Vraag & Antwoord

Beveiliging & privacy

kan iemand deze log eens bekijken (Laptop ouders)

13 antwoorden
  • Aangezien de pc vrij traag begon te worden, zaterdag eerst gedefragmenteerd. Heeft in totaal 7 uur gelopen. Vandaag malwarebytes laten lopen Bijgaand dus de log: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Databaseversie: v2012.11.19.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 leo :: PC_VAN_LEO [administrator] 19-11-2012 18:32:26 mbam-log-2012-11-19 (18-32-26).txt Scantype: Volledige scan (C:\|) Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 304000 Verstreken tijd: 1 uur/uren, 31 minuut/minuten, 14 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 22 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Succesvol in quarantaine geplaatst en verwijderd. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 4 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 24 C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\leo\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd. (einde)
  • Vervolg je werkzaamheden met onderstaande opdrachten: [color=#FF0000:b992095d4a][b:b992095d4a]Stap •1•[/b:b992095d4a][/color:b992095d4a] [b:b992095d4a]Welk programma[/b:b992095d4a]: [color=#008000:b992095d4a][b:b992095d4a]AdwCleaner[/b:b992095d4a][/color:b992095d4a] [b:b992095d4a]Waarvoor/waarom[/b:b992095d4a]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:b992095d4a]Moeilijkheidsgraad[/b:b992095d4a]: Geen. [b:b992095d4a]Downloadlokatie[/b:b992095d4a]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:b992095d4a]Download[/b:b992095d4a]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner]AdwCleaner by Xplode[/url]. [b:b992095d4a]Opmerkingen[/b:b992095d4a]: [list:b992095d4a][*:b992095d4a][color=#FF0000:b992095d4a][b:b992095d4a] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:b992095d4a][/color:b992095d4a]. [*:b992095d4a]Dat na opstarten van [color=#008000:b992095d4a][b:b992095d4a]AdwCleaner[/b:b992095d4a][/color:b992095d4a] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:b992095d4a] [b:b992095d4a][color=#008000:b992095d4a]AdwCleaner[/color:b992095d4a] opstarten[/b:b992095d4a]: [list:b992095d4a][*:b992095d4a][b:b992095d4a][color=#0000FF:b992095d4a]Windows 2000[/color:b992095d4a][/b:b992095d4a] en [color=#0000FF:b992095d4a][b:b992095d4a]Windows XP[/b:b992095d4a][/color:b992095d4a]: dubbelklik op adwcleaner.exe. [*:b992095d4a][color=#0000FF:b992095d4a][b:b992095d4a]Windows Vista[/b:b992095d4a][/color:b992095d4a] en [color=#0000FF:b992095d4a][b:b992095d4a]Windows 7[/b:b992095d4a][/color:b992095d4a]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:b992095d4a] [b:b992095d4a][color=#008000:b992095d4a]AdwCleaner[/color:b992095d4a] is opgestart[/b:b992095d4a]: [list:b992095d4a][*:b992095d4a]Klik op de knop [color=#0000FF:b992095d4a][b:b992095d4a]Verwijderen[/b:b992095d4a][/color:b992095d4a] [*:b992095d4a]Klik bij [color=#0000FF:b992095d4a][b:b992095d4a]AdwCleaner – Afsluiting van de programma's[/b:b992095d4a][/color:b992095d4a] op [b:b992095d4a]OK[/b:b992095d4a] [*:b992095d4a]Klik bij [color=#0000FF:b992095d4a][b:b992095d4a]AdwCleaner – Herstarten noodzakelijk[/b:b992095d4a][/color:b992095d4a] op [b:b992095d4a]OK[/b:b992095d4a][/list:u:b992095d4a] [b:b992095d4a][color=#008000:b992095d4a]AdwCleaner[/color:b992095d4a] logbestand[/b:b992095d4a]: [list:b992095d4a][*:b992095d4a]Nadat de PC opnieuw is opgestart, opent een logfile. [*:b992095d4a]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:b992095d4a] [color=#FF0000:b992095d4a][b:b992095d4a]Stap •2•[/b:b992095d4a][/color:b992095d4a] [b:b992095d4a]Welk programma[/b:b992095d4a]: [color=#008000:b992095d4a][b:b992095d4a]ComboFix[/b:b992095d4a][/color:b992095d4a] [b:b992095d4a]Waarvoor/waarom[/b:b992095d4a]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:b992095d4a]Moeilijkheidsgraad[/b:b992095d4a]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:b992095d4a]Downloadlokatie[/b:b992095d4a]: Dit programma absoluut naar het bureaublad downloaden! [b:b992095d4a]Download ComboFix via één van deze locaties[/b:b992095d4a]: [list:b992095d4a][*:b992095d4a][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:b992095d4a]Bleepingcomputer[/b:b992095d4a][/url] [*:b992095d4a][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:b992095d4a]ForoSpyware[/b:b992095d4a][/url] [*:b992095d4a][url=http://subs.geekstogo.com/ComboFix.exe][b:b992095d4a]Geekstogo[/b:b992095d4a][/url][/list:u:b992095d4a] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:b992095d4a][color=#0000FF:b992095d4a]Hier[/color:b992095d4a][/b:b992095d4a][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:b992095d4a][color=#0000FF:b992095d4a]Hier[/color:b992095d4a][/b:b992095d4a][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:b992095d4a][color=#0000FF:b992095d4a]hier[/color:b992095d4a][/b:b992095d4a][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:b992095d4a]Opmerkingen[/b:b992095d4a]: [list:b992095d4a][*:b992095d4a][*:b992095d4a]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:b992095d4a]Indien ComboFix een melding geeft over Zero-acces, meld dat vervolgens erbij in je nieuwe bericht.[/list:u:b992095d4a] [b:b992095d4a]ComboFix opstarten[/b:b992095d4a]: [list:b992095d4a][*:b992095d4a][b:b992095d4a][color=#0000FF:b992095d4a]Windows 2000[/color:b992095d4a][/b:b992095d4a] en [color=#0000FF:b992095d4a][b:b992095d4a]Windows XP[/b:b992095d4a][/color:b992095d4a]: dubbelklik op ComboFix.exe. [*:b992095d4a][color=#0000FF:b992095d4a][b:b992095d4a]Windows Vista[/b:b992095d4a][/color:b992095d4a] en [color=#0000FF:b992095d4a][b:b992095d4a]Windows 7[/b:b992095d4a][/color:b992095d4a]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:b992095d4a] [b:b992095d4a]ComboFix is opgestart[/b:b992095d4a]: [list:b992095d4a][*:b992095d4a]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:b992095d4a]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:b992095d4a]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:b992095d4a]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:b992095d4a]Post de inhoud van dit logbestand in je volgende bericht. [*:b992095d4a]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:b992095d4a] [b:b992095d4a]Belangrijke opmerking[/b:b992095d4a]: [list:b992095d4a][*:b992095d4a][b:b992095d4a][color=#0000FF:b992095d4a]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:b992095d4a][/b:b992095d4a] [*:b992095d4a][b:b992095d4a][color=#FF0000:b992095d4a]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:b992095d4a][/b:b992095d4a] [*:b992095d4a][b:b992095d4a][color=#008000:b992095d4a]Start dan de computer opnieuw op.[/color:b992095d4a][/b:b992095d4a][/list:u:b992095d4a]
