\drivers\symevent64x86.sys
2013-01-01 18:13 . 2013-01-01 18:13 -------- d-----w- c:\program files\symantec
2013-01-01 18:13 . 2013-01-01 18:13 -------- d-----w- c:\program files\common files\symantec shared
2013-01-01 18:12 . 2013-01-01 18:13 -------- d-----w- c:\windows\system32\drivers\nisx64
2013-01-01 18:12 . 2013-01-01 18:12 -------- d-----w- c:\program files (x86)\norton internet security
2013-01-01 18:11 . 2013-01-01 18:11 -------- d-----w- c:\programdata\pcsettings
2012-12-21 13:08 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 13:08 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 13:08 . 2012-12-16 14:13 295424 ----a-w- c:\windows\syswow64\atmfd.dll
2012-12-21 13:08 . 2012-12-16 14:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2012-12-13 14:45 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:45 . 2012-11-09 04:42 2048 ----a-w- c:\windows\syswow64\tzres.dll
2012-12-13 14:45 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-03 13:26 . 2012-12-03 13:26 -------- d-----w- c:\program files (x86)\common files\skype
2012-12-03 13:26 . 2012-12-03 13:26 -------- d-----r- c:\program files (x86)\skype
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 16:23 . 2011-09-14 14:05 67413224 ----a-w- c:\windows\system32\mrt.exe
2012-12-13 14:47 . 2012-04-02 16:25 697272 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2012-12-13 14:47 . 2011-09-20 12:01 73656 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2012-11-20 18:00 . 2011-09-14 13:54 281768 ----a-w- c:\windows\syswow64\pnkbstrb.xtr
2012-11-20 18:00 . 2011-09-13 17:31 281768 ----a-w- c:\windows\syswow64\pnkbstrb.exe
2012-11-20 17:55 . 2011-09-13 17:31 271200 ----a-w- c:\windows\syswow64\pnkbstrb.ex0
2012-10-16 08:38 . 2012-11-28 09:58 135168 ----a-w- c:\windows\apppatch\apppatch64\acxtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:58 350208 ----a-w- c:\windows\apppatch\apppatch64\aclayers.dll
2012-10-16 07:39 . 2012-11-28 09:58 561664 ----a-w- c:\windows\apppatch\aclayers.dll
2012-10-09 18:17 . 2012-11-16 14:18 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 14:18 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 14:18 44032 ----a-w- c:\windows\syswow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 14:18 193536 ----a-w- c:\windows\syswow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 14:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"steam"=e:\games\steam.exe [2012-12-03 1354736]
"spotify web helper"=c:\users\bart\appdata\roaming\spotify\data\spotifywebhelper.exe [2012-10-26 1199576]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"deathadder"=c:\program files (x86)\razer\deathadder\razerhid.exe [2012-01-14 248832]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2012-07-27 919008]
"corsair laver"=c:\program files (x86)\corsair\k90 keyboard\k90hid.exe [2012-01-06 1711616]
"sunjavaupdatesched"=c:\program files (x86)\common files\java\java update\jusched.exe [2012-09-17 254896]
"startccc"=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [2012-09-28 642728]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
r3 alsysio;alsysio;c:\users\bart\appdata\local\temp\alsysio64.sys [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [2011-09-13 1255736]
s0 symds;symantec data store;c:\windows\system32\drivers\nisx64\1402000.013\symds64.sys [2012-10-03 493216]
s0 symefa;symantec extended file attributes;c:\windows\system32\drivers\nisx64\1402000.013\symefa64.sys [2012-10-03 1133216]
s1 bhdrvx64;bhdrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\bashdefs\20121130.005\bhdrvx64.sys [2012-11-29 1384608]
s1 ccset_nis;norton internet security settings manager;c:\windows\system32\drivers\nisx64\1402000.013\ccsetx64.sys [2012-10-03 168096]
s1 idsvia64;idsvia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.0.24\definitions\ipsdefs\20130101.001\idsvia64.sys [2013-01-01 513184]
s1 symiron;symantec iron driver;c:\windows\system32\drivers\nisx64\1402000.013\ironx64.sys [2012-07-27 224416]
s1 symnets;symantec network security wfp driver;c:\windows\system32\drivers\nisx64\1402000.013\symnets.sys [2012-07-22 432800]
