Deze website maakt gebruik van cookies. Waarom? Klik hier voor ons privacy- en cookiebeleid. Door op akkoord te klikken of door gebruik te blijven maken van deze website geeft u aan akkoord te zijn met het gebruik van cookies.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Probleem met trage laptop

None
4 antwoorden
  • Sinds een week of 3 is het besturingssysteem van mijn laptop ineens enorm vertraagd. Ik heb op deze website bij een post gezien hoe dit misschien op te lossen valt maar na de acties uitgevoerd te hebben merk ik nog steeds geen enkel verschil. Ik heb ComboFix, op aanraden van een moderator hier, laten draaien en ik heb het rapport hier bijgevoegd. Kan iemand mij vertellen of er zaken te ontdekken zijn die de snelheid van de laptop kunnen beïnvloeden? Alvast heel erg bedankt voor de moeite. Mocht er meer info nodig zijn dan hoor ik dat natuurlijk graag.

    Groet,
    Willem-Jan

    ComboFix 13-01-03.05 - Willem-Jan 03-01-2013 17:25:33.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3956.2456 [GMT 1:00]
    Gestart vanuit: c:\users\Willem-Jan\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\DealPly
    c:\program files (x86)\DealPly\DealPlyTune.dll
    c:\program files (x86)\ShoppingReport2
    c:\programdata\FullRemove.exe
    c:\users\Willem-Jan\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
    c:\users\WILLEM~1\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
    c:\windows\Downloaded Program Files\DM.0
    c:\windows\SysWow64\muzapp.exe
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Service_DMService
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-12-03 to 2013-01-03 ))))))))))))))))))))))))))))))
    .
    .
    2013-01-03 16:33 . 2013-01-03 16:33 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-12-30 16:57 . 2012-12-30 16:57 ——– d—–w- c:\users\Willem-Jan\AppData\Roaming\Registry Mechanic
    2012-12-30 16:40 . 2013-01-03 16:07 ——– d—–w- c:\program files (x86)\Common Files\PC Tools
    2012-12-30 16:39 . 2012-12-30 16:39 ——– d—–w- c:\programdata\PC Tools
    2012-12-30 16:39 . 2012-12-30 16:39 ——– d—–w- c:\users\Willem-Jan\AppData\Roaming\Product_RM
    2012-12-23 22:10 . 2012-12-16 17:11 46080 —-a-w- c:\windows\system32\atmlib.dll
    2012-12-23 22:10 . 2012-12-16 14:13 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-23 22:10 . 2012-12-16 14:45 367616 —-a-w- c:\windows\system32\atmfd.dll
    2012-12-23 22:10 . 2012-12-16 14:13 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-20 09:45 . 2012-12-25 10:56 ——– d—–w- C:\EBooks
    2012-12-20 09:40 . 2012-12-20 09:40 ——– d—–w- c:\users\Willem-Jan\AppData\Local\Adobe_Systems_Incorporate
    2012-12-13 19:22 . 2012-11-09 05:45 2048 —-a-w- c:\windows\system32\tzres.dll
    2012-12-13 19:22 . 2012-11-09 04:42 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    2012-12-13 19:22 . 2012-11-22 03:26 3149824 —-a-w- c:\windows\system32\win32k.sys
    2012-12-11 18:59 . 2012-12-11 18:59 ——– d—–w- c:\program files (x86)\Maxis
    2012-12-11 18:41 . 2012-12-11 18:57 ——– d—–w- C:\Simcity
    2012-12-06 20:39 . 2012-12-06 20:51 ——– d—–w- c:\users\Willem-Jan\spellen
    2012-12-06 18:26 . 2012-12-06 18:26 ——– d—–w- c:\program files\WinRAR
    2012-12-06 17:49 . 2012-12-11 18:52 ——– d—–w- c:\users\Willem-Jan\AppData\Local\Atomblock
    2012-12-05 16:55 . 2012-12-05 16:55 ——– d—–w- c:\users\Willem-Jan\AppData\Roaming\TuneUp Software
    2012-12-05 16:55 . 2012-12-05 16:55 ——– d—–w- c:\programdata\TuneUp Software
    2012-12-05 16:55 . 2012-12-05 16:55 ——– d-sh–w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2012-12-05 16:55 . 2012-12-05 16:55 ——– d–h–w- c:\programdata\Common Files
    2012-12-05 16:52 . 2012-12-05 16:58 ——– d—–w- c:\users\Willem-Jan\AppData\Roaming\DAEMON Tools Lite
    2012-12-05 16:51 . 2012-12-05 16:58 ——– d—–w- c:\programdata\DAEMON Tools Lite
    2012-12-05 16:24 . 2012-12-05 16:24 ——– d—–w- c:\users\Willem-Jan\AppData\Roaming\WinISO Computing
    2012-12-05 16:24 . 2012-12-05 16:24 ——– d—–w- c:\users\Willem-Jan\AppData\Local\WinISO Computing
    2012-12-05 16:24 . 2012-12-05 09:54 204032 —-a-w- c:\windows\system32\drivers\WinisoCDBus.sys
    2012-12-05 16:24 . 2012-12-05 16:24 ——– d—–w- c:\program files (x86)\WinISO Computing
    2012-12-05 15:57 . 2012-12-05 15:57 ——– d—–w- c:\users\Willem-Jan\AppData\Local\CRE
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-17 22:35 . 2011-04-12 16:09 67413224 —-a-w- c:\windows\system32\MRT.exe
    2012-12-11 19:13 . 2012-04-03 16:23 697272 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-11 19:13 . 2011-06-03 13:50 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-08 17:24 . 2013-01-01 14:43 9125352 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5CE1FDA-A93E-4688-8220-F8018D8B1B7C}\mpengine.dll
    2012-10-16 08:38 . 2012-12-02 20:04 135168 —-a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-12-02 20:04 350208 —-a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-12-02 20:04 561664 —-a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17 . 2012-11-13 21:26 226816 —-a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 18:17 . 2012-11-13 21:26 55296 —-a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-13 21:26 44032 —-a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-13 21:26 193536 —-a-w- c:\windows\SysWow64\dhcpcore6.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:40 120176 —-a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-19 21416]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
    "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-29 98304]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-09-22 150928]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-05-20 38248]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-05-20 55336]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-05-20 294760]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-05-20 202792]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-05-20 52584]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-05-20 156392]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-05-25 264040]
    R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-12-23 185856]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-15 99384]
    R3 HDJMidi;DJ Control MP3 e2 MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-12-23 221184]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-06 1255736]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-29 203264]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-05-26 47776]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys [2012-12-05 204032]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-05-20 32296]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:13]
    .
    2012-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800831817-3073305088-4166720193-1001Core.job
    - c:\users\Willem-Jan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 18:42]
    .
    2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800831817-3073305088-4166720193-1001UA.job
    - c:\users\Willem-Jan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 18:42]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:42 137584 —-a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-26 585376]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-26 354464]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2010-11-26 206208]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = https://www.google.nl/
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: {{DB38E21A-0133-419d-92AD-ECDFD5244D6D} - {3E2DFD6A-4E20-4d4c-AA8B-E1F9DBEF3C80} -
    IE: {{EB620C54-E229-4942-87CE-E717109FC8C6} - {714E0876-FCEE-49ce-A429-B9AD8AEFCB56} -
    TCP: DhcpNameServer = 192.168.1.21
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-2800831817-3073305088-4166720193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (S-1-5-21-2800831817-3073305088-4166720193-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.eml.14"
    .
    [HKEY_USERS\S-1-5-21-2800831817-3073305088-4166720193-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (S-1-5-21-2800831817-3073305088-4166720193-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Outlook.File.vcf.14"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Launch Manager\LMworker.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-01-03 17:45:43 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-01-03 16:45
    .
    Pre-Run: 593.997.635.584 bytes beschikbaar
    Post-Run: 593.836.269.568 bytes beschikbaar
    .
    - - End Of File - - C124E53C088CAEFF344FC0715191F38A
  • Je mag het volgende doen:

    [b:ed42ac0c7c]Welk programma[/b:ed42ac0c7c]: [b:ed42ac0c7c]OTL.exe[/b:ed42ac0c7c][/color:ed42ac0c7c]
    [b:ed42ac0c7c]Waarvoor/waarom[/b:ed42ac0c7c]: multifunktioneel tool - analyse en fix
    [b:ed42ac0c7c]Moeilijkheidsgraad[/b:ed42ac0c7c]: geen.
    [b:ed42ac0c7c]Download[/b:ed42ac0c7c]: [b:ed42ac0c7c]OTL.exe[/color:ed42ac0c7c][/b:ed42ac0c7c] en plaats het

    bestand op het bureaublad.
    [b:ed42ac0c7c]Sluit voordat OTL.exe[/color:ed42ac0c7c] gaat scannen, eerst alle andere openstaande vensters![/b:ed42ac0c7c]

    [b:ed42ac0c7c]OTL.exe[/color:ed42ac0c7c] gebruiken[/b:ed42ac0c7c]:
    [list:ed42ac0c7c][*:ed42ac0c7c] [b:ed42ac0c7c]Sluit nu eerst alle nog openstaande programmavensters![/color:ed42ac0c7c][/b:ed42ac0c7c]
    [list:ed42ac0c7c][*:ed42ac0c7c][b:ed42ac0c7c]Windows 2000[/color:ed42ac0c7c][/b:ed42ac0c7c] en [b:ed42ac0c7c]Windows XP[/b:ed42ac0c7c][/color:ed42ac0c7c]: dubbelklik op [b:ed42ac0c7c]OTL.exe[/b:ed42ac0c7c][/color:ed42ac0c7c].
    [*:ed42ac0c7c][b:ed42ac0c7c]Windows Vista[/b:ed42ac0c7c][/color:ed42ac0c7c], [b:ed42ac0c7c]Windows 7[/b:ed42ac0c7c][/color:ed42ac0c7c] en [b:ed42ac0c7c]Windows 8[/b:ed42ac0c7c][/color:ed42ac0c7c]: via rechtsklik op [b:ed42ac0c7c]OTL.exe[/b:ed42ac0c7c][/color:ed42ac0c7c] en kies voor "Als Administrator uitvoeren".
    [/list:u:ed42ac0c7c][/list:u:ed42ac0c7c]
    [list:ed42ac0c7c][*:ed42ac0c7c]Zet een vinkje bij [b:ed42ac0c7c]Scan All Users[/b:ed42ac0c7c][/color:ed42ac0c7c], [b:ed42ac0c7c]LOP Check[/b:ed42ac0c7c][/color:ed42ac0c7c] en bij [b:ed42ac0c7c]PURITY Check[/b:ed42ac0c7c][/color:ed42ac0c7c].
    [*:ed42ac0c7c]Kopieer en plak ondervermelde (vetgedrukte, blauwe tekst) in het kader onder [img:ed42ac0c7c]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:ed42ac0c7c]

    [b:ed42ac0c7c]netsvcs
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    BASESERVICES
    DRIVES
    msconfig
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command
    s
    hklm\software\clients\startmenuinternet|command /64
    s
    CREATERESTOREPOINT[/color:ed42ac0c7c][/b:ed42ac0c7c]

    [*:ed42ac0c7c]Klik vervolgens op de knop [img:ed42ac0c7c]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:ed42ac0c7c].
    [*:ed42ac0c7c]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:ed42ac0c7c]De scan zal niet heel erg lang duren.
    [list:ed42ac0c7c][*:ed42ac0c7c]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:ed42ac0c7c]OTL.Txt[/b:ed42ac0c7c] en [b:ed42ac0c7c]Extras.txt[/b:ed42ac0c7c].
    [*:ed42ac0c7c]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:ed42ac0c7c]
    [*:ed42ac0c7c][b:ed42ac0c7c]Notabene:[/b:ed42ac0c7c][/color:ed42ac0c7c] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:ed42ac0c7c]
  • OTL logfile created on: 1/8/2013 9:34:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Willem-Jan\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3.86 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.39% Memory free
    7.73 Gb Paging File | 6.10 Gb Available in Paging File | 78.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 684.87 Gb Total Space | 552.89 Gb Free Space | 80.73% Space Free | Partition Type: NTFS

    Computer Name: LAPTOPWILLEM | User Name: Willem-Jan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:c1df29c6fd]

    PRC - [2013/01/08 21:31:49 | 000,602,112 | —- | M] (OldTimer Tools) – C:\Users\Willem-Jan\Desktop\OTL.exe
    PRC - [2012/12/11 20:13:27 | 000,697,272 | —- | M] (Adobe Systems Incorporated) – C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    PRC - [2012/03/07 14:40:34 | 000,913,144 | —- | M] (ESET) – C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2012/02/03 17:50:18 | 003,508,624 | —- | M] (Samsung Electronics Co., Ltd.) – C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | —- | M] (Microsoft Corporation) – C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | —- | M] (Microsoft Corporation) – C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/22 18:18:01 | 000,150,928 | —- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    PRC - [2010/11/26 18:21:34 | 000,206,208 | —- | M] () – C:\Windows\PLFSetI.exe
    PRC - [2010/08/11 02:06:16 | 000,975,952 | —- | M] (Dritek System Inc.) – C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2010/08/11 02:06:16 | 000,321,104 | —- | M] (Dritek System Inc.) – C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010/08/11 02:06:16 | 000,305,744 | —- | M] (Dritek System Inc.) – C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2010/06/28 23:23:12 | 000,265,984 | —- | M] (NewTech Infosystems, Inc.) – C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2010/06/28 23:23:06 | 000,255,744 | —- | M] (NewTech Infosystems, Inc.) – C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2010/05/27 03:41:24 | 000,349,552 | —- | M] (Egis Technology Inc.) – C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    PRC - [2010/03/11 06:11:56 | 000,407,920 | —- | M] (Egis Technology Inc.) – C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    PRC - [2010/03/11 06:11:42 | 000,201,584 | —- | M] (Egis Technology Inc.) – C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    PRC - [2010/03/03 23:42:02 | 002,320,920 | —- | M] (Intel Corporation) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/03 23:41:58 | 000,268,824 | —- | M] (Intel Corporation) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/01/29 00:27:36 | 000,243,232 | —- | M] (Acer Group) – C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2010/01/08 14:21:22 | 000,023,584 | —- | M] (Acer Incorporated) – C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


    ========== Modules (No Company Name) ==========[/color:c1df29c6fd]

    MOD - [2011/03/17 00:11:16 | 004,297,568 | —- | M] () – C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/11/26 18:21:34 | 000,206,208 | —- | M] () – C:\Windows\PLFSetI.exe
    MOD - [2010/06/28 23:20:54 | 000,465,576 | —- | M] () – C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
    MOD - [2009/05/20 23:02:04 | 000,072,200 | —- | M] () – C:\Program Files (x86)\Launch Manager\CdDirIo.dll


    ========== Services (SafeList) ==========[/color:c1df29c6fd]