  • Bijgaand alvast de lof van adwcleaner. We gaan nu verder met combofox # AdwCleaner v2.008 - Verslag gemaakt op 20/11/2012 om 18:43:45 # Geactualiseerd op 17/11/2012 door Xplode # Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Gebruiker : leo - PC_VAN_LEO # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\leo\Documents\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** Map Verwijdert : C:\Program Files\ConduitEngine Map Verwijdert : C:\Program Files\IncrediMail_MediaBar_4 Map Verwijdert : C:\Users\leo\AppData\LocalLow\ConduitEngine Map Verwijdert : C:\Users\leo\AppData\LocalLow\IncrediMail_MediaBar_4 Map Verwijdert : C:\Users\leo\AppData\Roaming\BrowserCompanion ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\conduitEngine Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_4 Sleutel Verwijdert : HKCU\Software\ImInstaller Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90EEE664-34B1-422A-A782-779AF65CDF6D} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90EEE664-34B1-422A-A782-779AF65CDF6D} Sleutel Verwijdert : HKLM\Software\BrowserCompanion Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{90EEE664-34B1-422A-A782-779AF65CDF6D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2878754 Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\Software\conduitEngine Sleutel Verwijdert : HKLM\Software\ImInstaller Sleutel Verwijdert : HKLM\Software\IncrediMail_MediaBar_4 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90EEE664-34B1-422A-A782-779AF65CDF6D} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_4 Toolbar Sleutel Verwijdert : HKU\S-1-5-21-3413625083-3745700155-175327537-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90EEE664-34B1-422A-A782-779AF65CDF6D}] Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{90EEE664-34B1-422A-A782-779AF65CDF6D}] Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90EEE664-34B1-422A-A782-779AF65CDF6D}] Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90EEE664-34B1-422A-A782-779AF65CDF6D}] ***** [Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v23.0.1271.64 File : C:\Users\leo\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[S1].txt - [4582 octets] - [20/11/2012 18:43:45] ########## EOF - C:\AdwCleaner[S1].txt - [4642 octets] ##########
  • en de combofix log ComboFix 12-11-20.02 - leo 20-11-2012 19:05:57.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.1791.702 [GMT 1:00] Gestart vanuit: c:\users\leo\Documents\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\leo\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))) . . 2012-11-20 18:15 . 2012-11-20 18:15 -------- d-----w- c:\users\leo\AppData\Local\temp 2012-11-20 18:15 . 2012-11-20 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-19 17:31 . 2012-11-19 17:32 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-11-19 17:30 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-17 11:53 . 2012-11-17 11:53 -------- d-----w- c:\program files\CCleaner 2012-11-17 11:50 . 2012-11-17 11:52 -------- d-----w- c:\program files\Vittalia 2012-11-17 11:32 . 2012-11-17 11:32 -------- d-----w- c:\program files\Microsoft Silverlight 2012-11-16 19:13 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BC4B537-8193-4E8C-B85B-E770B8F7A0CF}\mpengine.dll 2012-11-16 10:28 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 06:07 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-10-22 11:32 . 2012-10-22 11:28 4588344 ----a-w- c:\windows\uninst.exe 2012-10-22 11:32 . 2012-10-22 11:32 -------- d-----w- c:\users\leo\AppData\Roaming\PCPro 2012-10-22 11:32 . 2012-10-22 11:32 -------- d-----w- c:\program files\PC Cleaners 2012-10-22 11:32 . 2012-10-22 11:32 -------- d-----w- c:\programdata\PC1Data 2012-10-22 11:16 . 2012-10-22 11:16 105 ----a-w- C:\prefs.js . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-13 13:28 . 2012-10-10 13:11 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-29 11:27 . 2012-10-10 13:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-29 11:27 . 2012-10-10 13:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 15:53 . 2012-10-10 13:11 172544 ----a-w- c:\windows\system32\wintrust.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-12 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "ChangeFilterMerit"="c:\program files\NewSoft\Presto! PVR\ChangeFilterMerit.exe" [2007-06-08 51280] "Presto! PVR Monitor"="c:\program files\NewSoft\Presto! PVR\Monitor.exe" [2009-08-07 161616] "Skytel"="Skytel.exe" [2007-11-20 1826816] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] . c:\users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ tcbhn.lnk - c:\users\leo\AppData\Roaming\BrowserCompanion\tcbhn.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 17:21] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-12 17:21] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3413625083-3745700155-175327537-1000Core.job - c:\users\leo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 16:07] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3413625083-3745700155-175327537-1000UA.job - c:\users\leo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 16:07] . 2012-11-20 c:\windows\Tasks\pc-dis-upd.job - c:\program files\PC Cleaners\PCCleaners.exe [2012-10-22 11:32] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ig?hl=nl IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{a15fa2b1-56fa-4f98-b727-c4bdb36430b5} - (no file) WebBrowser-{A15FA2B1-56FA-4F98-B727-C4BDB36430B5} - (no file) HKCU-Run-TomTomHOME.exe - c:\users\leo\Documents\TomTom HOME 2\TomTomHOMERunner.exe HKLM-Run-AuditVista - (no file) HKLM-Run-IR_SERVER - c:\program files\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-20 19:15 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Voltooingstijd: 2012-11-20 19:18:26 ComboFix-quarantined-files.txt 2012-11-20 18:18 . Pre-Run: 88.330.407.936 bytes beschikbaar Post-Run: 88.303.869.952 bytes beschikbaar . - - End Of File - - 0ECF0588228AC88A99CDB300BBC17A25
  • Volgende stap: [b:89168e9f16]Welk programma[/b:89168e9f16]: [color=#008000:89168e9f16][b:89168e9f16]Emsisoft Emergency Kit 3.0 Portable[/b:89168e9f16][/color:89168e9f16] [b:89168e9f16]Waarvoor/waarom[/b:89168e9f16]: Detecteert en verwijdert malware [b:89168e9f16]Moeilijkheidsgraad[/b:89168e9f16]: geen. Download: [b:89168e9f16][url=http://download11.emsisoft.com/EmsisoftEmergencyKit.zip][color=#FF0000:89168e9f16]Emsisoft Emergency Kit 3.0 Portable[/color:89168e9f16][/url][/b:89168e9f16] [b:89168e9f16]Opmerkingen[/b:89168e9f16]:[list:89168e9f16][*:89168e9f16]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad. [*:89168e9f16]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:89168e9f16] [b:89168e9f16]Opstarten[/b:89168e9f16]: Start door de map "[b:89168e9f16]EmsisoftEmergencyKit[/b:89168e9f16]" te openen [list:89168e9f16][list:89168e9f16][*:89168e9f16][b:89168e9f16][color=#0000FF:89168e9f16]Windows 2000[/color:89168e9f16][/b:89168e9f16] en [color=#0000FF:89168e9f16][b:89168e9f16]Windows XP[/b:89168e9f16][/color:89168e9f16]: dubbelklik op "Start.exe". [*:89168e9f16][color=#0000FF:89168e9f16][b:89168e9f16]Windows Vista[/b:89168e9f16][/color:89168e9f16], [color=#0000FF:89168e9f16][b:89168e9f16]Windows 7[/b:89168e9f16][/color:89168e9f16] en [color=#0000FF:89168e9f16][b:89168e9f16]Windows 8[/b:89168e9f16][/color:89168e9f16]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:89168e9f16][/list:u:89168e9f16] [b:89168e9f16]Scannen[/b:89168e9f16]: [list:89168e9f16][*:89168e9f16] Klik nu in het keuzescherm op "[b:89168e9f16]Emergency Kit Scanner[/b:89168e9f16]" en aansluitend komt dan de melding, dat het is aanbevolen om eerst te updaten. [img:89168e9f16]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:89168e9f16] [*:89168e9f16]Doe dit dan ook door te klikken op "[b:89168e9f16]Ja[/b:89168e9f16]" [*:89168e9f16]Wanneer het updaten gereed is volgt de melding "[b:89168e9f16]Update proces is succesvol afgerond[/b:89168e9f16]" [*:89168e9f16]Klik nu op"[b:89168e9f16]Menu[/b:89168e9f16]" en dan op "[b:89168e9f16]Scan PC[/b:89168e9f16]" [*:89168e9f16] Selecteer de optie "[b:89168e9f16]Diep[/b:89168e9f16]" als deze niet standaard al zo is ingesteld. [*:89168e9f16] Klik aansluitend op de knop "[b:89168e9f16]Scan[/b:89168e9f16]" [list:89168e9f16][*:89168e9f16]Wees geduldig en doe verder niets met de computer gedurende de scan, daar de scan geruime tijd kan duren.[/list:u:89168e9f16] [*:89168e9f16] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is. [*:89168e9f16] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:89168e9f16]Verwijder geselecteerde[/b:89168e9f16]" - dan zal de volgende melding komen: [img:89168e9f16]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:89168e9f16] [*:89168e9f16]Klik aansluitend dus op "[b:89168e9f16]Ja[/b:89168e9f16]" [*:89168e9f16] Wanneer het verwijderen klaar is, klik dan op de knop "[b:89168e9f16]View report[/b:89168e9f16]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:89168e9f16]a3scan_110730-111615.txt[/b:89168e9f16] [*:89168e9f16] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:89168e9f16] [color=#008000:89168e9f16][b:89168e9f16]Notabene:[/b:89168e9f16][/color:89168e9f16] Herstart nu de computer.
