Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

kan iemand deze log eens bekijken (Laptop ouders)

None
13 antwoorden
  • Aangezien de pc vrij traag begon te worden, zaterdag eerst gedefragmenteerd.
    Heeft in totaal 7 uur gelopen.
    Vandaag malwarebytes laten lopen

    Bijgaand dus de log:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.11.19.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    leo :: PC_VAN_LEO [administrator]

    19-11-2012 18:32:26
    mbam-log-2012-11-19 (18-32-26).txt

    Scantype: Volledige scan (C:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 304000
    Verstreken tijd: 1 uur/uren, 31 minuut/minuten, 14 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 22
    HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 3
    HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Succesvol in quarantaine geplaatst en verwijderd.
    HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 4
    C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

    Bestanden gedetecteerd: 24
    C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
  • Vervolg je werkzaamheden met onderstaande opdrachten:

    [b:b992095d4a]Stap •1•[/b:b992095d4a][/color:b992095d4a]
    [b:b992095d4a]Welk programma[/b:b992095d4a]: [b:b992095d4a]AdwCleaner[/b:b992095d4a][/color:b992095d4a]
    [b:b992095d4a]Waarvoor/waarom[/b:b992095d4a]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
    [b:b992095d4a]Moeilijkheidsgraad[/b:b992095d4a]: Geen.
    [b:b992095d4a]Downloadlokatie[/b:b992095d4a]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
    [b:b992095d4a]Download[/b:b992095d4a]: AdwCleaner by Xplode.

    [b:b992095d4a]Opmerkingen[/b:b992095d4a]:
    [list:b992095d4a][*:b992095d4a][b:b992095d4a] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:b992095d4a][/color:b992095d4a].
    [*:b992095d4a]Dat na opstarten van [b:b992095d4a]AdwCleaner[/b:b992095d4a][/color:b992095d4a] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:b992095d4a]
    [b:b992095d4a]AdwCleaner[/color:b992095d4a] opstarten[/b:b992095d4a]:
    [list:b992095d4a][*:b992095d4a][b:b992095d4a]Windows 2000[/color:b992095d4a][/b:b992095d4a] en [b:b992095d4a]Windows XP[/b:b992095d4a][/color:b992095d4a]: dubbelklik op adwcleaner.exe.
    [*:b992095d4a][b:b992095d4a]Windows Vista[/b:b992095d4a][/color:b992095d4a] en [b:b992095d4a]Windows 7[/b:b992095d4a][/color:b992095d4a]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:b992095d4a]
    [b:b992095d4a]AdwCleaner[/color:b992095d4a] is opgestart[/b:b992095d4a]:
    [list:b992095d4a][*:b992095d4a]Klik op de knop [b:b992095d4a]Verwijderen[/b:b992095d4a][/color:b992095d4a]
    [*:b992095d4a]Klik bij [b:b992095d4a]AdwCleaner – Afsluiting van de programma's[/b:b992095d4a][/color:b992095d4a] op [b:b992095d4a]OK[/b:b992095d4a]
    [*:b992095d4a]Klik bij [b:b992095d4a]AdwCleaner – Herstarten noodzakelijk[/b:b992095d4a][/color:b992095d4a] op [b:b992095d4a]OK[/b:b992095d4a][/list:u:b992095d4a]
    [b:b992095d4a]AdwCleaner[/color:b992095d4a] logbestand[/b:b992095d4a]:
    [list:b992095d4a][*:b992095d4a]Nadat de PC opnieuw is opgestart, opent een logfile.
    [*:b992095d4a]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:b992095d4a]

    [b:b992095d4a]Stap •2•[/b:b992095d4a][/color:b992095d4a]
    [b:b992095d4a]Welk programma[/b:b992095d4a]: [b:b992095d4a]ComboFix[/b:b992095d4a][/color:b992095d4a]
    [b:b992095d4a]Waarvoor/waarom[/b:b992095d4a]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
    [b:b992095d4a]Moeilijkheidsgraad[/b:b992095d4a]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:b992095d4a]Downloadlokatie[/b:b992095d4a]: Dit programma absoluut naar het bureaublad downloaden!
    [b:b992095d4a]Download ComboFix via één van deze locaties[/b:b992095d4a]:
    [list:b992095d4a][*:b992095d4a][b:b992095d4a]Bleepingcomputer[/b:b992095d4a]
    [*:b992095d4a][b:b992095d4a]ForoSpyware[/b:b992095d4a]
    [*:b992095d4a][b:b992095d4a]Geekstogo[/b:b992095d4a][/list:u:b992095d4a]
    [b:b992095d4a]Hier[/color:b992095d4a][/b:b992095d4a] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
    [b:b992095d4a]Hier[/color:b992095d4a][/b:b992095d4a] en [b:b992095d4a]hier[/color:b992095d4a][/b:b992095d4a] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:b992095d4a]Opmerkingen[/b:b992095d4a]:
    [list:b992095d4a][*:b992095d4a][*:b992095d4a]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
    [*:b992095d4a]Indien ComboFix een melding geeft over Zero-acces, meld dat vervolgens erbij in je nieuwe bericht.[/list:u:b992095d4a]
    [b:b992095d4a]ComboFix opstarten[/b:b992095d4a]:
    [list:b992095d4a][*:b992095d4a][b:b992095d4a]Windows 2000[/color:b992095d4a][/b:b992095d4a] en [b:b992095d4a]Windows XP[/b:b992095d4a][/color:b992095d4a]: dubbelklik op ComboFix.exe.
    [*:b992095d4a][b:b992095d4a]Windows Vista[/b:b992095d4a][/color:b992095d4a] en [b:b992095d4a]Windows 7[/b:b992095d4a][/color:b992095d4a]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:b992095d4a]
    [b:b992095d4a]ComboFix is opgestart[/b:b992095d4a]:
    [list:b992095d4a][*:b992095d4a]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:b992095d4a]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:b992095d4a]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:b992095d4a]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:b992095d4a]Post de inhoud van dit logbestand in je volgende bericht.
    [*:b992095d4a]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:b992095d4a]
    [b:b992095d4a]Belangrijke opmerking[/b:b992095d4a]:
    [list:b992095d4a][*:b992095d4a][b:b992095d4a]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:b992095d4a][/b:b992095d4a]
    [*:b992095d4a][b:b992095d4a]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:b992095d4a][/b:b992095d4a]
    [*:b992095d4a][b:b992095d4a]Start dan de computer opnieuw op.[/color:b992095d4a][/b:b992095d4a][/list:u:b992095d4a]
  • Bijgaand alvast de lof van adwcleaner.
    We gaan nu verder met combofox

    # AdwCleaner v2.008 - Verslag gemaakt op 20/11/2012 om 18:43:45
    # Geactualiseerd op 17/11/2012 door Xplode
    # Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Gebruiker : leo - PC_VAN_LEO
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\leo\Documents\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    Map Verwijdert : C:\Program Files\ConduitEngine
    Map Verwijdert : C:\Program Files\IncrediMail_MediaBar_4
    Map Verwijdert : C:\Users\leo\AppData\LocalLow\ConduitEngine
    Map Verwijdert : C:\Users\leo\AppData\LocalLow\IncrediMail_MediaBar_4
    Map Verwijdert : C:\Users\leo\AppData\Roaming\BrowserCompanion

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit
    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\conduitEngine
    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_4
    Sleutel Verwijdert : HKCU\Software\ImInstaller
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90EEE664-34B1-422A-A782-779AF65CDF6D}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90EEE664-34B1-422A-A782-779AF65CDF6D}
    Sleutel Verwijdert : HKLM\Software\BrowserCompanion
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{90EEE664-34B1-422A-A782-779AF65CDF6D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2878754
    Sleutel Verwijdert : HKLM\Software\Conduit
    Sleutel Verwijdert : HKLM\Software\conduitEngine
    Sleutel Verwijdert : HKLM\Software\ImInstaller
    Sleutel Verwijdert : HKLM\Software\IncrediMail_MediaBar_4
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90EEE664-34B1-422A-A782-779AF65CDF6D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_4 Toolbar
    Sleutel Verwijdert : HKU\S-1-5-21-3413625083-3745700155-175327537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90EEE664-34B1-422A-A782-779AF65CDF6D}]
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{90EEE664-34B1-422A-A782-779AF65CDF6D}]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90EEE664-34B1-422A-A782-779AF65CDF6D}]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90EEE664-34B1-422A-A782-779AF65CDF6D}]