s2 amd external events utility;amd external events utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
s2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
s2 nis;norton internet security;c:\program files (x86)\norton internet security\engine\20.2.0.19\ccsvchst.exe [2012-10-10 143928]
s2 skypeupdate;skype updater;c:\program files (x86)\skype\updater\updater.exe [2012-11-09 160944]
s3 atihdaudioservice;amd function driver for hd audio service;c:\windows\system32\drivers\atihdw76.sys [2012-05-14 96896]
s3 corsgkb;corsair gaming keyboard;c:\windows\system32\drivers\corsgkb.sys [2011-06-21 25600]
s3 danewfltr;newdeathadder mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]
s3 eraserutilrebootdrv;eraserutilrebootdrv;c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys [2013-01-01 138912]
s3 etronhub3;etron usb 3.0 extensible hub driver;c:\windows\system32\drivers\etronhub3.sys [2011-09-12 39936]
s3 etronxhci;etron usb 3.0 extensible host controller driver;c:\windows\system32\drivers\etronxhci.sys [2011-09-12 64512]
s3 k57nd60a;broadcom netlink (tm) gigabit ethernet - ndis 6.0;c:\windows\system32\drivers\k57nd60a.sys [2011-02-14 412712]
s3 vkbms;razer gaming device;c:\windows\system32\drivers\vkbms.sys [2010-09-30 13312]
.
.
--- andere services/drivers in geheugen ---
.
*newlycreated* - ws2ifsl
.
inhoud van de 'gedeelde taken' map
.
2013-01-02 c:\windows\tasks\adobe flash player updater.job
- c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2012-04-02 14:47]
.
2012-12-23 c:\windows\tasks\googleupdatetaskusers-1-5-21-176856173-1054761186-3379111034-1000core.job
- c:\users\bart\appdata\local\google\update\googleupdate.exe [2011-09-13 16:57]
.
2013-01-02 c:\windows\tasks\googleupdatetaskusers-1-5-21-176856173-1054761186-3379111034-1000ua.job
- c:\users\bart\appdata\local\google\update\googleupdate.exe [2011-09-13 16:57]
.
.
--------- x64 entries -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"igfxtray"=c:\windows\system32\igfxtray.exe [2011-10-21 167704]
"hotkeyscmds"=c:\windows\system32\hkcmd.exe [2011-10-21 392472]
"persistence"=c:\windows\system32\igfxpers.exe [2011-10-21 416024]
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
mlocal page = c:\windows\syswow64\blank.htm
tcp: dhcpnameserver = 188.142.0.6 188.142.0.22 192.168.1.1
ff - profilepath - c:\users\bart\appdata\roaming\mozilla\firefox\profiles\473ioxmt.default\
.
- - - - orphans verwijderd - - - -
.
addremove-super meat boy v1.5_is1 - g:\games\team meat\unins000.exe
addremove-{4ca1e8e2-b2a9-40c1-8ec4-bbcb23baaa19}_is1 - g:\games\crayon\crayon physics deluxe\unins000.exe
.
.
.
[hkey_local_machine\system\controlset001\services\nis]
"imagepath"="\c:\program files (x86)\norton internet security\engine\20.2.0.19\ccsvchst.exe\" /s \"nis\" /m \c:\program files (x86)\norton internet security\engine\20.2.0.19\dimaster.dll\" /prefetch:1"
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\system32\\macromed\\flash\\flashutil64_11_5_502_135_activex.exe,-101"
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\localserver32]
@=c:\\windows\\system32\\macromed\\flash\\flashutil64_11_5_502_135_activex.exe
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="iflashbroker5"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil32_11_5_502_135_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil32_11_5_502_135_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_5_502_135.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.11"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_5_502_135.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_5_502_135.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_5_502_135.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="iflashbroker5"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
c:\windows\syswow64\pnkbstra.exe
.
**************************************************************************
.
voltooingstijd: 2013-01-02 13:43:12 - machine werd herstart
combofix-quarantined-files.txt 2013-01-02 12:43
.
pre-run: 24.531.861.504 bytes beschikbaar
post-run: 25.580.015.616 bytes beschikbaar
.
- - end of file - - 4999ba8170767d0cdfef5e6828f600dd