  • vraag mij af of er voor dit soort vragenstellers een zwarte of op z'n minst een roze lijst is van "niet meer op reageren? "
  • [quote:511bb9015f="f.j.stols"]vraag mij af of er voor dit soort vragenstellers een zwarte of op z'n minst een roze lijst is van "niet meer op reageren? "[/quote:511bb9015f] Ik vraag mij even af hoe ik deze post moet interpreteren...... :o Dank voor diegene die wel hulp bieden. Door erge drukte op mijn werk ben ik een tijdje niet meer bij mijn ouders geweest. Bijgaand nog de logfile Mochten er nog vervolgacties noodzakelijk zijn, dan verneem ik dat graag. Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 25-11-2012 11:52:35 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 25-11-2012 11:57:12 C:\Users\leo\Documents\Desktop\adwcleaner.exe Ontdekt: Trojan.Generic.8191512 (B) Gescand 431299 Gevonden 1 Scan geëindigd: 25-11-2012 16:33:15 Scantijd: 4:36:03 C:\Users\leo\Documents\Desktop\adwcleaner.exe Verwijderd Trojan.Generic.8191512 (B) Verwijderd 1
  • Het is heel simpel, sinds 21 novenber was niks meer van jou vernomen. Dus ikzelf heb het idee dat je ook niet dichtbij jouw ouders woont en werkt. Je mag de Emsisoft Emergency Kit 3.0 Portable verwijderen. Maak daarna wel de prullenbak leeg. [b:02023bc79d]Welk programma[/b:02023bc79d]: [color=#008000:02023bc79d][b:02023bc79d]OTL.exe[/b:02023bc79d][/color:02023bc79d] [b:02023bc79d]Waarvoor/waarom[/b:02023bc79d]: multifunktioneel tool - analyse en fix [b:02023bc79d]Moeilijkheidsgraad[/b:02023bc79d]: geen. [b:02023bc79d]Download[/b:02023bc79d]: [url=http://oldtimer.geekstogo.com/OTL.exe][b:02023bc79d][color=red:02023bc79d]OTL.exe[/color:02023bc79d][/b:02023bc79d][/url] en plaats het bestand op het bureaublad. [b:02023bc79d]Sluit voordat [color=#008000:02023bc79d]OTL.exe[/color:02023bc79d] gaat scannen, eerst alle andere openstaande vensters![/b:02023bc79d] [b:02023bc79d][color=#008000:02023bc79d]OTL.exe[/color:02023bc79d] gebruiken[/b:02023bc79d]: [list:02023bc79d][*:02023bc79d] [b:02023bc79d][color=#0000FF:02023bc79d]Sluit nu eerst alle nog openstaande programmavensters![/color:02023bc79d][/b:02023bc79d] [list:02023bc79d][*:02023bc79d][b:02023bc79d][color=#0000FF:02023bc79d]Windows 2000[/color:02023bc79d][/b:02023bc79d] en [color=#0000FF:02023bc79d][b:02023bc79d]Windows XP[/b:02023bc79d][/color:02023bc79d]: dubbelklik op [color=#008000:02023bc79d][b:02023bc79d]OTL.exe[/b:02023bc79d][/color:02023bc79d]. [*:02023bc79d][color=#0000FF:02023bc79d][b:02023bc79d]Windows Vista[/b:02023bc79d][/color:02023bc79d], [color=#0000FF:02023bc79d][b:02023bc79d]Windows 7[/b:02023bc79d][/color:02023bc79d] en [color=#0000FF:02023bc79d][b:02023bc79d]Windows 8[/b:02023bc79d][/color:02023bc79d]: via rechtsklik op [color=#008000:02023bc79d][b:02023bc79d]OTL.exe[/b:02023bc79d][/color:02023bc79d] en kies voor "Als Administrator uitvoeren".[/list:u:02023bc79d][/list:u:02023bc79d] [list:02023bc79d][*:02023bc79d]Zet een vinkje bij [color=#0000FF:02023bc79d][b:02023bc79d]Scan All Users[/b:02023bc79d][/color:02023bc79d], [color=#0000FF:02023bc79d][b:02023bc79d]LOP Check[/b:02023bc79d][/color:02023bc79d] en bij [color=#0000FF:02023bc79d][b:02023bc79d]PURITY Check[/b:02023bc79d][/color:02023bc79d]. [*:02023bc79d]Kopieer en plak ondervermelde (vetgedrukte, blauwe tekst) in het kader onder [img:02023bc79d]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:02023bc79d] [b:02023bc79d][color=#0000FF:02023bc79d]netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start themeui.dll beep.sys userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT[/color:02023bc79d][/b:02023bc79d] [*:02023bc79d]Klik vervolgens op de knop [img:02023bc79d]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:02023bc79d]. [*:02023bc79d]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:02023bc79d]De scan zal niet heel erg lang duren. [list:02023bc79d][*:02023bc79d]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:02023bc79d]OTL.Txt[/b:02023bc79d] en [b:02023bc79d]Extras.txt[/b:02023bc79d]. [*:02023bc79d]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:02023bc79d] [*:02023bc79d][color=#008000:02023bc79d][b:02023bc79d]Notabene:[/b:02023bc79d][/color:02023bc79d] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:02023bc79d]
  • Tja,. Vorige week 40 jarig huwelijk van mijn ouders, dus veel voorbereidingstijd nodig gehad en daarbij nog ambitieuze hobbymuzikant dus in deze periode tig concerten. Dus dan kan het gebeuren dat de tijd om te reageren nihil is. Maar goed,..we zijn weer back online :) Bijgaand de OTL logfile OTL logfile created on: 22-12-2012 9:09:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leo\Documents\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 1,75 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 35,20% Memory free 3,74 Gb Paging File | 2,47 Gb Available in Paging File | 66,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,25 Gb Total Space | 82,12 Gb Free Space | 58,97% Space Free | Partition Type: NTFS Computer Name: PC_VAN_LEO | User Name: leo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:3e80d620f8]========== Processes (SafeList) ==========[/color:3e80d620f8] PRC - [2012-12-22 09:07:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leo\Documents\Desktop\OTL.exe PRC - [2012-09-29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012-08-09 13:39:04 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012-05-08 22:06:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012-05-08 22:06:16 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012-05-08 22:06:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011-06-17 18:51:37 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011-06-17 18:51:36 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009-08-07 14:03:16 | 000,161,616 | ---- | M] (NewSoft) -- C:\Program Files\NewSoft\Presto! PVR\Monitor.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008-01-29 18:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-10-15 09:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007-10-15 09:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2007-09-20 08:51:46 | 001,836,328 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [color=#E56717:3e80d620f8]========== Modules (No Company Name) ==========[/color:3e80d620f8] MOD - [2012-11-17 10:13:00 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll MOD - [2012-11-17 10:10:17 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll MOD - [2012-11-17 10:10:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll MOD - [2012-11-17 10:08:00 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll MOD - [2012-11-17 10:07:13 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll MOD - [2012-11-17 10:06:38 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll MOD - [2012-11-17 10:04:00 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll MOD - [2012-11-17 10:03:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll MOD - [2011-06-17 18:52:04 | 000,185,880 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll MOD - [2009-03-31 19:04:19 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009-03-31 19:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll MOD - [2008-03-10 17:47:31 