    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Google Chrome v23.0.1271.64

    File : C:\Users\leo\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [4582 octets] - [20/11/2012 18:43:45]

    ########## EOF - C:\AdwCleaner[S1].txt - [4642 octets] ##########
  • en de combofix log


    ComboFix 12-11-20.02 - leo 20-11-2012 19:05:57.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1791.702 [GMT 1:00]
    Gestart vanuit: c:\users\leo\Documents\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\leo\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-10-20 to 2012-11-20 ))))))))))))))))))))))))))))))
    .
    .
    2012-11-20 18:15 . 2012-11-20 18:15 ——– d—–w- c:\users\leo\AppData\Local\temp
    2012-11-20 18:15 . 2012-11-20 18:15 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-11-19 17:31 . 2012-11-19 17:32 40776 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-11-19 17:30 . 2012-09-29 18:54 22856 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-17 11:53 . 2012-11-17 11:53 ——– d—–w- c:\program files\CCleaner
    2012-11-17 11:50 . 2012-11-17 11:52 ——– d—–w- c:\program files\Vittalia
    2012-11-17 11:32 . 2012-11-17 11:32 ——– d—–w- c:\program files\Microsoft Silverlight
    2012-11-16 19:13 . 2012-10-17 00:32 6918632 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BC4B537-8193-4E8C-B85B-E770B8F7A0CF}\mpengine.dll
    2012-11-16 10:28 . 2012-09-25 16:19 75776 —-a-w- c:\windows\system32\synceng.dll
    2012-11-16 06:07 . 2012-10-12 14:29 2047488 —-a-w- c:\windows\system32\win32k.sys
    2012-10-22 11:32 . 2012-10-22 11:28 4588344 —-a-w- c:\windows\uninst.exe
    2012-10-22 11:32 . 2012-10-22 11:32 ——– d—–w- c:\users\leo\AppData\Roaming\PCPro
    2012-10-22 11:32 . 2012-10-22 11:32 ——– d—–w- c:\program files\PC Cleaners
    2012-10-22 11:32 . 2012-10-22 11:32 ——– d—–w- c:\programdata\PC1Data
    2012-10-22 11:16 . 2012-10-22 11:16 105 —-a-w- C:\prefs.js
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-13 13:28 . 2012-10-10 13:11 2048 —-a-w- c:\windows\system32\tzres.dll
    2012-08-29 11:27 . 2012-10-10 13:11 3602816 —-a-w- c:\windows\system32
    tkrnlpa.exe
    2012-08-29 11:27 . 2012-10-10 13:11 3550080 —-a-w- c:\windows\system32
    toskrnl.exe
    2012-08-24 15:53 . 2012-10-10 13:11 172544 —-a-w- c:\windows\system32\wintrust.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
    "ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280]
    "Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2009-08-07 161616]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    .
    c:\users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    tcbhn.lnk - c:\users\leo\AppData\Roaming\BrowserCompanion\tcbhn.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 17:21]
    .
    2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 17:21]
    .
    2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3413625083-3745700155-175327537-1000Core.job
    - c:\users\leo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 16:07]
    .
    2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3413625083-3745700155-175327537-1000UA.job
    - c:\users\leo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 16:07]
    .
    2012-11-20 c:\windows\Tasks\pc-dis-upd.job
    - c:\program files\PC Cleaners\PCCleaners.exe [2012-10-22 11:32]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/ig?hl=nl
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{a15fa2b1-56fa-4f98-b727-c4bdb36430b5} - (no file)
    WebBrowser-{A15FA2B1-56FA-4F98-B727-C4BDB36430B5} - (no file)
    HKCU-Run-TomTomHOME.exe - c:\users\leo\Documents\TomTom HOME 2\TomTomHOMERunner.exe
    HKLM-Run-AuditVista - (no file)
    HKLM-Run-IR_SERVER - c:\program files\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-20 19:15
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Voltooingstijd: 2012-11-20 19:18:26
    ComboFix-quarantined-files.txt 2012-11-20 18:18
    .
    Pre-Run: 88.330.407.936 bytes beschikbaar
    Post-Run: 88.303.869.952 bytes beschikbaar
    .
    - - End Of File - - 0ECF0588228AC88A99CDB300BBC17A25
  • Volgende stap:

    [b:89168e9f16]Welk programma[/b:89168e9f16]: [b:89168e9f16]Emsisoft Emergency Kit 3.0 Portable[/b:89168e9f16][/color:89168e9f16]
    [b:89168e9f16]Waarvoor/waarom[/b:89168e9f16]: Detecteert en verwijdert malware
    [b:89168e9f16]Moeilijkheidsgraad[/b:89168e9f16]: geen.
    Download: [b:89168e9f16]Emsisoft Emergency Kit 3.0 Portable[/color:89168e9f16][/b:89168e9f16]

    [b:89168e9f16]Opmerkingen[/b:89168e9f16]:[list:89168e9f16][*:89168e9f16]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad.
    [*:89168e9f16]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:89168e9f16]

    [b:89168e9f16]Opstarten[/b:89168e9f16]:
    Start door de map "[b:89168e9f16]EmsisoftEmergencyKit[/b:89168e9f16]" te openen
    [list:89168e9f16][list:89168e9f16][*:89168e9f16][b:89168e9f16]Windows 2000[/color:89168e9f16][/b:89168e9f16] en [b:89168e9f16]Windows XP[/b:89168e9f16][/color:89168e9f16]: dubbelklik op "Start.exe".
    [*:89168e9f16][b:89168e9f16]Windows Vista[/b:89168e9f16][/color:89168e9f16], [b:89168e9f16]Windows 7[/b:89168e9f16][/color:89168e9f16] en [b:89168e9f16]Windows 8[/b:89168e9f16][/color:89168e9f16]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:89168e9f16][/list:u:89168e9f16]

    [b:89168e9f16]Scannen[/b:89168e9f16]:
    [list:89168e9f16][*:89168e9f16] Klik nu in het keuzescherm op "[b:89168e9f16]Emergency Kit Scanner[/b:89168e9f16]" en aansluitend komt dan de melding,
    dat het is aanbevolen om eerst te updaten.

    [img:89168e9f16]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:89168e9f16]


    [*:89168e9f16]Doe dit dan ook door te klikken op "[b:89168e9f16]Ja[/b:89168e9f16]"
    [*:89168e9f16]Wanneer het updaten gereed is volgt de melding "[b:89168e9f16]Update proces is succesvol afgerond[/b:89168e9f16]"
    [*:89168e9f16]Klik nu op"[b:89168e9f16]Menu[/b:89168e9f16]" en dan op "[b:89168e9f16]Scan PC[/b:89168e9f16]"
    [*:89168e9f16] Selecteer de optie "[b:89168e9f16]Diep[/b:89168e9f16]" als deze niet standaard al zo is ingesteld.
    [*:89168e9f16] Klik aansluitend op de knop "[b:89168e9f16]Scan[/b:89168e9f16]"
    [list:89168e9f16][*:89168e9f16]Wees geduldig en doe verder niets met de computer gedurende de scan,
    daar de scan geruime tijd kan duren.[/list:u:89168e9f16]
    [*:89168e9f16] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is.