[/hjt]

---------- Bericht toegevoegd op 14:39 ---------- Vorige bericht was op 13:45 ----------

Gisteren heb ik trouwens de nieuwe versie van norton genstalleerd, misschien kan het hier aan liggen want hierna ontstond het probleem.

 

[Abraham54]

Re: windows 7 niet legitiem maar is het wel

Ik mag aannemen, dat je een legitieme Norton hebt genstalleerd en niet een met een Fix?
Want Dan heeft dat er niks mee te maken.

Klik nu op Computer en kies dan voor Eigenschappen.
Scroll naar beneden en meld wat daar staat over de aktuele staat wat betreft activering.

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

norton is gewoon een legitieme versie. Er staat bij eigenschappen: U moet windows vandaag activeren. Klik hier als u windows wilt activeren.
Daar onder staat een productcode en de optie om deze te wijzigen.

edit: zal ik deze wijzigen want hij lijkt anders dan de product key die op het doosje van windows staat.

 

[Abraham54]

Re: windows 7 niet legitiem maar is het wel

Vreemd dat er een andere code staat dan die van de installatie disk.

Heeft jou PC soms meer gebruikers in jouw account?

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

Nee er zijn geen andere gebruikers. Ik weet niet of de product id hetzelfde moet zijn dus ik weet niet of dit iets uitmaakt. Ik zal kijken wat er gebeurt als ik de product key nog eens invul

edit: ik krijg nu een foutcode: 0x8007000D beschrijving: de gegevens zijn ongeldig

 

[Abraham54]

Re: windows 7 niet legitiem maar is het wel

We gaan wat proberen en daarna probeer je de activereing nogmaals.

Download Windows Repair all in one (Portable) van deze site: http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/
Druk op de blauwe download knop, dus niet op de groene want dit is een add van google.
Belangrijk plaats de download op het bureaublad.
Start het programma.
Windows 7 en Vista gebruikers rechtsklik -> uitvoeren als Administrator.
Ga naar stap 3 en ga ermee akkoord dat SFC (System File Check) gestart wordt.

Daarna ga je naar Start Repairs en klik op start.
Selecteer de volgende items en klik op restart system when finished.

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

Ik heb het programma laten draaien maar ik zie geen veranderingen als dit zou moeten.

---------- Bericht toegevoegd op 19:33 ---------- Vorige bericht was op 16:23 ----------

Ik ga morgen denk ik even naar de klantenservice van microsoft bellen.

 

[Abraham54]

Re: windows 7 niet legitiem maar is het wel

Doe dat en ben benieuwd naar hun reaktie.

Download RogueKiller naar je bureaublad.
Sluit alle overige programma's.
Start het programma.
Vista en windows 7 gebruikers -> rechtsklik uitvoeren als administrator
Wacht tot de 'Prescan' klaar is.
Klik op scan

Wacht tot het einde van de scan.
Een log wordt aangemaakt en geplaatst op het bureaublad.
Doe verder nog niks maar plaats eerst de inhoud van dat log in jouw volgende bericht.

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

Goed nieuws! Iemand van microsoft heeft een fix it programma op mn pc gedraaid en windows is nu weer geactiveerd. Bedankt Abraham voor de hulp!

edit: de man had trouwens geen idee wat er nou eigenlijk mis zat.

 

[Abraham54]

Re: windows 7 niet legitiem maar is het wel

Dat is mooi - maar ik ben toch echt nog klaar met je, want de oorzaak is nog niet duidelijk.
Doe daarom nu descan zoals in mijn vorige bericht staat.

 

[BartL]

Re: windows 7 niet legitiem maar is het wel

Dit komt uit de scan van roguekiller:

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart vanuit : Normale modus
Gebruiker : Bart [Administrator rechten]
Modus : Scan -- Datum : 01/04/2013 11:46:00

Kwaadaardige processen : 0

Register verwijzingen : 2
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

Speciale Files / Folders:

Driver : [Niet geladen]

HOSTS Bestand:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Controle:

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 4e79eab8ca1f455ff33b7d7abc0a70b5
[BSP] d26b4888f87a6eafa78a8e71ae6bd2e8 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: OCZ-AGILITY3 ATA Device +++++
--- User ---
[MBR] 2b16da4c4b5d468564461f75484e0cce
[BSP] a1a368c81bc77811998e792d9f8b0042 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Gereed : << RKreport[2]_S_01042013_02d1146.txt >>
RKreport[1]_S_01042013_02d1143.txt ; RKreport[2]_S_01042013_02d1146.txt

 

[Abraham54]

Re: windows 7 niet legitiem maar is het wel

Log ziet er prima uit.
Ondervind jij nog probleempjes?