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2861.39845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008-03-10 17:47:31 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2861.40046__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2008-03-10 17:47:31 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2861.39803__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008-03-10 17:47:31 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2861.39858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008-03-10 17:47:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2861.39837__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008-03-10 17:47:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2861.39824__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008-03-10 17:47:30 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2861.40070__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008-03-10 17:47:30 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2861.40038__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008-03-10 17:47:30 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2861.40004__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008-03-10 17:47:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2861.39955__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008-03-10 17:47:29 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2861.40076__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:29 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.2861.40095__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll MOD - [2008-03-10 17:47:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2861.39817__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:29 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.2861.40095__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2008-03-10 17:47:29 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.2861.40094__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2008-03-10 17:47:29 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.2861.40094__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2008-03-10 17:47:28 | 000,794,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2861.39963__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2861.40030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008-03-10 17:47:28 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2861.40012__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2861.39865__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:28 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2861.40069__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:28 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2861.39977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:28 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2861.40018__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008-03-10 17:47:28 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2861.39963__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008-03-10 17:47:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2861.40011__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008-03-10 17:47:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2861.40069__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008-03-10 17:47:27 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2861.40040__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:27 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2861.39872__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:27 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2861.39956__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:27 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2861.39825__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:27 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2861.39997__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008-03-10 17:47:27 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2861.39878__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008-03-10 17:47:27 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2861.39955__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008-03-10 17:47:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2861.39878__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008-03-10 17:47:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2861.39962__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008-03-10 17:47:27 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2861.39977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008-03-10 17:47:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2861.39996__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008-03-10 17:47:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2820.26370__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008-03-10 17:47:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008-03-10 17:47:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2820.26369__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008-03-10 17:47:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2820.26409__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008-03-10 17:47:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2820.26370__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008-03-10 17:47:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2820.26382__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008-03-10 17:47:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2820.26375__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008-03-10 17:47:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2820.26371__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008-03-10 17:47:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2820.26371__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008-03-10 17:47:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2820.26375__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008-03-10 17:47:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2820.26381__90ba9c70f846762e\DEM.OS.dll MOD - [2008-03-10 17:47:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008-03-10 17:47:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2820.26382__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008-03-10 17:47:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008-03-10 17:47:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2820.26385__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008-03-10 17:47:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2820.26376__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008-03-10 17:47:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2820.26386__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008-03-10 17:47:26 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008-03-10 17:47:25 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2820.26388__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2820.26372__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2820.26387__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2820.26396__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2820.26387__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2820.26375__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2820.26395__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2820.26386__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2820.26377__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2820.26370__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008-03-10 17:47:25 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008-03-10 