    [*:89168e9f16] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:89168e9f16]Verwijder geselecteerde[/b:89168e9f16]" - dan zal de volgende melding komen:

    [img:89168e9f16]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:89168e9f16]


    [*:89168e9f16]Klik aansluitend dus op "[b:89168e9f16]Ja[/b:89168e9f16]"
    [*:89168e9f16] Wanneer het verwijderen klaar is, klik dan op de knop "[b:89168e9f16]View report[/b:89168e9f16]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:89168e9f16]a3scan_110730-111615.txt[/b:89168e9f16]
    [*:89168e9f16] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:89168e9f16]
    [b:89168e9f16]Notabene:[/b:89168e9f16][/color:89168e9f16] Herstart nu de computer.
  • vraag mij af of er voor dit soort vragenstellers een zwarte of op z'n minst een roze lijst is van "niet meer op reageren? "
  • [quote:511bb9015f="f.j.stols"]vraag mij af of er voor dit soort vragenstellers een zwarte of op z'n minst een roze lijst is van "niet meer op reageren? "[/quote:511bb9015f]


    Ik vraag mij even af hoe ik deze post moet interpreteren…… :o


    Dank voor diegene die wel hulp bieden.
    Door erge drukte op mijn werk ben ik een tijdje niet meer bij mijn ouders geweest.

    Bijgaand nog de logfile
    Mochten er nog vervolgacties noodzakelijk zijn, dan verneem ik dat graag.


    Emsisoft Emergency Kit - Versie 3.0
    Laatste Update: 25-11-2012 11:52:35

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\

    Detecteer riskware: Uit
    Scan archieven: Aan
    ADS Scan: Aan
    Bestandsextensiefilter: Uit
    Geavanceerde cache: Aan
    Directe schijftoegang: Uit

    Scan gestart: 25-11-2012 11:57:12

    C:\Users\leo\Documents\Desktop\adwcleaner.exe Ontdekt: Trojan.Generic.8191512 (B)

    Gescand 431299
    Gevonden 1

    Scan geëindigd: 25-11-2012 16:33:15
    Scantijd: 4:36:03

    C:\Users\leo\Documents\Desktop\adwcleaner.exe Verwijderd Trojan.Generic.8191512 (B)

    Verwijderd 1
  • Het is heel simpel, sinds 21 novenber was niks meer van jou vernomen.
    Dus ikzelf heb het idee dat je ook niet dichtbij jouw ouders woont en werkt.

    Je mag de Emsisoft Emergency Kit 3.0 Portable verwijderen.
    Maak daarna wel de prullenbak leeg.

    [b:02023bc79d]Welk programma[/b:02023bc79d]: [b:02023bc79d]OTL.exe[/b:02023bc79d][/color:02023bc79d]
    [b:02023bc79d]Waarvoor/waarom[/b:02023bc79d]: multifunktioneel tool - analyse en fix
    [b:02023bc79d]Moeilijkheidsgraad[/b:02023bc79d]: geen.
    [b:02023bc79d]Download[/b:02023bc79d]: [b:02023bc79d]OTL.exe[/color:02023bc79d][/b:02023bc79d] en plaats het bestand op het bureaublad.
    [b:02023bc79d]Sluit voordat OTL.exe[/color:02023bc79d] gaat scannen, eerst alle andere openstaande vensters![/b:02023bc79d]

    [b:02023bc79d]OTL.exe[/color:02023bc79d] gebruiken[/b:02023bc79d]:
    [list:02023bc79d][*:02023bc79d] [b:02023bc79d]Sluit nu eerst alle nog openstaande programmavensters![/color:02023bc79d][/b:02023bc79d]
    [list:02023bc79d][*:02023bc79d][b:02023bc79d]Windows 2000[/color:02023bc79d][/b:02023bc79d] en [b:02023bc79d]Windows XP[/b:02023bc79d][/color:02023bc79d]: dubbelklik op [b:02023bc79d]OTL.exe[/b:02023bc79d][/color:02023bc79d].
    [*:02023bc79d][b:02023bc79d]Windows Vista[/b:02023bc79d][/color:02023bc79d], [b:02023bc79d]Windows 7[/b:02023bc79d][/color:02023bc79d] en [b:02023bc79d]Windows 8[/b:02023bc79d][/color:02023bc79d]: via rechtsklik op [b:02023bc79d]OTL.exe[/b:02023bc79d][/color:02023bc79d] en kies voor "Als Administrator uitvoeren".[/list:u:02023bc79d][/list:u:02023bc79d]

    [list:02023bc79d][*:02023bc79d]Zet een vinkje bij [b:02023bc79d]Scan All Users[/b:02023bc79d][/color:02023bc79d], [b:02023bc79d]LOP Check[/b:02023bc79d][/color:02023bc79d] en bij [b:02023bc79d]PURITY Check[/b:02023bc79d][/color:02023bc79d].

    [*:02023bc79d]Kopieer en plak ondervermelde (vetgedrukte, blauwe tekst) in het kader onder [img:02023bc79d]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:02023bc79d]

    [b:02023bc79d]netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    themeui.dll
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT[/color:02023bc79d][/b:02023bc79d]

    [*:02023bc79d]Klik vervolgens op de knop [img:02023bc79d]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:02023bc79d].
    [*:02023bc79d]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:02023bc79d]De scan zal niet heel erg lang duren.
    [list:02023bc79d][*:02023bc79d]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:02023bc79d]OTL.Txt[/b:02023bc79d] en [b:02023bc79d]Extras.txt[/b:02023bc79d].
    [*:02023bc79d]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:02023bc79d]
    [*:02023bc79d][b:02023bc79d]Notabene:[/b:02023bc79d][/color:02023bc79d] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:02023bc79d]
  • Tja,.

    Vorige week 40 jarig huwelijk van mijn ouders, dus veel voorbereidingstijd nodig gehad en daarbij nog ambitieuze hobbymuzikant dus in deze periode tig concerten. Dus dan kan het gebeuren dat de tijd om te reageren nihil is.


    Maar goed,..we zijn weer back online :)

    Bijgaand de OTL logfile

    OTL logfile created on: 22-12-2012 9:09:51 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leo\Documents\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1,75 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 35,20% Memory free
    3,74 Gb Paging File | 2,47 Gb Available in Paging File | 66,11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139,25 Gb Total Space | 82,12 Gb Free Space | 58,97% Space Free | Partition Type: NTFS

    Computer Name: PC_VAN_LEO | User Name: leo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:3e80d620f8]

    PRC - [2012-12-22 09:07:25 | 000,602,112 | —- | M] (OldTimer Tools) – C:\Users\leo\Documents\Desktop\OTL.exe
    PRC - [2012-09-29 19:54:26 | 000,766,536 | —- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012-09-29 19:54:26 | 000,676,936 | —- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012-09-29 19:54:26 | 000,399,432 | —- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012-08-09 13:39:04 | 000,348,664 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012-05-08 22:06:23 | 000,086,224 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2012-05-08 22:06:16 | 000,080,336 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2012-05-08 22:06:15 | 000,110,032 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011-06-17 18:51:37 | 000,864,664 | —- | M] (Lavasoft) – C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2011-06-17 18:51:36 | 001,355,968 | —- | M] (Lavasoft) – C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2009-08-07 14:03:16 | 000,161,616 | —- | M] (NewSoft) – C:\Program Files\NewSoft\Presto! PVR\Monitor.exe
    PRC - [2009-04-11 07:27:36 | 002,926,592 | —- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
    PRC - [2008-01-29 18:51:52 | 004,911,104 | —- | M] (Realtek Semiconductor) – C:\Windows\RtHDVCpl.exe
    PRC - [2007-10-15 09:15:08 | 001,410,344 | —- | M] (Nero AG) – C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    PRC - [2007-10-15 09:14:48 | 000,202,024 | —- | M] (Nero AG) – C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    PRC - [2007-09-20 08:51:46 | 001,836,328 | —- | M] (Nero AG) – C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


    ========== Modules (No Company Name) ==========[/color:3e80d620f8]