    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/03/07 14:40:34 | 000,913,144 | —- | M] (ESET) [Auto | Running] – C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe – (ekrn)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/09/22 18:18:01 | 000,150,928 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe – (uagqecsvc)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/08/29 07:52:54 | 000,203,264 | —- | M] (AMD) [Auto | Running] – C:\Windows\SysNative\atiesrxx.exe – (AMD External Events Utility)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/06/11 23:27:26 | 000,868,896 | —- | M] (Acer Incorporated) [Auto | Running] – C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe – (ePowerSvc)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/01/29 00:27:36 | 000,243,232 | —- | M] (Acer Group) [Auto | Running] – C:\Program Files\Acer\Acer Updater\UpdaterService.exe – (Updater Service)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/11/02 21:48:18 | 000,126,352 | —- | M] (Intel(R) Corporation) [On_Demand | Stopped] – C:\Program Files\Intel\TurboBoost\TurboBoost.exe – (TurboBoost)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:27 | 001,011,712 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
    SRV - [2012/12/11 20:13:28 | 000,250,808 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files (x86)\Skype\Updater\Updater.exe – (SkypeUpdate)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe – (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe – (sftlist)
    SRV - [2010/08/11 02:06:16 | 000,321,104 | —- | M] (Dritek System Inc.) [Auto | Running] – C:\Program Files (x86)\Launch Manager\dsiwmis.exe – (DsiWMIService)
    SRV - [2010/06/28 23:23:06 | 000,255,744 | —- | M] (NewTech Infosystems, Inc.) [Auto | Running] – C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe – (NTI IScheduleSvc)
    SRV - [2010/05/27 03:41:06 | 000,305,520 | —- | M] (Egis Technology Inc.) [On_Demand | Stopped] – C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe – (MWLService)
    SRV - [2010/05/26 02:46:44 | 000,047,776 | —- | M] (Atheros Commnucations) [Auto | Running] – C:\Program Files (x86)\Bluetooth Suite\AdminService.exe – (AtherosSvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | —- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe – (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 23:42:02 | 002,320,920 | —- | M] (Intel Corporation) [Auto | Running] – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe – (UNS)
    SRV - [2010/03/03 23:41:58 | 000,268,824 | —- | M] (Intel Corporation) [Auto | Running] – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe – (LMS)
    SRV - [2010/01/08 14:21:22 | 000,023,584 | —- | M] (Acer Incorporated) [Auto | Running] – C:\Program Files (x86)\Acer\Registration\GREGsvc.exe – (GREGService)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | —- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========[/color:c1df29c6fd]

    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/12/05 10:54:32 | 000,204,032 | —- | M] (WinISO.com) [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\WinisoCDBus.sys – (WinisoCDBus)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/03/14 07:40:04 | 000,137,144 | —- | M] (ESET) [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\epfwwfpr.sys – (epfwwfpr)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/03/14 07:40:02 | 000,209,768 | —- | M] (ESET) [File_System | System | Running] – C:\Windows\SysNative\drivers\eamonm.sys – (eamonm)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/03/14 07:40:02 | 000,148,528 | —- | M] (ESET) [Kernel | System | Running] – C:\Windows\SysNative\drivers\ehdrv.sys – (ehdrv)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/03/01 07:46:16 | 000,023,408 | —- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] – C:\Windows\SysNative\drivers\fs_rec.sys – (Fs_Rec)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/02/15 23:24:40 | 000,203,320 | —- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\ssudmdm.sys – (ssudmdm)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/02/15 23:24:38 | 000,099,384 | —- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\ssudbus.sys – (dg_ssudbus)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/12/08 05:22:28 | 000,177,640 | —- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\ssadmdm.sys – (ssadmdm)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/12/08 05:22:28 | 000,157,672 | —- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\ssadbus.sys – (ssadbus)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/12/08 05:22:28 | 000,016,872 | —- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\ssadmdfl.sys – (ssadmdfl)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/10/01 08:30:22 | 000,022,376 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Sftvollh.sys – (Sftvol)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/10/01 08:30:18 | 000,268,648 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Sftplaylh.sys – (Sftplay)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/10/01 08:30:18 | 000,025,960 | —- | M] (Microsoft Corporation) [File_System | On_Demand | Running] – C:\Windows\SysNative\drivers\Sftredirlh.sys – (Sftredir)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/10/01 08:30:10 | 000,764,264 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Sftfslh.sys – (Sftfs)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/03/11 07:41:12 | 000,107,904 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsata.sys – (amdsata)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/03/11 07:41:12 | 000,027,008 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amdxata.sys – (amdxata)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/12/23 12:46:16 | 000,221,184 | —- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\HDJMidi.sys – (HDJMidi)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/12/23 12:46:08 | 000,185,856 | —- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\HDJBulk.sys – (Bulk)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:33:35 | 000,078,720 | —- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\HpSAMD.sys – (HpSAMD)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 12:07:05 | 000,059,392 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\TsUsbFlt.sys – (TsUsbFlt)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/08/29 08:26:02 | 007,455,744 | —- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atikmdag.sys – (amdkmdag)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/08/29 07:17:28 | 000,268,800 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atikmpag.sys – (amdkmdap)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/08/16 15:42:00 | 000,116,240 | —- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\AtihdW76.sys – (AtiHDAudioService)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/06/10 21:57:20 | 000,040,448 | —- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\AmUStor.sys – (AmUStor)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/06/08 13:36:18 | 000,406,056 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\k57nd60a.sys – (k57nd60a)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/05/26 00:26:02 | 000,264,040 | —- | M] (Atheros) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\btfilter.sys – (BtFilter)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/05/20 22:42:30 | 000,294,760 | —- | M] (Atheros) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\btath_a2dp.sys – (BTATH_A2DP)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/05/20 22:42:30 | 000,202,792 | —- | M] (Atheros) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\btath_hcrp.sys – (BTATH_HCRP)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/05/20 22:42:30 | 000,156,392 | —- | M] (Atheros) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\btath_rcp.sys – (BTATH_RCP)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/05/20 22:42:30 | 000,055,336 | —- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\AthDfu.sys – (ATHDFU)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/05/20 22:42:30 | 000,052,584 | —- | M] (Atheros) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\btath_lwflt.sys – (BTATH_LWFLT)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/05/20 22:42:30 | 000,038,248 | —- | M] (Atheros) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\btath_flt.sys – (AthBTPort)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/05/20 22:42:30 | 000,032,296 | —- | M] (Atheros) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\btath_bus.sys – (BTATH_BUS)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/05/12 03:11:38 | 002,229,608 | —- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\athrx.sys – (athr)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/04/28 23:21:38 | 000,018,432 | —- | M] (NTI Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\NTIDrvr.sys – (NTIDrvr)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/04/28 23:21:38 | 000,017,408 | —- | M] (NTI Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\UBHelper.sys – (UBHelper)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/03/04 03:51:40 | 000,540,696 | —- | M] (Intel Corporation) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\iaStor.sys – (iaStor)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/11/02 21:48:02 | 000,013,784 | —- | M] () [Kernel | Auto | Running] – C:\Windows\SysNative\drivers\TurboB.sys – (TurboB)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/10/26 21:39:44 | 000,151,936 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Impcd.sys – (Impcd)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/10/22 05:55:06 | 000,272,432 | —- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Apfiltr.sys – (ApfiltrService)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/09/17 21:54:54 | 000,056,344 | —- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\HECIx64.sys – (HECIx64)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:52:20 | 000,194,128 | —- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsbs.sys – (amdsbs)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:48:04 | 000,065,600 | —- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lsi_sas2.sys – (LSI_SAS2)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:45:55 | 000,024,656 | —- | M] (Promise Technology) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\stexstor.sys – (stexstor)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/20 03:09:57 | 000,054,272 | —- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\L1E62x64.sys – (L1E)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/10 21:37:05 | 006,108,416 | —- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\igdkmd64.sys – (igfx)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/10 21:34:38 | 001,311,232 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\BCMWL664.SYS – (BCM43XX)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/10 21:34:33 | 003,286,016 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\evbda.sys – (ebdrv)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/10 21:34:28 | 000,468,480 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\bxvbda.sys – (b06bdrv)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/10 21:34:23 | 000,270,848 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\b57nd60a.sys – (b57nd60a)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/10 21:31:59 | 000,031,232 | —- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\hcw85cir.sys – (hcw85cir)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/03 03:15:30 | 000,060,464 | —- | M] (Egis Technology Inc.) [Kernel | System | Running] – C:\Windows\SysNative\drivers\mwlPSDVDisk.sys – (mwlPSDVDisk)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/03 03:15:30 | 000,022,576 | —- | M] (Egis Technology Inc.) [File_System | System | Running] – C:\Windows\SysNative\drivers\mwlPSDFilter.sys – (mwlPSDFilter)
    DRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/06/03 03:15:30 | 000,020,016 | —- | M] (Egis Technology Inc.) [Kernel | System | Running] – C:\Windows\SysNative\drivers\mwlPSDNserv.sys – (mwlPSDNServ)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | —- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysWOW64\drivers\wimmount.sys – (WIMMount)


    ========== Standard Registry (SafeList) ==========[/color:c1df29c6fd]


    ========== Internet Explorer ==========[/color:c1df29c6fd]