17:47:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008-03-10 17:47:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2820.26371__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008-03-10 17:47:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008-03-10 17:47:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2820.26375__90ba9c70f846762e\APM.Foundation.dll MOD - [2008-03-10 17:47:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008-03-10 17:47:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008-03-10 17:47:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008-03-10 17:47:25 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2820.26372__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008-03-10 17:47:24 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2861.40061__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008-03-10 17:47:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2861.40060__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008-03-10 17:47:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2861.40086__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008-03-10 17:47:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008-03-10 17:47:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2820.26376__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008-03-10 17:47:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008-03-10 17:47:24 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2861.40096__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008-03-10 17:47:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2861.39795__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008-03-10 17:47:24 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2861.40053_nl_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008-03-10 17:47:23 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2861.39811__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008-03-10 17:47:23 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2861.39832__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008-03-10 17:47:23 | 000,458,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2861.40053__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008-03-10 17:47:23 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2861.39795__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008-03-10 17:47:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2861.39795__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008-03-10 17:47:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008-03-10 17:47:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008-03-10 17:47:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008-03-10 17:47:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2861.40061__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008-03-10 17:47:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008-03-10 17:47:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2820.26394__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008-03-10 17:47:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2820.26376__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008-03-10 17:47:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2820.26388__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008-03-10 17:47:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2861.39793__90ba9c70f846762e\APM.Server.dll MOD - [2008-03-10 17:47:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2861.39794__90ba9c70f846762e\AEM.Server.dll MOD - [2007-11-02 12:09:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll [color=#E56717:3e80d620f8]========== Services (SafeList) ==========[/color:3e80d620f8] SRV - File not found [Auto | Stopped] -- C:\Program Files\System Control Manager\edd.exe -- (NishService) SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-06-07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-05-08 22:06:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012-05-08 22:06:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011-06-17 18:51:36 | 001,355,968 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) [color=#E56717:3e80d620f8]========== Driver Services (SafeList) ==========[/color:3e80d620f8] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\leo\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012-11-19 18:32:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012-09-29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-05-08 22:06:25 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012-05-08 22:06:25 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011-12-09 12:40:53 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010-09-28 18:55:27 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV - [2010-06-17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-08-17 13:58:20 | 000,093,216 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009-08-17 13:58:20 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2007-12-28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007-11-02 12:20:10 | 003,170,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007-05-30 15:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006-11-02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-11-02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006-10-30 23:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) [color=#E56717:3e80d620f8]========== Standard Registry (SafeList) ==========[/color:3e80d620f8] [color=#E56717:3e80d620f8]========== Internet Explorer ==========[/color:3e80d620f8] IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ig?hl=nl IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_nlNL401 IE - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:3e80d620f8]========== FireFox ==========[/color:3e80d620f8] FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\leo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\leo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2009-03-27 13:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leo\AppData\Roaming\mozilla\Extensions [2009-03-27 13:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\leo\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [color=#E56717:3e80d620f8]========== Chrome ==========[/color:3e80d620f8] CHR - homepage: http://www.google.nl/ig?hl=nl CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.nl/ig?hl=nl CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\leo\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\leo\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\leo\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\leo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Zoeken = C:\Users\leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Users\leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012-11-20 19:15:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ChangeFilterMerit] C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe (NewSoft) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Presto! PVR Monitor] C:\Program Files\NewSoft\Presto! PVR\Monitor.exe (NewSoft) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\S-1-5-21-3413625083-3745700155-175327537-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - Startup: C:\Users\leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3413625083-3745700155-175327537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{544B836C-72D4-420F-9966-A6EED5F4AA6A}: DhcpNameServer = 212.54.40.25 212.54.35.