    MOD - [2012-11-17 10:13:00 | 000,998,400 | —- | M] () – C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
    MOD - [2012-11-17 10:10:17 | 011,820,032 | —- | M] () – C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll
    MOD - [2012-11-17 10:10:01 | 000,771,584 | —- | M] () – C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll
    MOD - [2012-11-17 10:08:00 | 005,450,752 | —- | M] () – C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
    MOD - [2012-11-17 10:07:13 | 012,433,920 | —- | M] () – C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
    MOD - [2012-11-17 10:06:38 | 001,592,320 | —- | M] () – C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
    MOD - [2012-11-17 10:04:00 | 007,976,960 | —- | M] () – C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
    MOD - [2012-11-17 10:03:32 | 011,492,352 | —- | M] () – C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
    MOD - [2011-06-17 18:52:04 | 000,185,880 | —- | M] () – C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
    MOD - [2009-03-31 19:04:19 | 000,446,464 | —- | M] () – C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
    MOD - [2009-03-31 19:04:18 | 000,303,104 | —- | M] () – C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2008-03-10 17:47:31 | 001,675,264 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2861.39845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2008-03-10 17:47:31 | 000,364,544 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2861.40046__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
    MOD - [2008-03-10 17:47:31 | 000,245,760 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2861.39803__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:31 | 000,196,608 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2861.39858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2008-03-10 17:47:31 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2861.39837__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2008-03-10 17:47:31 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2861.39824__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:30 | 000,483,328 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2861.40070__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2008-03-10 17:47:30 | 000,077,824 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2861.40038__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:30 | 000,065,536 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2861.40004__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:30 | 000,036,864 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2861.39955__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:29 | 000,135,168 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2861.40076__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:29 | 000,106,496 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.2861.40095__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
    MOD - [2008-03-10 17:47:29 | 000,073,728 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2861.39817__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:29 | 000,011,776 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.2861.40095__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
    MOD - [2008-03-10 17:47:29 | 000,008,704 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.2861.40094__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
    MOD - [2008-03-10 17:47:29 | 000,007,680 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.2861.40094__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
    MOD - [2008-03-10 17:47:28 | 000,794,624 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2861.39963__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:28 | 000,401,408 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2861.40030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2008-03-10 17:47:28 | 000,352,256 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2861.40012__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:28 | 000,212,992 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2861.39865__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:28 | 000,139,264 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2861.40069__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:28 | 000,118,784 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2861.39977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:28 | 000,090,112 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2861.40018__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2008-03-10 17:47:28 | 000,065,536 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2861.39963__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:28 | 000,061,440 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2861.40011__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:28 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2861.40069__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:27 | 000,901,120 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2861.40040__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:27 | 000,589,824 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2861.39872__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:27 | 000,479,232 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2861.39956__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:27 | 000,434,176 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2861.39825__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:27 | 000,401,408 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2861.39997__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
    MOD - [2008-03-10 17:47:27 | 000,307,200 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2861.39878__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
    MOD - [2008-03-10 17:47:27 | 000,057,344 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2861.39955__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:27 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2861.39878__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:27 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2861.39962__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:27 | 000,036,864 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2861.39977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:27 | 000,032,768 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2861.39996__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2008-03-10 17:47:26 | 000,053,248 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2820.26370__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2008-03-10 17:47:26 | 000,045,056 | —- | M] () – C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2008-03-10 17:47:26 | 000,032,768 | —- | M] () – C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2820.26369__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2008-03-10 17:47:26 | 000,028,672 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2820.26409__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2008-03-10 17:47:26 | 000,024,576 | —- | M] () – C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2820.26370__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2008-03-10 17:47:26 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2820.26382__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2008-03-10 17:47:26 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2820.26375__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2008-03-10 17:47:26 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2820.26371__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2008-03-10 17:47:26 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2820.26371__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2008-03-10 17:47:26 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2820.26375__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2008-03-10 17:47:26 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2820.26381__90ba9c70f846762e\DEM.OS.dll
    MOD - [2008-03-10 17:47:26 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2008-03-10 17:47:26 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2820.26382__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2008-03-10 17:47:26 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2008-03-10 17:47:26 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2820.26385__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2008-03-10 17:47:26 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2820.26376__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2008-03-10 17:47:26 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2820.26386__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2008-03-10 17:47:26 | 000,006,656 | —- | M] () – C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2008-03-10 17:47:25 | 000,065,536 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2820.26388__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,057,344 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2820.26372__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,053,248 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2820.26387__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,053,248 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,045,056 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2820.26396__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2820.26387__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,032,768 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2820.26375__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,028,672 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,028,672 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,024,576 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2820.26395__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,024,576 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2820.26386__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,024,576 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2820.26377__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,024,576 | —- | M] () – C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2820.26370__90ba9c70f846762e\AEM.Foundation.dll
    MOD - [2008-03-10 17:47:25 | 000,024,576 | —- | M] () – C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2820.26371__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2820.26375__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2008-03-10 17:47:25 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2008-03-10 17:47:25 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2820.26372__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2008-03-10 17:47:24 | 000,102,400 | —- | M] () – C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2861.40061__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2008-03-10 17:47:24 | 000,061,440 | —- | M] () – C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2861.40060__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2008-03-10 17:47:24 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2861.40086__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2008-03-10 17:47:24 | 000,032,768 | —- | M] () – C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2008-03-10 17:47:24 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2820.26376__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2008-03-10 17:47:24 | 000,016,384 | —- | M] () – C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
    MOD - [2008-03-10 17:47:24 | 000,011,264 | —- | M] () – C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2861.40096__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
    MOD - [2008-03-10 17:47:24 | 000,006,656 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2861.39795__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2008-03-10 17:47:24 | 000,005,120 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2861.40053_nl_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
    MOD - [2008-03-10 17:47:23 | 001,507,328 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2861.39811__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2008-03-10 17:47:23 | 000,471,040 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2861.39832__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2008-03-10 17:47:23 | 000,458,752 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2861.40053__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2008-03-10 17:47:23 | 000,073,728 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2861.39795__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2008-03-10 17:47:23 | 000,065,536 | —- | M] () – C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2861.39795__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2008-03-10 17:47:23 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2008-03-10 17:47:23 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2008-03-10 17:47:23 | 000,040,960 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2008-03-10 17:47:23 | 000,032,768 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2861.40061__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2008-03-10 17:47:23 | 000,032,768 | —- | M] () – C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2008-03-10 17:47:23 | 000,024,576 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2820.26394__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2008-03-10 17:47:23 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2820.26376__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2008-03-10 17:47:23 | 000,020,480 | —- | M] () – C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2820.26388__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2008-03-10 17:47:22 | 000,053,248 | —- | M] () – C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2861.39793__90ba9c70f846762e\APM.Server.dll
    MOD - [2008-03-10 17:47:22 | 000,045,056 | —- | M] () – C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2861.39794__90ba9c70f846762e\AEM.Server.dll
    MOD - [2007-11-02 12:09:00 | 000,159,744 | —- | M] () – C:\Windows\System32\atitmmxx.dll


    ========== Services (SafeList) ==========[/color:3e80d620f8]

    SRV - File not found [Auto | Stopped] – C:\Program Files\System Control Manager\edd.exe – (NishService)
    SRV - [2012-09-29 19:54:26 | 000,676,936 | —- | M] (Malwarebytes Corporation) [Auto | Running] – C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe – (MBAMService)
    SRV - [2012-09-29 19:54:26 | 000,399,432 | —- | M] (Malwarebytes Corporation) [Auto | Running] – C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe – (MBAMScheduler)
    SRV - [2012-06-07 18:12:14 | 000,160,944 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files\Skype\Updater\Updater.exe – (SkypeUpdate)
    SRV - [2012-05-08 22:06:23 | 000,086,224 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\sched.exe – (AntiVirSchedulerService)
    SRV - [2012-05-08 22:06:15 | 000,110,032 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\avguard.exe – (AntiVirService)
    SRV - [2011-06-17 18:51:36 | 001,355,968 | —- | M] (Lavasoft) [Auto | Running] – C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe – (Lavasoft Ad-Aware Service)
    SRV - [2008-01-19 08:38:24 | 000,272,952 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)