    IE:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2800831817-3073305088-4166720193-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/
    IE - HKU\S-1-5-21-2800831817-3073305088-4166720193-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-2800831817-3073305088-4166720193-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101241&mntrId=a4366488000000000000206a8a23fdbc
    IE - HKU\S-1-5-21-2800831817-3073305088-4166720193-1001\..\SearchScopes\{45540D41-F645-4203-82CA-CBDE8BCE8FCA}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    IE - HKU\S-1-5-21-2800831817-3073305088-4166720193-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========[/color:c1df29c6fd]

    FF:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0
    pctrl.dll ( Microsoft Corporation)
    FF:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director
    p32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64
    pdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2
    pjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR
    ppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Willem-Jan\AppData\Local\Google\Update\1.3.21.123
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Willem-Jan\AppData\Local\Google\Update\1.3.21.123
    pGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/09/10 15:32:07 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/09/10 15:32:07 | 000,000,000 | —D | M]


    ========== Chrome ==========[/color:c1df29c6fd]

    CHR - Extension: No name found = C:\Users\Willem-Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhebjoppbkfocoeceijgihihgckeool\1.0_0\
    CHR - Extension: No name found = C:\Users\Willem-Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

    O1 HOSTS File: ([2013/01/03 17:36:41 | 000,000,027 | —- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RewardsArcade) - {11111111-1111-1111-1111-110011041198} - Reg Error: Value error. File not found
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - Reg Error: Value error. File not found
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
    O4 - HKU\S-1-5-21-2800831817-3073305088-4166720193-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKU\S-1-5-21-2800831817-3073305088-4166720193-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2800831817-3073305088-4166720193-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2800831817-3073305088-4166720193-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - Reg Error: Key error. File not found
    O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - Reg Error: Key error. File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
    O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} http://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://webmail.korein.nl/InternalSite/WhlCompMgr.cab (Forefront UAG client components)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.15
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB3E9B99-760C-47B6-A7D7-70A6F001E595}: DhcpNameServer = 192.168.1.15
    O18:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - Protocol\Handler\livecall - No CLSID value found
    O18:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - Protocol\Handler\ms-help - No CLSID value found
    O18:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - Protocol\Handler\msnim - No CLSID value found
    O18:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - Protocol\Handler\skype4com - No CLSID value found
    O18:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\..comfile [open] – "%1" %*
    O35:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\..exefile [open] – "%1" %*
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\…com [@ = ComFile] – "%1" %*
    O37:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - HKLM\…exe [@ = exefile] – "%1" %*
    O37 - HKLM\…com [@ = ComFile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========[/color:c1df29c6fd]

    [2013/01/08 21:31:49 | 000,602,112 | —- | C] (OldTimer Tools) – C:\Users\Willem-Jan\Desktop\OTL.exe
    [2013/01/07 20:01:22 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/07 20:01:21 | 000,000,000 | —D | C] – C:\Program Files (x86)\Common Files\Skype
    [2013/01/03 17:36:52 | 000,000,000 | -HSD | C] – C:\$RECYCLE.BIN
    [2013/01/03 17:23:36 | 000,518,144 | —- | C] (SteelWerX) – C:\Windows\SWREG.exe
    [2013/01/03 17:23:36 | 000,406,528 | —- | C] (SteelWerX) – C:\Windows\SWSC.exe
    [2013/01/03 17:23:36 | 000,060,416 | —- | C] (NirSoft) – C:\Windows\NIRCMD.exe
    [2013/01/03 17:23:33 | 000,000,000 | —D | C] – C:\ComboFix
    [2013/01/03 17:23:04 | 000,000,000 | —D | C] – C:\Qoobox
    [2013/01/03 17:21:27 | 000,000,000 | —D | C] – C:\Windows\erdnt
    [2012/12/30 17:57:44 | 000,000,000 | —D | C] – C:\Users\Willem-Jan\AppData\Roaming\Registry Mechanic
    [2012/12/30 17:40:51 | 000,000,000 | —D | C] – C:\Program Files (x86)\Common Files\PC Tools
    [2012/12/30 17:39:06 | 000,000,000 | —D | C] – C:\ProgramData\PC Tools
    [2012/12/30 17:39:05 | 000,000,000 | —D | C] – C:\Users\Willem-Jan\AppData\Roaming\Product_RM
    [2012/12/23 23:10:10 | 000,046,080 | —- | C] (Adobe Systems) – C:\Windows\SysNative\atmlib.dll
    [2012/12/23 23:10:10 | 000,034,304 | —- | C] (Adobe Systems) – C:\Windows\SysWow64\atmlib.dll
    [2012/12/23 23:10:06 | 000,367,616 | —- | C] (Adobe Systems Incorporated) – C:\Windows\SysNative\atmfd.dll
    [2012/12/23 23:10:05 | 000,295,424 | —- | C] (Adobe Systems Incorporated) – C:\Windows\SysWow64\atmfd.dll
    [2012/12/20 10:45:51 | 000,000,000 | —D | C] – C:\EBooks
    [2012/12/20 10:40:17 | 000,000,000 | —D | C] – C:\Users\Willem-Jan\AppData\Local\Adobe_Systems_Incorporate
    [2012/12/20 10:38:20 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    [2012/12/20 10:38:16 | 000,000,000 | —D | C] – C:\Users\Willem-Jan\Documents\My Digital Editions
    [2012/12/17 23:33:42 | 000,096,768 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\mshtmled.dll
    [2012/12/17 23:33:41 | 000,073,216 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\mshtmled.dll
    [2012/12/17 23:33:40 | 000,248,320 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\ieui.dll
    [2012/12/17 23:33:40 | 000,176,640 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\ieui.dll
    [2012/12/17 23:33:40 | 000,173,056 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\ieUnatt.exe
    [2012/12/17 23:33:40 | 000,142,848 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\ieUnatt.exe
    [2012/12/17 23:33:39 | 000,237,056 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\url.dll
    [2012/12/17 23:33:39 | 000,231,936 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\url.dll
    [2012/12/17 23:33:38 | 001,494,528 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\inetcpl.cpl
    [2012/12/17 23:33:38 | 001,427,968 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\inetcpl.cpl
    [2012/12/17 23:33:37 | 002,312,704 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\jscript9.dll
    [2012/12/17 23:33:37 | 000,729,088 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\msfeeds.dll
    [2012/12/17 23:33:35 | 000,816,640 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\jscript.dll
    [2012/12/17 23:33:35 | 000,717,824 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\jscript.dll
    [2012/12/17 23:33:35 | 000,599,040 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\vbscript.dll
    [2012/12/13 20:21:40 | 000,424,960 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\KernelBase.dll
    [2012/12/13 20:21:39 | 001,161,216 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\kernel32.dll
    [2012/12/13 20:21:39 | 000,215,040 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\winsrv.dll
    [2012/12/13 20:21:38 | 000,338,432 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\conhost.exe
    [2012/12/13 20:21:33 | 000,362,496 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\wow64win.dll
    [2012/12/13 20:21:33 | 000,025,600 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\setup16.exe
    [2012/12/13 20:21:32 | 000,243,200 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\wow64.dll
    [2012/12/13 20:21:32 | 000,016,384 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative
    tvdm64.dll
    [2012/12/13 20:21:32 | 000,014,336 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64
    tvdm64.dll
    [2012/12/13 20:21:32 | 000,013,312 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\wow64cpu.dll
    [2012/12/13 20:21:32 | 000,005,120 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\wow32.dll
    [2012/12/13 20:21:28 | 000,007,680 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\instnm.exe
    [2012/12/13 20:21:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/12/13 20:21:26 | 000,006,144 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/12/13 20:21:26 | 000,005,120 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/12/13 20:21:26 | 000,005,120 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/12/13 20:21:26 | 000,004,608 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/12/13 20:21:26 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/12/13 20:21:26 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,004,608 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,004,608 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/12/13 20:21:25 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/12/13 20:21:24 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/12/13 20:21:23 | 000,006,144 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/12/13 20:21:23 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/12/13 20:21:23 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/12/13 20:21:23 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/12/13 20:21:23 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/12/13 20:21:23 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/12/13 20:21:23 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/12/13 20:21:22 | 000,004,608 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/12/13 20:21:22 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/12/13 20:21:21 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/12/13 20:21:21 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/12/13 20:21:21 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/12/13 20:21:21 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/12/13 20:21:20 | 000,002,048 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\user.exe
    [2012/12/13 20:21:08 | 000,478,208 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\dpnet.dll
    [2012/12/13 20:21:08 | 000,376,832 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\dpnet.dll
    [2012/12/11 19:59:31 | 000,000,000 | —D | C] – C:\Users\Willem-Jan\Documents\SimCity 4
    [2012/12/11 19:59:26 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
    [2012/12/11 19:59:07 | 000,000,000 | —D | C] – C:\Program Files (x86)\Maxis
    [2012/12/11 19:41:04 | 000,000,000 | —D | C] – C:\Simcity