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9AB41A7-2948-4635-B9AB-1B5EA29528AD}: DhcpNameServer = 212.54.40.25 212.54.35.25 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webmappen ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {78310121-036D-427A-9FAA-A9D8135E5F8F} - .NET Framework ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717:3e80d620f8]========== Files/Folders - Created Within 30 Days ==========[/color:3e80d620f8] [2012-12-22 09:07:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\leo\Documents\Desktop\OTL.exe [2012-12-22 08:37:04 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012-12-22 08:37:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012-12-13 08:09:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012-12-13 08:09:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012-12-13 08:09:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012-12-13 08:09:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012-12-13 08:09:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012-12-13 08:09:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012-12-13 08:09:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012-12-13 08:09:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012-12-13 08:06:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012-12-13 08:06:22 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2012-12-13 08:06:21 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012-12-13 08:06:20 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012-12-13 08:06:18 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012-12-13 08:06:18 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012-12-12 22:43:21 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012-12-12 22:43:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012-12-12 22:43:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2012-12-12 22:43:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012-11-25 11:08:17 | 000,000,000 | ---D | C] -- C:\Users\leo\Documents\Desktop\EmsisoftEmergencyKit [color=#E56717:3e80d620f8]========== Files - Modified Within 30 Days ==========[/color:3e80d620f8] [2012-12-22 09:16:04 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3413625083-3745700155-175327537-1000UA.job [2012-12-22 09:11:01 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-12-22 09:07:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\leo\Documents\Desktop\OTL.exe [2012-12-22 08:58:21 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-12-22 08:55:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-12-22 08:55:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-12-22 08:55:35 | 000,318,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-12-22 08:55:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-12-22 08:54:38 | 1876,328,448 | -HS- | M] () -- C:\hiberfil.sys [2012-12-16 21:16:01 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3413625083-3745700155-175327537-1000Core.job [2012-12-16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012-12-16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012-12-13 08:23:15 | 000,002,038 | ---- | M] () -- C:\Users\leo\Documents\Desktop\Google Chrome.lnk [2012-12-13 08:23:15 | 000,001,994 | ---- | M] () -- C:\Users\leo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012-12-12 22:38:03 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\pc-dis-upd.job [2012-11-26 11:15:02 | 000,677,388 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2012-11-26 11:15:02 | 000,596,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-11-26 11:15:02 | 000,130,386 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2012-11-26 11:15:02 | 000,104,270 | ---- | M] () -- C:\Windows\System32\perfc009.dat [color=#E56717:3e80d620f8]========== Files Created - No Company Name ==========[/color:3e80d620f8] [2012-12-13 08:06:41 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012-12-13 08:06:41 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012-11-20 19:03:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-11-20 19:03:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-11-20 19:03:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-11-20 19:03:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-11-20 19:03:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-01-05 14:10:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011-01-05 14:10:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011-01-04 17:20:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009-10-16 21:03:21 | 000,000,062 | ---- | C] () -- C:\Users\leo\intlname.ols [2009-03-12 15:46:55 | 000,000,104 | ---- | C] () -- C:\Users\leo\Computer - Snelkoppeling.lnk [2009-01-07 13:54:16 | 000,013,312 | ---- | C] () -- C:\Users\leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717:3e80d620f8]========== ZeroAccess Check ==========[/color:3e80d620f8] [2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717:3e80d620f8]========== LOP Check ==========[/color:3e80d620f8] [2012-10-18 20:45:40 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Ad-Aware Antivirus [2012-11-24 16:16:41 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Belastingdienst [2012-10-22 12:32:08 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\PCPro [2009-03-27 13:16:49 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\TomTom [color=#E56717:3e80d620f8]========== Purity Check ==========[/color:3e80d620f8] [color=#E56717:3e80d620f8]========== Custom Scans ==========[/color:3e80d620f8] [color=#A23BEC:3e80d620f8]< %ALLUSERSPROFILE%\Application Data\*. >[/color:3e80d620f8] [color=#A23BEC:3e80d620f8]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color:3e80d620f8] [color=#A23BEC:3e80d620f8]< %APPDATA%\*. >[/color:3e80d620f8] [2012-10-18 20:45:40 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Ad-Aware Antivirus [2009-04-14 19:44:34 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Adobe [2009-01-07 12:22:54 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\ATI [2011-12-10 14:51:03 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Avira [2012-11-24 16:16:41 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Belastingdienst [2010-10-12 22:04:50 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Google [2009-01-07 12:22:16 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Identities [2010-08-24 15:09:44 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\InstallShield [2012-10-18 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\LavasoftStatistics [2009-04-14 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Macromedia [2012-10-18 21:04:02 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Malwarebytes [2006-11-02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Media Center Programs [2011-07-19 20:56:33 | 000,000,000 | --SD | M] -- C:\Users\leo\AppData\Roaming\Microsoft [2009-03-27 13:17:00 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Mozilla [2009-01-07 12:22:43 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Nero [2012-10-22 12:32:08 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\PCPro [2012-12-22 08:44:40 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\Skype [2009-03-27 13:16:49 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\TomTom [2009-10-05 17:58:05 | 000,000,000 | ---D | M] -- C:\Users\leo\AppData\Roaming\U3 [color=#A23BEC:3e80d620f8]< %APPDATA%\*.exe /s >[/color:3e80d620f8] [color=#A23BEC:3e80d620f8]< %SYSTEMDRIVE%\*.exe >[/color:3e80d620f8] [color=#A23BEC:3e80d620f8]< MD5 for: AGP440.SYS >[/color:3e80d620f8] [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008-01-19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys [color=#A23BEC:3e80d620f8]< MD5 for: ATAPI.SYS >[/color:3e80d620f8] [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009-04-11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008-01-19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008-01-19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006-11-02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008-03-10 18:54:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008-03-10 18:54:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008-03-10 18:54:15 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [color=#A23BEC:3e80d620f8]< MD5 for: BEEP.SYS >[/color:3e80d620f8] [2008-01-19 06:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\ERDNT\cache\beep.sys [2008-01-19 06:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys [2008-01-19 06:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys [2006-11-02 09:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys [color=#A23BEC:3e80d620f8]< MD5 for: CNGAUDIT.DLL >[/color:3e80d620f8] [2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll [color=#A23BEC:3e80d620f8]< MD5 for: IASTORV.SYS >[/color:3e80d620f8] [2008-01-19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008-01-19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys [color=#A23BEC:3e80d620f8]< MD5 for: NETLOGON.DLL >[/color:3e80d620f8] [2006-11-02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009-04-11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008-01-19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [color=#A23BEC:3e80d620f8]< MD5 for: NVSTOR.SYS >[/color:3e80d620f8] [2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008-01-19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008-01-19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys [color=#A23BEC:3e80d620f8]< MD5 for: SCECLI.DLL >[/color:3e80d620f8] [2008-01-19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006-11-02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009-04-11 07:28:24 | 000,17
  • De logfile paste niet in het vorige antwoord Bijgaand de rest [color=#A23BEC:2523326935]< MD5 for: SCECLI.DLL >[/color:2523326935] [2008-01-19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006-11-02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009-04-11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [color=#A23BEC:2523326935]< MD5 for: THEMEUI.DLL >[/color:2523326935] [2009-04-11 07:28:24 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 -- C:\Windows\System32\themeui.dll [2009-04-11 07:28:24 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=4CF66D8014ECB3BF517E38C5B90AAC74 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6002.18005_none_86ea0f7f18a2f487\themeui.dll [2008-01-19 08:36:40 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=56BA1BD7176DBBFBD037275819DA4AE3 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6001.18000_none_84fe96731b81293b\themeui.dll [2006-11-02 10:46:13 | 000,615,424 | ---- | M] (Microsoft Corporation) MD5=57662420C44382D612E40043DA492616 -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.0.6000.16386_none_82c7d4771e961867\themeui.dll [color=#A23BEC:2523326935]< MD5 for: USERINIT.EXE >[/color:2523326935] [2008-01-19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008-01-19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008-01-19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006-11-02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [color=#A23BEC:2523326935]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color:2523326935] [color=#A23BEC:2523326935]< %systemroot%\System32\config\*.sav >[/color:2523326935] [2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006-11-02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006-11-02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006-11-02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006-11-02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV [color=#A23BEC:2523326935]< %systemroot%\*. /mp /s >[/color:2523326935] [color=#A23BEC:2523326935]< %systemroot%\system32\*.dll /lockedfiles >[/color:2523326935] [2007-11-02 12:09:10 | 000,364,544 | ---- | M] (Advanced Micro Devices, Inc.)[b:2523326935] Unable to obtain MD5[/b:2523326935] -- C:\Windows\system32\ATIDEMGX.dll < End of report > En ik zie net dat er een extra logfile gemaakt is (naam extras.txt) Bijgaand deze logfile OTL Extras logfile created on: 22-12-2012 9:09:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\leo\Documents\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 1,75 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 35,20% Memory free 3,74 Gb Paging File | 2,47 Gb Available in Paging File | 66,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,25 Gb Total Space | 82,12 Gb Free Space | 58,97% Space Free | Partition Type: NTFS Computer Name: PC_VAN_LEO | User Name: leo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:2523326935]========== Extra Registry (SafeList) ==========[/color:2523326935] [color=#E56717:2523326935]========== File Associations ==========[/color:2523326935] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [color=#E56717:2523326935]========== Shell Spawning ==========[/color:2523326935] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoshow] -- "C:\Program Files\Fotoservice\Kruidvat fotoservice\Fotoshow.exe" -d "%1" () Directory [Kruidvat fotoservice] -- "C:\Program Files\Fotoservice\Kruidvat fotoservice\Kruidvat fotoservice.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717:2523326935]========== Security Center Settings ==========[/color:2523326935] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717:2523326935]========== System Restore Settings ==========[/color:2523326935] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717:2523326935]========== Firewall Settings ==========[/color:2523326935] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717:2523326935]========== Authorized Applications List ==========[/color:2523326935] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717:2523326935]========== Vista Active Open Ports Exception List ==========[/color:2523326935] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02EFA86C-3334-4230-B325-90965E684763}" = rport=445 | protocol=6 | dir=out | app=system | "{088F96CE-3764-45C3-80D4-05D919E477B1}" = lport=139 | protocol=6 | dir=in | app=system | "{1C9503A8-BAD1-4A4D-84CE-436AE4BD5860}" = rport=139 | protocol=6 | dir=out | app=system | "{9AD7BD0F-16A7-42F1-BDCE-8C60BD440C11}" = rport=137 | protocol=17 | dir=out | app=system | "{A83B704E-3D15-4331-8A90-8763964A0E85}" = lport=445 | protocol=6 | dir=in | app=system | "{AE74DEF7-01F7-49CD-809B-554B9C2E774A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BF8F8AB0-C533-4B50-A2B2-31E5581A89BF}" = lport=137 | protocol=17 | dir=in | app=system | "{E2C1F948-5D6C-4772-9545-0B07AE8886B6}" = lport=138 | protocol=17 | dir=in | app=system | "{ED51DA78-42A9-49CA-99EE-C90827575BD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EDB931F4-349A-4F89-B154-4B36717780E6}" = rport=138 | protocol=17 | dir=out | app=system | [color=#E56717:2523326935]========== Vista Active Application Exception List ==========[/color:2523326935] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CA2C96E-D150-4041-BB54-2425043D9143}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5932140F-98E9-45CC-B26D-FEA4FCAB43F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{611E6737-43E1-46C8-BAA5-E0E8CAA0408C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{62C2D911-E07B-4F37-88E6-0FF3F1CC4765}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{80C65D7B-3F70-4630-A979-DF0E285C749E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{1D938FF1-C8B9-476E-8107-A20687D6C22F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{1AC18115-85B3-4C4B-A41F-E5708A2EC01F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | [color=#E56717:2523326935]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:2523326935] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01C38009-DE06-842B-2B94-794A26556AFF}" = ATI