    ========== Driver Services (SafeList) ==========[/color:3e80d620f8]

    DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS
    wlnkfwd.sys – (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS
    wlnkflt.sys – (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\Windows\system32\drivers\MGHwCtrl.sys – (MGHwCtrl)
    DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\ipinip.sys – (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\Users\leo\AppData\Local\Temp\catchme.sys – (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] – C:\Windows\system32\drivers\blbdrive.sys – (blbdrive)
    DRV - [2012-11-19 18:32:07 | 000,040,776 | —- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\mbamswissarmy.sys – (MBAMSwissArmy)
    DRV - [2012-09-29 19:54:26 | 000,022,856 | —- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] – C:\Windows\System32\drivers\mbam.sys – (MBAMProtector)
    DRV - [2012-05-08 22:06:25 | 000,137,928 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Windows\System32\drivers\avipbb.sys – (avipbb)
    DRV - [2012-05-08 22:06:25 | 000,083,392 | —- | M] (Avira GmbH) [File_System | Auto | Running] – C:\Windows\System32\drivers\avgntflt.sys – (avgntflt)
    DRV - [2011-12-09 12:40:53 | 000,036,000 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Windows\System32\drivers\avkmgr.sys – (avkmgr)
    DRV - [2010-09-28 18:55:27 | 000,064,288 | —- | M] (Lavasoft AB) [File_System | Boot | Running] – C:\Windows\System32\drivers\Lbd.sys – (Lbd)
    DRV - [2010-06-17 14:14:27 | 000,028,520 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Windows\System32\drivers\ssmdrv.sys – (ssmdrv)
    DRV - [2009-08-17 13:58:20 | 000,093,216 | —- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\RTL2832UBDA.sys – (RTL2832UBDA)
    DRV - [2009-08-17 13:58:20 | 000,032,800 | —- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\RTL2832UUSB.sys – (RTL2832UUSB)
    DRV - [2007-12-28 19:21:54 | 000,104,448 | —- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\Rtlh86.sys – (RTL8169)
    DRV - [2007-11-02 12:20:10 | 003,170,304 | —- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\atikmdag.sys – (atikmdag)
    DRV - [2007-05-30 15:40:42 | 000,735,232 | —- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\athr.sys – (athr)
    DRV - [2006-11-02 08:41:50 | 000,983,552 | —- | M] (Agere Systems) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\AGRSM.sys – (AgereSoftModem)
    DRV - [2006-11-02 08:30:56 | 000,429,056 | —- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers
    vm60x32.sys – (NVENETFD)
    DRV - [2006-10-30 23:23:12 | 000,007,680 | —- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] – C:\Windows\System32\drivers\AtiPcie.sys – (AtiPcie)


    ========== Standard Registry (SafeList) ==========[/color:3e80d620f8]


    ========== Internet Explorer ==========[/color:3e80d620f8]

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl
    IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_nlNL401
    IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========[/color:3e80d620f8]

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR
    ppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\leo\AppData\Local\Google\Update\1.3.21.123
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\leo\AppData\Local\Google\Update\1.3.21.123
    pGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter

    [2009-03-27 13:17:00 | 000,000,000 | —D | M] (No name found) – C:\Users\leo\AppData\Roaming\mozilla\Extensions
    [2009-03-27 13:17:00 | 000,000,000 | —D | M] (No name found) – C:\Users\leo\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

    ========== Chrome ==========[/color:3e80d620f8]

    CHR - homepage: http://www.google.nl/ig?hl=nl
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.nl/ig?hl=nl
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\leo\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\leo\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\leo\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\leo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser
    ppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111
    pGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Zoeken = C:\Users\leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Gmail = C:\Users\leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2012-11-20 19:15:17 | 000,000,027 | —- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe (NewSoft)
    O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe (NewSoft)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKU\S-1-5-21-3413625083-3745700155-175327537-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
    O4 - Startup: C:\Users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{544B836C-72D4-420F-9966-A6EED5F4AA6A}: DhcpNameServer = 212.54.40.25 212.54.35.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9AB41A7-2948-4635-B9AB-1B5EA29528AD}: DhcpNameServer = 212.54.40.25 212.54.35.25
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
    O24 - Desktop BackupWallPaper: C:\Users\leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | —- | M] () - C:\autoexec.bat – [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37 - HKLM\…com [@ = ComFile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webmappen
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {78310121-036D-427A-9FAA-A9D8135E5F8F} - .NET Framework
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========[/color:3e80d620f8]

    [2012-12-22 09:07:24 | 000,602,112 | —- | C] (OldTimer Tools) – C:\Users\leo\Documents\Desktop\OTL.exe
    [2012-12-22 08:37:04 | 000,293,376 | —- | C] (Adobe Systems Incorporated) – C:\Windows\System32\atmfd.dll
    [2012-12-22 08:37:04 | 000,034,304 | —- | C] (Adobe Systems) – C:\Windows\System32\atmlib.dll
    [2012-12-13 08:09:17 | 002,382,848 | —- | C] (Microsoft Corporation) – C:\Windows\System32\mshtml.tlb
    [2012-12-13 08:09:15 | 000,176,640 | —- | C] (Microsoft Corporation) – C:\Windows\System32\ieui.dll
    [2012-12-13 08:09:14 | 000,142,848 | —- | C] (Microsoft Corporation) – C:\Windows\System32\ieUnatt.exe
    [2012-12-13 08:09:14 | 000,065,024 | —- | C] (Microsoft Corporation) – C:\Windows\System32\jsproxy.dll
    [2012-12-13 08:09:13 | 000,607,744 | —- | C] (Microsoft Corporation) – C:\Windows\System32\msfeeds.dll
    [2012-12-13 08:09:11 | 001,800,704 | —- | C] (Microsoft Corporation) – C:\Windows\System32\jscript9.dll
    [2012-12-13 08:09:11 | 000,231,936 | —- | C] (Microsoft Corporation) – C:\Windows\System32\url.dll
    [2012-12-13 08:09:08 | 001,427,968 | —- | C] (Microsoft Corporation) – C:\Windows\System32\inetcpl.cpl
    [2012-12-13 08:06:31 | 000,009,728 | —- | C] (Microsoft Corporation) – C:\Windows\System32\Wdfres.dll
    [2012-12-13 08:06:22 | 000,016,896 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winusb.dll
    [2012-12-13 08:06:21 | 000,172,032 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WUDFPlatform.dll
    [2012-12-13 08:06:20 | 000,047,720 | —- | C] (Microsoft Corporation) – C:\Windows\System32\drivers\WdfLdr.sys
    [2012-12-13 08:06:18 | 000,613,888 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WUDFx.dll
    [2012-12-13 08:06:18 | 000,038,912 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WUDFCoinstaller.dll
    [2012-12-12 22:43:21 | 002,048,000 | —- | C] (Microsoft Corporation) – C:\Windows\System32\win32k.sys
    [2012-12-12 22:43:19 | 000,376,320 | —- | C] (Microsoft Corporation) – C:\Windows\System32\dpnet.dll
    [2012-12-12 22:43:19 | 000,023,040 | —- | C] (Microsoft Corporation) – C:\Windows\System32\dpnsvr.exe
    [2012-12-12 22:43:05 | 000,002,048 | —- | C] (Microsoft Corporation) – C:\Windows\System32\tzres.dll
    [2012-11-25 11:08:17 | 000,000,000 | —D | C] – C:\Users\leo\Documents\Desktop\EmsisoftEmergencyKit

    ========== Files - Modified Within 30 Days ==========[/color:3e80d620f8]