    ========== Files - Modified Within 30 Days ==========[/color:c1df29c6fd]

    [2013/01/08 21:34:17 | 000,017,600 | -H– | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/08 21:34:17 | 000,017,600 | -H– | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/08 21:31:49 | 000,602,112 | —- | M] (OldTimer Tools) – C:\Users\Willem-Jan\Desktop\OTL.exe
    [2013/01/08 21:29:17 | 000,000,045 | —- | M] () – C:\Users\Public\Documents\AtherosServiceConfig.ini
    [2013/01/08 21:25:19 | 000,067,584 | –S- | M] () – C:\Windows\bootstat.dat
    [2013/01/08 21:25:14 | 3111,514,112 | -HS- | M] () – C:\hiberfil.sys
    [2013/01/07 23:14:00 | 000,001,086 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2800831817-3073305088-4166720193-1001UA.job
    [2013/01/07 23:13:00 | 000,000,940 | —- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/07 20:01:22 | 000,002,513 | —- | M] () – C:\Users\Public\Desktop\Skype.lnk
    [2013/01/03 19:15:47 | 000,001,034 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2800831817-3073305088-4166720193-1001Core.job
    [2013/01/03 17:36:41 | 000,000,027 | —- | M] () – C:\Windows\SysNative\drivers\etc\hosts
    [2012/12/30 18:06:00 | 000,418,088 | —- | M] () – C:\Windows\SysNative\FNTCACHE.DAT
    [2012/12/23 17:05:04 | 001,564,226 | —- | M] () – C:\Windows\SysNative\PerfStringBackup.INI
    [2012/12/23 17:05:04 | 000,706,802 | —- | M] () – C:\Windows\SysNative\perfh013.dat
    [2012/12/23 17:05:04 | 000,620,836 | —- | M] () – C:\Windows\SysNative\perfh009.dat
    [2012/12/23 17:05:04 | 000,136,314 | —- | M] () – C:\Windows\SysNative\perfc013.dat
    [2012/12/23 17:05:04 | 000,108,760 | —- | M] () – C:\Windows\SysNative\perfc009.dat
    [2012/12/16 18:11:22 | 000,046,080 | —- | M] (Adobe Systems) – C:\Windows\SysNative\atmlib.dll
    [2012/12/16 15:45:03 | 000,367,616 | —- | M] (Adobe Systems Incorporated) – C:\Windows\SysNative\atmfd.dll
    [2012/12/16 15:13:28 | 000,295,424 | —- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\atmfd.dll
    [2012/12/16 15:13:20 | 000,034,304 | —- | M] (Adobe Systems) – C:\Windows\SysWow64\atmlib.dll
    [2012/12/11 20:13:27 | 000,697,272 | —- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/12/11 20:13:27 | 000,073,656 | —- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    ========== Files Created - No Company Name ==========[/color:c1df29c6fd]

    [2013/01/07 20:01:22 | 000,002,513 | —- | C] () – C:\Users\Public\Desktop\Skype.lnk
    [2013/01/03 17:23:36 | 000,256,000 | —- | C] () – C:\Windows\PEV.exe
    [2013/01/03 17:23:36 | 000,208,896 | —- | C] () – C:\Windows\MBR.exe
    [2013/01/03 17:23:36 | 000,098,816 | —- | C] () – C:\Windows\sed.exe
    [2013/01/03 17:23:36 | 000,080,412 | —- | C] () – C:\Windows\grep.exe
    [2013/01/03 17:23:36 | 000,068,096 | —- | C] () – C:\Windows\zip.exe
    [2012/12/20 10:38:20 | 000,002,236 | —- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk
    [2012/03/03 16:20:12 | 000,000,617 | —- | C] () – C:\Windows\eReg.dat
    [2012/01/31 18:15:44 | 000,030,568 | —- | C] () – C:\Windows\MusiccityDownload.exe
    [2012/01/31 18:15:42 | 000,974,848 | —- | C] () – C:\Windows\SysWow64\cis-2.4.dll
    [2012/01/31 18:15:42 | 000,081,920 | —- | C] () – C:\Windows\SysWow64\issacapi_bs-2.3.dll
    [2012/01/31 18:15:42 | 000,065,536 | —- | C] () – C:\Windows\SysWow64\issacapi_pe-2.3.dll
    [2012/01/31 18:15:42 | 000,057,344 | —- | C] () – C:\Windows\SysWow64\issacapi_se-2.3.dll
    [2011/04/06 18:50:26 | 001,591,160 | —- | C] () – C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/04/05 20:38:47 | 000,004,096 | —- | C] () – C:\Windows\d3dx.dat
    [2011/04/05 20:14:52 | 000,000,056 | -H– | C] () – C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========[/color:c1df29c6fd]

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll – [2012/06/09 06:43:10 | 014,172,672 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll – [2012/06/09 05:41:00 | 012,873,728 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll – [2009/07/14 02:40:51 | 000,909,312 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll – [2010/11/20 13:19:02 | 000,606,208 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll – [2009/07/14 02:41:56 | 000,505,856 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========[/color:c1df29c6fd]

    [2012/12/05 18:23:48 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\Azureus
    [2011/08/31 15:30:56 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\Babylon
    [2012/03/06 13:08:37 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\Belastingdienst
    [2011/10/05 16:00:56 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\Charles
    [2012/12/05 17:58:05 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\DAEMON Tools Lite
    [2012/03/03 17:04:05 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\DAEMON Tools Pro
    [2012/09/10 10:49:19 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\ESET
    [2011/04/06 20:42:18 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\GrabIt
    [2012/12/05 17:52:28 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\OpenCandy
    [2012/07/06 18:47:24 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\PlayFirst
    [2012/12/30 17:39:05 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\Product_RM
    [2012/12/30 17:57:44 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\Registry Mechanic
    [2012/02/27 20:27:46 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\Samsung
    [2012/12/27 11:51:55 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\SoftGrid Client
    [2012/03/06 13:47:53 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\Temp
    [2012/02/05 17:19:17 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\TP
    [2012/12/05 17:55:17 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\TuneUp Software
    [2011/10/19 15:18:05 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\Windows Live Writer
    [2012/12/05 17:24:27 | 000,000,000 | —D | M] – C:\Users\Willem-Jan\AppData\Roaming\WinISO Computing

    ========== Purity Check ==========[/color:c1df29c6fd]



    ========== Custom Scans ==========[/color:c1df29c6fd]

    < services.* >[/color:c1df29c6fd]
    [2009/07/14 06:08:49 | 000,000,006 | -H– | C] () – C:\Windows\Tasks\SA.DAT
    [2009/07/14 06:08:49 | 000,032,636 | —- | C] () – C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/04/05 19:42:55 | 000,001,034 | —- | C] () – C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800831817-3073305088-4166720193-1001Core.job
    [2011/04/05 19:42:55 | 000,001,086 | —- | C] () – C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800831817-3073305088-4166720193-1001UA.job
    [2012/04/03 17:23:08 | 000,000,940 | —- | C] () – C:\Windows\Tasks\Adobe Flash Player Updater.job

    < explorer.exe >[/color:c1df29c6fd]

    < winlogon.exe >[/color:c1df29c6fd]

    < Userinit.exe >[/color:c1df29c6fd]

    < svchost.exe >[/color:c1df29c6fd]