Catalyst Install Manager "{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld "{10AA3787-CE9B-40A4-1799-95B1FBD1380A}" = Catalyst Control Center Localization Dutch "{1530B48E-4720-2716-F06A-816B9875B59F}" = Catalyst Control Center Graphics Light "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2BF58D72-2FB0-9C33-B825-5EA347EFB569}" = ccc-utility "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CA65589-AE0B-FAFB-2DAD-6ECFAB78CCB6}" = CCC Help Dutch "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D853998-1055-4E45-B99E-F5039C502831}" = Photo Notifier and Animation Creator "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003 "{90AF0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{997AA5D2-C242-5DDD-C85F-7070D658ADEC}" = Skins "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1043-7B44-A95000000001}" = Adobe Reader 9.5.2 - Nederlands "{BC0DCD27-345B-4013-A6E0-67EC92DF32C8}" = Presto! PVR "{CD7606A3-A7ED-07D8-126E-5F748460A36E}" = ccc-core-static "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE "{DE6A9A6E-D319-1214-E605-23F480D96085}" = Catalyst Control Center Graphics Previews Vista "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E417A5F1-2406-4D4C-98C3-FC84D59A1043}" = Nero 8 Essentials "{EB3D2BF3-108F-77E2-DA54-D3A42C87CE28}" = Catalyst Control Center Graphics Full Existing "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F38D4632-C647-F842-7B1C-31E5BD4A2BC6}" = Catalyst Control Center Graphics Full New "{FDE7C9E9-F840-6C77-1038-8CAE071AEE26}" = Catalyst Control Center Core Implementation "Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008 "Aangifte inkomstenbelasting 2009" = Aangifte inkomstenbelasting 2009 "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010 "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011 "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "DivX Codec" = DivX Codec "Huur- en zorgtoeslag 2009" = Huur- en zorgtoeslag 2009 "Kruidvat fotoservice" = Kruidvat fotoservice "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.1.1000 "Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD "PC Cleaners" = PC Cleaners "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "Vittalia" = Vittalia Installer [color=#E56717:2523326935]========== HKEY_USERS Uninstall List ==========[/color:2523326935] [HKEY_USERS\S-1-5-21-3413625083-3745700155-175327537-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{B7961CCE-CF36-4858-BC1A-D06D3D25ECE5}_is1" = Albelli Fotoboeken "Google Chrome" = Google Chrome [color=#E56717:2523326935]========== Last 20 Event Log Errors ==========[/color:2523326935] [ Application Events ] Error - 20-12-2012 3:44:02 | Computer Name = PC_van_leo | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 20-12-2012 10:20:03 | Computer Name = PC_van_leo | Source = EventSystem | ID = 4621 Description = Error - 20-12-2012 12:00:06 | Computer Name = PC_van_leo | Source = EventSystem | ID = 4621 Description = Error - 21-12-2012 4:14:31 | Computer Name = PC_van_leo | Source = EventSystem | ID = 4621 Description = Error - 21-12-2012 13:00:26 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 21-12-2012 13:00:32 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 21-12-2012 18:11:07 | Computer Name = PC_van_leo | Source = EventSystem | ID = 4621 Description = Error - 22-12-2012 3:35:59 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 22-12-2012 3:36:22 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 22-12-2012 4:13:25 | Computer Name = PC_van_leo | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = [ System Events ] Error - 21-12-2012 4:14:28 | Computer Name = PC_van_leo | Source = DCOM | ID = 10010 Description = Error - 21-12-2012 11:58:39 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7000 Description = Error - 21-12-2012 12:52:28 | Computer Name = PC_van_leo | Source = netbt | ID = 4321 Description = De naam WORKGROUP :1d kan niet op de interface met het IP-adres 192.168.0.101 worden geregistreerd. De computer met het IP-adres 192.168.0.102 staat niet toe dat deze naam door deze computer wordt gebruikt. Error - 21-12-2012 12:57:44 | Computer Name = PC_van_leo | Source = netbt | ID = 4319 Description = Dubbele naam aangetroffen op het TCP-netwerk. Het IP-adres van de computer dat het bericht heeft verzonden, staat in de gegevens. Gebruik nbtstat -n in een opdrachtvenster als u wilt zien welke naam conflicteert. Error - 21-12-2012 13:49:23 | Computer Name = PC_van_leo | Source = DCOM | ID = 10010 Description = Error - 21-12-2012 16:28:51 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7000 Description = Error - 21-12-2012 18:11:05 | Computer Name = PC_van_leo | Source = DCOM | ID = 10010 Description = Error - 22-12-2012 3:32:23 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7000 Description = Error - 22-12-2012 3:56:14 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7000 Description = Error - 22-12-2012 4:01:04 | Computer Name = PC_van_leo | Source = Service Control Manager | ID = 7022 Description = < End of report >
  • Geen malware gevonden. Echter zijn er twee antivirusprogramma's actief in Windows. Avira = goed Lavasoft AdAware Antivirus = minder goed. Dus verwijder Lavasoft geheel uit deze Windows, om zodoende de onderlinge conflicten tussen Avira en Lavasoft op te heffen. Ik ga ervan uit dat dit het beste te doen is met de Revo Uninstaller! http://www.revouninstaller.com/ De sharewareversie werkt volledig voor 30 dagen!
  • ah, oke, dat is dan waarschijnlijk ook de reden waarom deze zo traag........of kan dat niet) Ik zal er rond de kerstdagen nog eens naar kijken. Thanx zover in ieder geval weer.
  • Het is heel goed mogelijk, want conflicten in Windows vertragen altijd! En als je de komende dagen er naar kan kijken kan je ook het volgende doen (misschien ook een goed idee voor je eigen machine?): a) Windows goed opruimen en daarna goed opgeruimd houden en b) Windows goed defragmenteren en daarna regelmatig de defragmentering na opruimen weer ter hand nemen! Wat betreft het opruimen: kijk daarvoor hier: http://www.nationaalcomputerforum.nl/showthread.php?t=99605 Er is denk ik geen betere opschoner voor Windows dan WinSysClean. Ik gebruik WinSysClean als sinds 2001 en heb met iedere nieuwe versie gemerkt dat het tool nog beter reinigt. Schrik niet mocht WinSysClean de eerste keer een hoop troep vinden. 'Windows zelf houdt namelijk ervan een hoop bestanden in de tijdelijke mappen aan te houden en laat dan alleen de oudste bestanden eventueel verwijderen. WinSysClean zorgt er nu voor dat alles wordt opgeruimd. En dat alleen al bevordert het tempo van Windows, want dan hoeft die troep niet meer meegedragen te worden. Overigens: hetzelfde geldt voor al die programma's die je niet meer gebruikt! Wat betreft het defragmenteren: ga O&O Free Defrag gebruiken. O&O Defrag Free Edition als 32-bit- dan wel 64-bit editie - [url=http://www.softpedia.com/progDownload/O-O-Defrag-Free-Download-179765.html]Downloadlink[/url] Start na installatie O&O Defrag Free Edition, deze gratis defragmenteerder werkt efficiënter dan het Windows tool. Standaard is "Smart defrag" al ingesteld, dit houdt in dat veel gebruikte bestanden naar voren worden geplaatst waardoor alles sneller gaat! De eerste defragmentering kan enige tijd in beslag nemen; daarop volgende keren zal het sneller gaan. Laat maar weten of deze "vertroeteltips" hebben geholpen.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.