    [2012-12-22 09:16:04 | 000,001,058 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3413625083-3745700155-175327537-1000UA.job
    [2012-12-22 09:11:01 | 000,001,038 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012-12-22 09:07:25 | 000,602,112 | —- | M] (OldTimer Tools) – C:\Users\leo\Documents\Desktop\OTL.exe
    [2012-12-22 08:58:21 | 000,001,034 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012-12-22 08:55:37 | 000,003,168 | -H– | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-12-22 08:55:36 | 000,003,168 | -H– | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-12-22 08:55:35 | 000,318,904 | —- | M] () – C:\Windows\System32\FNTCACHE.DAT
    [2012-12-22 08:55:27 | 000,067,584 | –S- | M] () – C:\Windows\bootstat.dat
    [2012-12-22 08:54:38 | 1876,328,448 | -HS- | M] () – C:\hiberfil.sys
    [2012-12-16 21:16:01 | 000,001,006 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3413625083-3745700155-175327537-1000Core.job
    [2012-12-16 14:12:54 | 000,034,304 | —- | M] (Adobe Systems) – C:\Windows\System32\atmlib.dll
    [2012-12-16 11:50:29 | 000,293,376 | —- | M] (Adobe Systems Incorporated) – C:\Windows\System32\atmfd.dll
    [2012-12-13 08:23:15 | 000,002,038 | —- | M] () – C:\Users\leo\Documents\Desktop\Google Chrome.lnk
    [2012-12-13 08:23:15 | 000,001,994 | —- | M] () – C:\Users\leo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012-12-12 22:38:03 | 000,000,402 | —- | M] () – C:\Windows\tasks\pc-dis-upd.job
    [2012-11-26 11:15:02 | 000,677,388 | —- | M] () – C:\Windows\System32\perfh013.dat
    [2012-11-26 11:15:02 | 000,596,196 | —- | M] () – C:\Windows\System32\perfh009.dat
    [2012-11-26 11:15:02 | 000,130,386 | —- | M] () – C:\Windows\System32\perfc013.dat
    [2012-11-26 11:15:02 | 000,104,270 | —- | M] () – C:\Windows\System32\perfc009.dat

    ========== Files Created - No Company Name ==========[/color:3e80d620f8]

    [2012-12-13 08:06:41 | 000,000,003 | —- | C] () – C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012-12-13 08:06:41 | 000,000,003 | —- | C] () – C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012-11-20 19:03:07 | 000,256,000 | —- | C] () – C:\Windows\PEV.exe
    [2012-11-20 19:03:07 | 000,208,896 | —- | C] () – C:\Windows\MBR.exe
    [2012-11-20 19:03:07 | 000,098,816 | —- | C] () – C:\Windows\sed.exe
    [2012-11-20 19:03:07 | 000,080,412 | —- | C] () – C:\Windows\grep.exe
    [2012-11-20 19:03:07 | 000,068,096 | —- | C] () – C:\Windows\zip.exe
    [2011-01-05 14:10:54 | 000,117,248 | —- | C] () – C:\Windows\System32\EhStorAuthn.dll
    [2011-01-05 14:10:54 | 000,107,612 | —- | C] () – C:\Windows\System32\StructuredQuerySchema.bin
    [2011-01-04 17:20:27 | 000,018,904 | —- | C] () – C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009-10-16 21:03:21 | 000,000,062 | —- | C] () – C:\Users\leo\intlname.ols
    [2009-03-12 15:46:55 | 000,000,104 | —- | C] () – C:\Users\leo\Computer - Snelkoppeling.lnk
    [2009-01-07 13:54:16 | 000,013,312 | —- | C] () – C:\Users\leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========[/color:3e80d620f8]

    [2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll – [2012-06-08 18:47:00 | 011,586,048 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll – [2009-04-11 07:28:19 | 000,614,912 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll – [2009-04-11 07:28:25 | 000,347,648 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========[/color:3e80d620f8]

    [2012-10-18 20:45:40 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Ad-Aware Antivirus
    [2012-11-24 16:16:41 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Belastingdienst
    [2012-10-22 12:32:08 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\PCPro
    [2009-03-27 13:16:49 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\TomTom

    ========== Purity Check ==========[/color:3e80d620f8]



    ========== Custom Scans ==========[/color:3e80d620f8]

    < %ALLUSERSPROFILE%\Application Data\*. >[/color:3e80d620f8]

    < %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color:3e80d620f8]

    < %APPDATA%\*. >[/color:3e80d620f8]
    [2012-10-18 20:45:40 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Ad-Aware Antivirus
    [2009-04-14 19:44:34 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Adobe
    [2009-01-07 12:22:54 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\ATI
    [2011-12-10 14:51:03 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Avira
    [2012-11-24 16:16:41 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Belastingdienst
    [2010-10-12 22:04:50 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Google
    [2009-01-07 12:22:16 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Identities
    [2010-08-24 15:09:44 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\InstallShield
    [2012-10-18 20:45:50 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\LavasoftStatistics
    [2009-04-14 19:44:35 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Macromedia
    [2012-10-18 21:04:02 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Malwarebytes
    [2006-11-02 13:37:34 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Media Center Programs
    [2011-07-19 20:56:33 | 000,000,000 | –SD | M] – C:\Users\leo\AppData\Roaming\Microsoft
    [2009-03-27 13:17:00 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Mozilla
    [2009-01-07 12:22:43 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Nero
    [2012-10-22 12:32:08 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\PCPro
    [2012-12-22 08:44:40 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\Skype
    [2009-03-27 13:16:49 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\TomTom
    [2009-10-05 17:58:05 | 000,000,000 | —D | M] – C:\Users\leo\AppData\Roaming\U3

    < %APPDATA%\*.exe /s >[/color:3e80d620f8]

    < %SYSTEMDRIVE%\*.exe >[/color:3e80d620f8]

    < MD5 for: AGP440.SYS >[/color:3e80d620f8]
    [2008-01-19 08:42:25 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 – C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
    [2008-01-19 08:42:25 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 – C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
    [2008-01-19 08:42:25 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 – C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
    [2008-01-19 08:42:25 | 000,056,376 | —- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 – C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
    [2006-11-02 10:49:52 | 000,053,864 | —- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 – C:\Windows\ERDNT\cache\AGP440.sys
    [2006-11-02 10:49:52 | 000,053,864 | —- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 – C:\Windows\System32\drivers\AGP440.sys
    [2006-11-02 10:49:52 | 000,053,864 | —- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 – C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

    < MD5 for: ATAPI.SYS >[/color:3e80d620f8]
    [2009-04-11 07:32:26 | 000,019,944 | —- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 – C:\Windows\ERDNT\cache\atapi.sys
    [2009-04-11 07:32:26 | 000,019,944 | —- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 – C:\Windows\System32\drivers\atapi.sys
    [2009-04-11 07:32:26 | 000,019,944 | —- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 – C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    [2009-04-11 07:32:26 | 000,019,944 | —- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 – C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    [2008-01-19 08:41:30 | 000,021,560 | —- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 – C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [2008-01-19 08:41:30 | 000,021,560 | —- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 – C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [2006-11-02 10:49:36 | 000,019,048 | —- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F – C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
    [2008-03-10 18:54:16 | 000,021,560 | —- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 – C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
    [2008-03-10 18:54:16 | 000,021,560 | —- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 – C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
    [2008-03-10 18:54:15 | 000,021,560 | —- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F – C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

    < MD5 for: BEEP.SYS >[/color:3e80d620f8]
    [2008-01-19 06:49:10 | 000,006,144 | —- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 – C:\Windows\ERDNT\cache\beep.sys
    [2008-01-19 06:49:10 | 000,006,144 | —- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 – C:\Windows\System32\drivers\beep.sys
    [2008-01-19 06:49:10 | 000,006,144 | —- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 – C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
    [2006-11-02 09:51:03 | 000,006,144 | —- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 – C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