    ========== Base Services ==========[/color:c1df29c6fd]
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:40:01 | 000,072,192 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\aelupsvc.dll – (AeLookupSvc)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:25:40 | 000,070,656 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\appinfo.dll – (Appinfo)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:38:55 | 000,079,360 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\alg.exe – (ALG)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:23 | 000,849,920 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\qmgr.dll – (BITS)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:25:45 | 000,705,024 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\BFE.DLL – (BFE)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\lsass.exe – (KeyIso)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:40:50 | 000,402,944 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\es.dll – (EventSystem)
    SRV - [2009/07/14 02:15:19 | 000,271,360 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\es.dll – (EventSystem)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/07/04 23:13:27 | 000,136,704 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\browser.dll – (Browser)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/06/02 06:41:28 | 000,184,320 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\cryptsvc.dll – (CryptSvc)
    SRV - [2012/06/02 05:36:29 | 000,140,288 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\cryptsvc.dll – (CryptSvc)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:24 | 000,512,000 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (DcomLaunch)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:26:04 | 000,317,952 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dhcpcore.dll – (Dhcp)
    SRV - [2010/11/20 13:18:30 | 000,254,464 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\dhcpcore.dll – (Dhcp)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/03/03 07:24:16 | 000,183,296 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dnsrslvr.dll – (Dnscache)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:40:35 | 000,111,104 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\eapsvc.dll – (EapHost)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:00 | 000,038,912 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\hidserv.dll – (hidserv)
    SRV - [2009/07/14 02:15:24 | 000,049,152 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysWOW64\hidserv.dll – (hidserv)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:10 | 000,359,424 | —- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\SysNative\ipnathlp.dll – (SharedAccess)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:26:39 | 000,501,248 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\IPSECSVC.DLL – (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:54 | 000,524,288 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\swprv.dll – (swprv)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:26 | 000,067,584 | —- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\SysNative\mmcss.dll – (MMCSS)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:52 | 000,360,448 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative
    etman.dll – (Netman)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:52 | 000,459,776 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative
    etprofm.dll – (netprofm)
    SRV - [2009/07/14 02:16:03 | 000,360,448 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64
    etprofm.dll – (netprofm)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/10/03 18:44:21 | 000,303,104 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative
    lasvc.dll – (NlaSvc)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:53 | 000,025,600 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative
    sisvc.dll – (nsi)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/05/24 12:42:55 | 000,404,480 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\umpnpmgr.dll – (PlugPlay)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/02/11 07:36:02 | 000,559,104 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\spoolsv.exe – (Spooler)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\lsass.exe – (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:53 | 000,099,328 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\rasauto.dll – (RasAuto)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:24 | 000,344,064 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\rasmans.dll – (RasMan)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:24 | 000,512,000 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (RpcSs)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:25 | 000,030,720 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\seclogon.dll – (seclogon)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2011/11/17 07:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\lsass.exe – (SamSs)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:58 | 000,097,280 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wscsvc.dll – (wscsvc)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:26 | 000,236,032 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\srvsvc.dll – (LanmanServer)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:25 | 000,370,688 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\shsvcs.dll – (ShellHWDetection)
    SRV - [2010/11/20 13:21:19 | 000,328,192 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64\shsvcs.dll – (ShellHWDetection)
    No service found with a name of slsvc
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:25 | 001,110,016 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\schedsvc.dll – (Schedule)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:26 | 000,316,928 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\tapisrv.dll – (TapiSrv)
    SRV - [2010/11/20 13:21:28 | 000,242,176 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64\tapisrv.dll – (TapiSrv)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:55 | 000,044,544 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\themeservice.dll – (Themes)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2012/05/01 06:40:20 | 000,209,920 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\profsvc.dll – (ProfSvc)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:25:27 | 001,600,512 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\VSSVC.exe – (VSS)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:25:42 | 000,679,424 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\audiosrv.dll – (AudioSrv)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:25:42 | 000,679,424 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\audiosrv.dll – (AudioEndpointBuilder)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:25 | 000,170,496 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\sdrsvc.dll – (SDRSVC)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2009/07/14 02:41:27 | 001,011,712 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:28 | 001,646,080 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wevtsvc.dll – (eventlog)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:26:59 | 000,828,416 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\MPSSVC.dll – (MpsSvc)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:27:28 | 000,580,096 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wiaservc.dll – (stisvc)
    SRV:[b:c1df29c6fd]64bit:[/b:c1df29c6fd] - [2010/11/20 14:24:58 | 000,128,000 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\msiexec.exe – (msiserver)
    SRV - [2010/11/20 13:17:22 | 000,073,216 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysWow64\msiexec.exe – (msiserver)
  • De vorige post is de inhoud van het OTL.Txt bestand. Hieronder de inhoud van het Extras.txt

    OTL Extras logfile created on: 1/8/2013 9:34:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Willem-Jan\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3.86 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 63.39% Memory free
    7.73 Gb Paging File | 6.10 Gb Available in Paging File | 78.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 684.87 Gb Total Space | 552.89 Gb Free Space | 80.73% Space Free | Partition Type: NTFS

    Computer Name: LAPTOPWILLEM | User Name: Willem-Jan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:42f9cc9feb]


    ========== File Associations ==========[/color:42f9cc9feb]

    [b:42f9cc9feb]64bit:[/b:42f9cc9feb] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] – C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] – C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] – C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========[/color:42f9cc9feb]

    [b:42f9cc9feb]64bit:[/b:42f9cc9feb] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Key error.
    htmlfile [open] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] – rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] – "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] – "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] – Reg Error: Value error.
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Key error.
    htmlfile [open] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] – Reg Error: Value error.
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:42f9cc9feb]

    [b:42f9cc9feb]64bit:[/b:42f9cc9feb] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [b:42f9cc9feb]64bit:[/b:42f9cc9feb] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [b:42f9cc9feb]64bit:[/b:42f9cc9feb] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [b:42f9cc9feb]64bit:[/b:42f9cc9feb] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========[/color:42f9cc9feb]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========[/color:42f9cc9feb]