    < MD5 for: CNGAUDIT.DLL >[/color:3e80d620f8]
    [2006-11-02 10:46:03 | 000,011,776 | —- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D – C:\Windows\ERDNT\cache\cngaudit.dll
    [2006-11-02 10:46:03 | 000,011,776 | —- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D – C:\Windows\System32\cngaudit.dll
    [2006-11-02 10:46:03 | 000,011,776 | —- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D – C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: IASTORV.SYS >[/color:3e80d620f8]
    [2008-01-19 08:42:51 | 000,235,064 | —- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 – C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
    [2008-01-19 08:42:51 | 000,235,064 | —- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 – C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
    [2006-11-02 10:51:25 | 000,232,040 | —- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 – C:\Windows\System32\drivers\iaStorV.sys
    [2006-11-02 10:51:25 | 000,232,040 | —- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 – C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

    < MD5 for: NETLOGON.DLL >[/color:3e80d620f8]
    [2006-11-02 10:46:11 | 000,559,616 | —- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B – C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783
    etlogon.dll
    [2009-04-11 07:28:23 | 000,592,896 | —- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE – C:\Windows\ERDNT\cache
    etlogon.dll
    [2009-04-11 07:28:23 | 000,592,896 | —- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE – C:\Windows\System32
    etlogon.dll
    [2009-04-11 07:28:23 | 000,592,896 | —- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE – C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3
    etlogon.dll
    [2008-01-19 08:35:36 | 000,592,384 | —- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F – C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857
    etlogon.dll

    < MD5 for: NVSTOR.SYS >[/color:3e80d620f8]
    [2006-11-02 10:50:13 | 000,040,040 | —- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC – C:\Windows\System32\drivers
    vstor.sys
    [2006-11-02 10:50:13 | 000,040,040 | —- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC – C:\Windows\System32\DriverStore\FileRepository
    vraid.inf_733654ff
    vstor.sys
    [2008-01-19 08:42:09 | 000,045,112 | —- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 – C:\Windows\System32\DriverStore\FileRepository
    vraid.inf_31c3d71d
    vstor.sys
    [2008-01-19 08:42:09 | 000,045,112 | —- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 – C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467
    vstor.sys

    < MD5 for: SCECLI.DLL >[/color:3e80d620f8]
    [2008-01-19 08:36:19 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 – C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
    [2006-11-02 10:46:12 | 000,176,640 | —- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 – C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
    [2009-04-11 07:28:24 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 – C:\Windows\ERDNT\cache\scecli.dll
    [2009-04-11 07:28:24 | 000,17
  • De logfile paste niet in het vorige antwoord
    Bijgaand de rest


    < MD5 for: SCECLI.DLL >[/color:2523326935]
    [2008-01-19 08:36:19 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 – C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
    [2006-11-02 10:46:12 | 000,176,640 | —- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 – C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
    [2009-04-11 07:28:24 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 – C:\Windows\ERDNT\cache\scecli.dll
    [2009-04-11 07:28:24 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 – C:\Windows\System32\scecli.dll
    [2009-04-11 07:28:24 | 000,177,152 | —- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 – C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

    < MD5 for: THEMEUI.DLL >[/color:2523326935]
    [2009-04-11 07:28:24 | 000,615,424 | —- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 – C:\Windows\System32\themeui.dll
    [2009-04-11 07:28:24 | 000,615,424 | —- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 – C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6002.18005_none_86ea0f7f18a2f487\themeui.dll
    [2008-01-19 08:36:40 | 000,615,424 | —- | M] (Microsoft Corporation) MD5=56BA1BD7176DBBFBD037275819DA4AE3 – C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_84fe96731b81293b\themeui.dll
    [2006-11-02 10:46:13 | 000,615,424 | —- | M] (Microsoft Corporation) MD5=57662420C44382D612E40043DA492616 – C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6000.16386_none_82c7d4771e961867\themeui.dll

    < MD5 for: USERINIT.EXE >[/color:2523326935]
    [2008-01-19 08:33:33 | 000,025,088 | —- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 – C:\Windows\ERDNT\cache\userinit.exe
    [2008-01-19 08:33:33 | 000,025,088 | —- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 – C:\Windows\System32\userinit.exe
    [2008-01-19 08:33:33 | 000,025,088 | —- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 – C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    [2006-11-02 10:45:50 | 000,024,576 | —- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 – C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

    < %systemroot%\system32\drivers\*.sys /lockedfiles >[/color:2523326935]

    < %systemroot%\System32\config\*.sav >[/color:2523326935]
    [2006-11-02 11:34:05 | 000,008,192 | —- | M] () – C:\Windows\System32\config\COMPONENTS.SAV
    [2006-11-02 11:34:05 | 000,020,480 | —- | M] () – C:\Windows\System32\config\DEFAULT.SAV
    [2006-11-02 11:34:05 | 000,008,192 | —- | M] () – C:\Windows\System32\config\SECURITY.SAV
    [2006-11-02 11:34:08 | 010,133,504 | —- | M] () – C:\Windows\System32\config\SOFTWARE.SAV
    [2006-11-02 11:34:08 | 001,826,816 | —- | M] () – C:\Windows\System32\config\SYSTEM.SAV

    < %systemroot%\*. /mp /s >[/color:2523326935]

    < %systemroot%\system32\*.dll /lockedfiles >[/color:2523326935]
    [2007-11-02 12:09:10 | 000,364,544 | —- | M] (Advanced Micro Devices, Inc.)[b:2523326935] Unable to obtain MD5[/b:2523326935] – C:\Windows\system32\ATIDEMGX.dll

    < End of report >


    En ik zie net dat er een extra logfile gemaakt is (naam extras.txt)

    Bijgaand deze logfile



    OTL Extras logfile created on: 22-12-2012 9:09:51 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leo\Documents\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1,75 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 35,20% Memory free
    3,74 Gb Paging File | 2,47 Gb Available in Paging File | 66,11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139,25 Gb Total Space | 82,12 Gb Free Space | 58,97% Space Free | Partition Type: NTFS

    Computer Name: PC_VAN_LEO | User Name: leo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:2523326935]


    ========== File Associations ==========[/color:2523326935]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] – C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========[/color:2523326935]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Key error.
    hlpfile [open] – %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Fotoshow] – "C:\Program Files\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d "%1" ()
    Directory [Kruidvat fotoservice] – "C:\Program Files\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" "%1" ()
    Folder [open] – %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] – %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:2523326935]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type – File not found
    "VistaSp2" = Reg Error: Unknown registry data type – File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========[/color:2523326935]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========[/color:2523326935]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========[/color:2523326935]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========[/color:2523326935]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02EFA86C-3334-4230-B325-90965E684763}" = rport=445 | protocol=6 | dir=out | app=system |
    "{088F96CE-3764-45C3-80D4-05D919E477B1}" = lport=139 | protocol=6 | dir=in | app=system |
    "{1C9503A8-BAD1-4A4D-84CE-436AE4BD5860}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9AD7BD0F-16A7-42F1-BDCE-8C60BD440C11}" = rport=137 | protocol=17 | dir=out | app=system |
    "{A83B704E-3D15-4331-8A90-8763964A0E85}" = lport=445 | protocol=6 | dir=in | app=system |
    "{AE74DEF7-01F7-49CD-809B-554B9C2E774A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{BF8F8AB0-C533-4B50-A2B2-31E5581A89BF}" = lport=137 | protocol=17 | dir=in | app=system |
    "{E2C1F948-5D6C-4772-9545-0B07AE8886B6}" = lport=138 | protocol=17 | dir=in | app=system |
    "{ED51DA78-42A9-49CA-99EE-C90827575BD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{EDB931F4-349A-4F89-B154-4B36717780E6}" = rport=138 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========[/color:2523326935]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0CA2C96E-D150-4041-BB54-2425043D9143}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{5932140F-98E9-45CC-B26D-FEA4FCAB43F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{611E6737-43E1-46C8-BAA5-E0E8CAA0408C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{62C2D911-E07B-4F37-88E6-0FF3F1CC4765}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{80C65D7B-3F70-4630-A979-DF0E285C749E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "TCP Query User{1D938FF1-C8B9-476E-8107-A20687D6C22F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{1AC18115-85B3-4C4B-A41F-E5708A2EC01F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:2523326935]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01C38009-DE06-842B-2B94-794A26556AFF}" = ATI Catalyst Install Manager
    "{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
    "{10AA3787-CE9B-40A4-1799-95B1FBD1380A}" = Catalyst Control Center Localization Dutch
    "{1530B48E-4720-2716-F06A-816B9875B59F}" = Catalyst Control Center Graphics Light
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
    "{2BF58D72-2FB0-9C33-B825-5EA347EFB569}" = ccc-utility
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6CA65589-AE0B-FAFB-2DAD-6ECFAB78CCB6}" = CCC Help Dutch
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D853998-1055-4E45-B99E-F5039C502831}" = Photo Notifier and Animation Creator
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
    "{90AF0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{997AA5D2-C242-5DDD-C85F-7070D658ADEC}" = Skins
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1043-7B44-A95000000001}" = Adobe Reader 9.5.2 - Nederlands
    "{BC0DCD27-345B-4013-A6E0-67EC92DF32C8}" = Presto! PVR
    "{CD7606A3-A7ED-07D8-126E-5F748460A36E}" = ccc-core-static
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
    "{DE6A9A6E-D319-1214-E605-23F480D96085}" = Catalyst Control Center Graphics Previews Vista
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E417A5F1-2406-4D4C-98C3-FC84D59A1043}" = Nero 8 Essentials
    "{EB3D2BF3-108F-77E2-DA54-D3A42C87CE28}" = Catalyst Control Center Graphics Full Existing
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F38D4632-C647-F842-7B1C-31E5BD4A2BC6}" = Catalyst Control Center Graphics Full New
    "{FDE7C9E9-F840-6C77-1038-8CAE071AEE26}" = Catalyst Control Center Core Implementation
    "Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
    "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009
    "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010
    "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "CCleaner" = CCleaner
    "DivX Codec" = DivX Codec
    "Huur- en zorgtoeslag 2009" = Huur- en zorgtoeslag 2009
    "Kruidvat fotoservice" = Kruidvat fotoservice
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.1.1000
    "Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "PC Cleaners" = PC Cleaners
    "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
    "Vittalia" = Vittalia Installer

    ========== HKEY_USERS Uninstall List ==========[/color:2523326935]

    [HKEY_USERS\S-1-5-21-3413625083-3745700155-175327537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{B7961CCE-CF36-4858-BC1A-D06D3D25ECE5}_is1" = Albelli Fotoboeken
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========[/color:2523326935]

    [ Application Events ]
    Error - 20-12-2012 3:44:02 | Computer Name = PC_van_leo | Source = Lavasoft Ad-Aware Service | ID = 0
    Description =

    Error - 20-12-2012 10:20:03 | Computer Name = PC_van_leo | Source = EventSystem | ID = 4621
    Description =

    Error - 20-12-2012 12:00:06 | Computer Name = PC_van_leo | Source = EventSystem | ID = 4621
    Description =

    Error - 21-12-2012 4:14:31 | Computer Name = PC_van_leo | Source = EventSystem | ID = 4621
    Description =

    Error - 21-12-2012 13:00:26 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 21-12-2012 13:00:32 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 21-12-2012 18:11:07 | Computer Name = PC_van_leo | Source = EventSystem | ID = 4621
    Description =

    Error - 22-12-2012 3:35:59 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 22-12-2012 3:36:22 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 22-12-2012 4:13:25 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    [ System Events ]
    Error - 21-12-2012 4:14:28 | Computer Name = PC_van_leo | Source = DCOM | ID = 10010
    Description =

    Error - 21-12-2012 11:58:39 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7000
    Description =

    Error - 21-12-2012 12:52:28 | Computer Name = PC_van_leo | Source = netbt | ID = 4321
    Description = De naam WORKGROUP :1d kan niet op de interface met het IP-adres
    192.168.0.101 worden geregistreerd. De computer met het IP-adres 192.168.0.102 staat
    niet toe dat deze naam door deze computer wordt gebruikt.

    Error - 21-12-2012 12:57:44 | Computer Name = PC_van_leo | Source = netbt | ID = 4319
    Description = Dubbele naam aangetroffen op het TCP-netwerk. Het IP-adres van de computer
    dat het bericht heeft verzonden, staat in de gegevens. Gebruik nbtstat -n in een
    opdrachtvenster
    als u wilt zien welke naam conflicteert.

    Error - 21-12-2012 13:49:23 | Computer Name = PC_van_leo | Source = DCOM | ID = 10010
    Description =

    Error - 21-12-2012 16:28:51 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7000
    Description =

    Error - 21-12-2012 18:11:05 | Computer Name = PC_van_leo | Source = DCOM | ID = 10010
    Description =

    Error - 22-12-2012 3:32:23 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7000
    Description =

    Error - 22-12-2012 3:56:14 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7000
    Description =

    Error - 22-12-2012 4:01:04 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7022
    Description =


    < End of report >
  • Geen malware gevonden.
    Echter zijn er twee antivirusprogramma's actief in Windows.

    Avira = goed
    Lavasoft AdAware Antivirus = minder goed.

    Dus verwijder Lavasoft geheel uit deze Windows, om zodoende de onderlinge conflicten tussen Avira en Lavasoft op te heffen.

    Ik ga ervan uit dat dit het beste te doen is met de Revo Uninstaller!
    http://www.revouninstaller.com/

    De sharewareversie werkt volledig voor 30 dagen!
  • ah, oke,
    dat is dan waarschijnlijk ook de reden waarom deze zo traag……..of kan dat niet)
    Ik zal er rond de kerstdagen nog eens naar kijken.
    Thanx zover in ieder geval weer.
  • Het is heel goed mogelijk, want conflicten in Windows vertragen altijd!

    En als je de komende dagen er naar kan kijken kan je ook het volgende doen (misschien ook een goed idee voor je eigen machine?):

    a) Windows goed opruimen en daarna goed opgeruimd houden en
    b) Windows goed defragmenteren en daarna regelmatig de defragmentering na opruimen weer ter hand nemen!

    Wat betreft het opruimen: kijk daarvoor hier: http://www.nationaalcomputerforum.nl/showthread.php?t=99605
    Er is denk ik geen betere opschoner voor Windows dan WinSysClean.
    Ik gebruik WinSysClean als sinds 2001 en heb met iedere nieuwe versie gemerkt dat het tool nog beter reinigt.
    Schrik niet mocht WinSysClean de eerste keer een hoop troep vinden.
    'Windows zelf houdt namelijk ervan een hoop bestanden in de tijdelijke mappen aan te houden en laat dan alleen de oudste bestanden eventueel verwijderen.
    WinSysClean zorgt er nu voor dat alles wordt opgeruimd.
    En dat alleen al bevordert het tempo van Windows, want dan hoeft die troep niet meer meegedragen te worden.
    Overigens: hetzelfde geldt voor al die programma's die je niet meer gebruikt!

    Wat betreft het defragmenteren: ga O&O Free Defrag gebruiken.
    O&O Defrag Free Edition als 32-bit- dan wel 64-bit editie - Downloadlink

    Start na installatie O&O Defrag Free Edition, deze gratis defragmenteerder werkt efficiënter dan het Windows tool.
    Standaard is "Smart defrag" al ingesteld, dit houdt in dat veel gebruikte bestanden naar voren worden geplaatst waardoor alles sneller gaat!
    De eerste defragmentering kan enige tijd in beslag nemen; daarop volgende keren zal het sneller gaan.

    Laat maar weten of deze "vertroeteltips" hebben geholpen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.