    [b:42f9cc9feb]64bit:[/b:42f9cc9feb] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [b:42f9cc9feb]64bit:[/b:42f9cc9feb] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [b:42f9cc9feb]64bit:[/b:42f9cc9feb] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========[/color:42f9cc9feb]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========[/color:42f9cc9feb]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{032DF263-004B-456A-9B65-0E482DBD070E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{08485085-50EE-4295-8317-C1E593A83E81}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1998D5E1-EE4C-4198-9152-20BC2DD64D7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1DF14C99-7659-43C9-B229-8A2983588EF9}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2AF5A5A4-4AC4-42E3-B270-5C53EC6815C5}" = rport=139 | protocol=6 | dir=out | app=system |
    "{4212AC95-89D3-4159-8FBF-6159A678853A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{432BACE4-77E8-4E20-856E-9E104F3AD563}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{4E1CD201-EAAE-4DD5-BA81-5243968D2236}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{50B63F14-FEA4-46F9-8E76-C7F2CDB02834}" = lport=139 | protocol=6 | dir=in | app=system |
    "{55557CFE-BCD4-4DF0-87B0-60A3C2AC88BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{752789B3-49E1-47B5-AD19-ED3B007BB687}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7E204B2D-15BE-4A03-A022-18DAE16076B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7FD3F990-0AD9-4A77-994A-8EEEFB71091F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{881D3FFE-D0E6-4EF8-98BD-AD44A842B470}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{96B34151-76B9-4C21-80D9-5861B91BBA0F}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9EAFE26E-186E-41E6-9E0D-72B10A682AC1}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{A0F6AC76-EDD1-4400-83C7-1F44E05BA94A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A288CF27-C90B-4193-AE9B-1829D95B6C5C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{AF816F1C-149F-4C6C-89E8-6A118FEF33FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{BE00E338-B7C2-4A0E-AC10-6D05107FAD26}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE5C7B15-09A5-4C79-B4E6-70277A282FDE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{DBD5E0F3-F2C6-494C-950C-9180A7BE3ABE}" = rport=138 | protocol=17 | dir=out | app=system |
    "{DEAF6D9C-DBCB-4B91-A6B9-61278EF7C2AB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E00F9036-7EE9-466D-B508-104E4D82B000}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E524E242-7AC8-423F-8571-09042C469BCD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{EE6CD09C-2849-420C-BD9A-FFD87CA720CD}" = rport=10243 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========[/color:42f9cc9feb]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02D7460E-A7D8-4A2A-A18C-B5E78A4128BF}" = protocol=6 | dir=in | app=c:\program files (x86)
    ewtech infosystems
    ti backup now 5\backupsvc.exe |
    "{09E559D7-9325-4303-AD2A-5D0D5F6C9CE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{1749B8DF-31B4-4087-9368-8830669C04D2}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
    "{185C66A6-2F4C-4F3D-81CB-81552AA2DBFA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{1A5BA9C1-A5B4-43D4-A399-902483850E9E}" = protocol=6 | dir=out | app=system |
    "{212F42C1-7A4C-4FFE-970C-93AE3796B931}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{271A442B-7339-4033-94FF-9A8AFBB8E1B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3135F34E-BF7A-4272-B1DB-DFEF8BB21DA0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{35E861A3-8053-4611-9B62-7578AB9B64DD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{3689D701-F727-497A-8B53-4D44EE429D29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3A25CCD2-8BA9-4C9C-9613-E774A7BA67E4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{3A31B1DE-81DB-4202-B925-EFCC0DBB44CB}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
    "{3B2D4777-DCD4-4A56-B4B6-EB5243F64104}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
    "{3B7CA3F1-44FF-4ED3-A034-B08F4632B671}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3C545A48-E6AE-43C1-BF17-B50DD81B8A15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3C82CA39-74BC-4642-BF76-51D01E8ED678}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{455832AE-17D3-4A01-BEB0-0EA4C642892D}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
    "{478F9AFA-F038-4C89-8DA8-BD6697FD0E7F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{4A266BD9-44D4-4E7D-BD11-CB33A802466E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{5002CD8A-A3BA-4890-845B-DC599EF1858B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{50159EF8-4442-4C63-9431-B2DF7667AE69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{53CC0178-3DB1-419B-A5F9-F7E41C20C105}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{54AE51E7-ED27-43AB-A430-B3A9CA558A46}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{5857A0C9-22E8-4E56-B21E-C6C5A7AAE293}" = protocol=17 | dir=in | app=c:\program files (x86)
    ewtech infosystems
    ti backup now 5\schedulersvc.exe |
    "{59BB8605-E0A2-4848-A449-39EFEC580D9D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
    "{5C0B62DC-8BAD-4BA6-B25C-39BFF31D8795}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{60B6D5C6-E77F-4066-B045-FE4954624A7F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{66421402-920D-4132-94AF-92EFA7C63903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{77BB984D-B43D-4C01-9F12-85D7EB5ACF9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{84CE4852-FEBF-4778-AE02-F0D13357FF56}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{8597B8F3-A284-4CA0-AC6F-78F1F2551CD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{88B4A0A5-6452-4152-9D7C-DE8FB73BA3B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8E535259-D5C3-4235-9474-1F20910DB625}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{942D5A7A-7074-4261-AC9A-1F2A857F1F06}" = protocol=17 | dir=in | app=c:\program files (x86)
    ewtech infosystems
    ti backup now 5\backupsvc.exe |
    "{AD9F1D80-9163-44B4-93E4-4B81B3138CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
    "{AFD9AA5B-759C-4E66-93EE-D60FD6081EDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B2B499EF-9077-4BC8-BCE0-28FF07D92DF5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{B5FEE936-2900-42C2-B498-17F3A1536D64}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{BB80684E-558F-48D9-8CA4-66F8B709B2F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CAA364DF-ECB7-40CD-9387-022B9CEA2E5F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{D28BD9FE-7CF9-45A6-B998-DEE52D4F02F8}" = protocol=6 | dir=in | app=c:\program files (x86)
    ewtech infosystems
    ti backup now 5\schedulersvc.exe |
    "{D3CE8121-DE2D-4772-A7E6-75EAF14CE06B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{DD30E3E0-FD9B-4D48-AE2A-EEB324E692F2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{DEEE0273-D102-42F4-B3A5-87CB3CA4BBB1}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
    "{E3B79F39-9F74-4694-8C19-D12946555EE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E4651702-59FC-4F96-BC28-0CFEEEF60E22}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
    "{EE91DB5A-82C7-4E40-9F05-83AC8711AF71}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F16FAAC5-117D-46A3-92BF-F66BB4D1B51F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "TCP Query User{1455BD2D-BE1E-4D98-A941-69EE1A1A93B7}C:\program files (x86)\gog.com\empire earth gold edition\empire earth - the art of conquest\ee-aoc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\empire earth gold edition\empire earth - the art of conquest\ee-aoc.exe |
    "TCP Query User{30FB15A9-59DA-4583-A053-6C27714DD839}C:\program files (x86)\gog.com\empire earth gold edition\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\empire earth gold edition\empire earth\empire earth.exe |
    "TCP Query User{4442DE91-3D02-4B78-AFF7-0FCD6FBF2D2D}C:\program files (x86)\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\charles\charles.exe |
    "TCP Query User{928FBE10-5902-4DFC-A857-73A56FD242CF}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
    "TCP Query User{F1442D75-F0D6-448A-8315-6559F5FDC5A3}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
    "TCP Query User{F354C5C8-8E99-499C-8543-70A8B3DA39B5}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
    "TCP Query User{F9E7E893-F8B4-40E7-89EA-B7B445411D11}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
    "UDP Query User{29DC8E91-1C4A-40BC-8275-418279B7A0D4}C:\program files (x86)\gog.com\empire earth gold edition\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\empire earth gold edition\empire earth\empire earth.exe |
    "UDP Query User{31683AAC-06B0-4CB7-918C-1754B39FB132}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
    "UDP Query User{8AF90107-2B75-4A67-9FB6-20F79F6F16D0}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
    "UDP Query User{8EF0E9CB-923E-4690-BA42-D8E3EB260FD3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
    "UDP Query User{A543143C-2DCE-4711-BD68-5CE88B7CC835}C:\program files (x86)\gog.com\empire earth gold edition\empire earth - the art of conquest\ee-aoc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\empire earth gold edition\empire earth - the art of conquest\ee-aoc.exe |
    "UDP Query User{BF4A78C7-970D-4B81-8755-0C2AAE403D2D}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
    "UDP Query User{E258AC0B-9E65-4BF6-B7F5-6A496CFBCBAB}C:\program files (x86)\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\charles\charles.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:42f9cc9feb]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{349BA258-9997-4015-8CBC-B1673CB36C2C}" = ESET NOD32 Antivirus
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{84CC4DD9-03B2-C31A-537E-9BBC18ACC602}" = ATI Catalyst Install Manager
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2010
    "{90140000-006D-0413-1000-0000000FF1CE}" = Microsoft Office Klik-en-Klaar 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
    "{AE4C205E-A67D-BBBB-5943-E28E26877075}" = ccc-utility64
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B4A3E07-8FCC-A76A-A9CE-42C40ECCD2D0}" = CCC Help Norwegian
    "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
    "{12947715-B6F0-4597-816F-5E13FB647921}_is1" = Spotnet
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{26537F6C-A9B6-CFEE-42B5-CDCC968F1294}" = ccc-core-static
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{293446A4-5067-5AE8-58BD-286AA625F722}" = CCC Help Czech
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{3CDF4E11-8864-91FF-1F43-DBCEEE6CCCCD}" = CCC Help Chinese Traditional
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
    "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7E4216-A890-A47A-7F36-738FA9FDFE3F}" = Catalyst Control Center Localization All
    "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
    "{5BFB2F3D-094F-78CC-DDD7-6DE38D1297E0}" = CCC Help Portuguese
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A4EA6BD-E314-6266-31AF-5994DF44C7D9}" = CCC Help Thai
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{76AC1BB4-9240-E9BD-1980-049C7B136D88}" = CCC Help Polish
    "{76E1061F-F52A-5064-5226-3CA805053AAE}" = CCC Help Hungarian
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E6ADACE-A692-0F55-710C-27ECE41F0379}" = CCC Help Spanish
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{88E8D8F1-5217-EBEC-1334-350FC4753E3F}" = CCC Help Greek
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
    "{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
    "{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
    "{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
    "{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
    "{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
    "{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUS_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0413-1000-0000000FF1CE}_Office14.PROPLUS_{B9427E36-0B0A-48F4-8A51-1C178708A28E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
    "{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUS_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
    "{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
    "{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUS_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
    "{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
    "{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140011-0066-0413-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Nederlands
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93745F70-C6C1-A0A3-4070-50931D4DF0F4}" = CCC Help Italian
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{960AF47A-C721-AF38-6B61-3FBA0E998777}" = CCC Help Japanese
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D3E0AC6-E57F-9213-B14F-A62AA01DAF13}" = CCC Help Dutch
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{B9213525-8FB5-E5F5-1B11-31C67DDBFEB5}" = PX Profile Update
    "{C1472DC4-116F-E566-C9B0-28E8F29F89EF}" = CCC Help Turkish
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C3F87A81-E917-45C1-A192-3A66579CCCAE}" = CCC Help English
    "{C70735BF-BC36-B811-F97F-84AD0600C6CC}" = CCC Help German
    "{CA2597F2-B171-3F37-D4EC-33D99FBE7DA0}" = CCC Help Korean
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF207ED6-563A-2836-EEFB-E23F2FC7AECE}" = CCC Help Swedish
    "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.194.1021
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A5736E-A103-BB67-00B0-074DA9C47E98}" = CCC Help French
    "{D2352180-4B77-3FF2-1C43-4385014C7654}" = CCC Help Danish
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1565776-B565-E82C-67E8-0C609BA4A5D9}" = Catalyst Control Center InstallProxy
    "{E231E0CB-3F8E-B1F2-2403-EF7ACAC5F8F1}" = CCC Help Finnish
    "{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{F00FEE96-5F9F-00F3-203F-E88294A4F1F9}" = CCC Help Russian
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6916F3C-9ED5-6447-C02D-BDEB7372EE3A}" = Catalyst Control Center Graphics Previews Vista
    "{FE358D5C-17D5-890E-D97A-171B1A084197}" = CCC Help Chinese Standard
    "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Identity Card" = Identity Card
    "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
    "LManager" = Launch Manager
    "Microsoft Forefront UAG endpoint components 3.1.0" = Microsoft Forefront UAG endpoint components v4.0.0
    "Office14.Click2Run" = Microsoft Office Klik-en-Klaar 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Verzoek of wijziging voorlopige aanslag 2012" = Verzoek of wijziging voorlopige aanslag 2012
    "WinISO" = WinISO
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.20 (32-bit)

    ========== HKEY_USERS Uninstall List ==========[/color:42f9cc9feb]

    [HKEY_USERS\S-1-5-21-2800831817-3073305088-4166720193-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========[/color:42f9cc9feb]

    [ Application Events ]
    Error - 8/30/2012 6:41:48 AM | Computer Name = LaptopWillem | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'c:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 9/14/2012 5:09:28 PM | Computer Name = LaptopWillem | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'c:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 9/27/2012 3:08:08 PM | Computer Name = LaptopWillem | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: iexplore.exe, versie: 9.0.8112.16450,
    tijdstempel: 0x503723f6 Naam van module met fout: KERNELBASE.dll, versie: 6.1.7601.17651,
    tijdstempel: 0x4e211319 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00035367 Id van
    proces met fout: 0x1370 Starttijd van toepassing met fout: 0x01cd9ce2044c7bfd Pad
    naar toepassing met fout: C:\Program Files (x86)\Internet Explorer\iexplore.exe
    Pad
    naar module met fout: C:\Windows\syswow64\KERNELBASE.dll Rapport-id: abaa5170-08d6-11e2-9338-206a8a23fdbc

    Error - 10/3/2012 9:41:55 AM | Computer Name = LaptopWillem | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'c:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 10/15/2012 10:49:20 AM | Computer Name = LaptopWillem | Source = CVHSVC | ID = 100
    Description = Alleen informatie. (Patch task for {90140011-0066-0413-0000-0000000FF1CE}):
    DownloadLatest Failed:

    Error - 10/16/2012 12:00:32 PM | Computer Name = LaptopWillem | Source = CVHSVC | ID = 100
    Description = Alleen informatie. (Patch task for {90140011-0066-0413-0000-0000000FF1CE}):
    DownloadLatest Failed:

    Error - 10/30/2012 5:35:16 PM | Computer Name = LaptopWillem | Source = Application Hang | ID = 1002
    Description = Het programma iexplore.exe, versie 9.0.8112.16450 reageert niet meer
    op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
    beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
    in het Configuratiescherm. Proces-id: 1348 Starttijd: 01cdb6e64846a054 Eindtijd: 35

    Toepassingspad:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Rapport-id:

    Error - 10/30/2012 5:45:12 PM | Computer Name = LaptopWillem | Source = Application Hang | ID = 1002
    Description = Het programma iexplore.exe, versie 9.0.8112.16450 reageert niet meer
    op Windows en is afgesloten. Als u wilt zien of er meer informatie over het probleem
    beschikbaar is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum
    in het Configuratiescherm. Proces-id: 304 Starttijd: 01cdb6e768f7f35a Eindtijd: 30

    Toepassingspad:
    C:\Program Files (x86)\Internet Explorer\iexplore.exe Rapport-id:

    Error - 11/3/2012 11:22:45 AM | Computer Name = LaptopWillem | Source = SideBySide | ID = 16842815
    Description = Kan activeringscontext voor 'c:\Program Files (x86)\Common Files\Adobe
    AIR\Versions\1.0\Adobe AIR.dll' niet maken. Fout in manifest of beleidsbestand
    'c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll' op regel
    3. De waarde MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR
    van kenmerk version in element assemblyIdentity is ongeldig.

    Error - 11/9/2012 3:51:56 PM | Computer Name = LaptopWillem | Source = CVHSVC | ID = 100
    Description = Alleen informatie. (Patch task for {90140011-0066-0413-0000-0000000FF1CE}):
    DownloadLatest Failed:

    [ Media Center Events ]
    Error - 1/20/2012 10:50:37 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 15:50:37 - Kan Directory niet ophalen (Fout: Kan geen verbinding met
    de externe server maken)

    Error - 1/20/2012 10:51:40 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 15:51:19 - Kan ClientUpdate niet ophalen (Fout: Kan geen verbinding
    met de externe server maken)

    Error - 1/20/2012 10:52:22 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 15:52:01 - Kan MCESpotlight niet ophalen (Fout: Kan geen verbinding
    met de externe server maken)

    Error - 1/20/2012 10:53:05 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 15:52:43 - Kan MCEClientUX niet ophalen (Fout: Kan geen verbinding
    met de externe server maken)

    Error - 1/20/2012 10:53:26 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 15:53:26 - Kan Broadband niet ophalen (Fout: Kan geen verbinding met
    de externe server maken)

    Error - 1/20/2012 11:54:27 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 16:54:27 - Kan Directory niet ophalen (Fout: Kan geen verbinding met
    de externe server maken)

    Error - 1/20/2012 11:55:33 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 16:55:12 - Kan ClientUpdate niet ophalen (Fout: Kan geen verbinding
    met de externe server maken)

    Error - 1/20/2012 11:56:15 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 16:55:54 - Kan MCESpotlight niet ophalen (Fout: Kan geen verbinding
    met de externe server maken)

    Error - 1/20/2012 11:56:57 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 16:56:36 - Kan MCEClientUX niet ophalen (Fout: Kan geen verbinding
    met de externe server maken)

    Error - 1/20/2012 11:57:19 AM | Computer Name = LaptopWillem | Source = MCUpdate | ID = 0
    Description = 16:57:18 - Kan Broadband niet ophalen (Fout: Kan geen verbinding met
    de externe server maken)

    [ System Events ]
    Error - 1/3/2013 12:33:38 PM | Computer Name = LaptopWillem | Source = Service Control Manager | ID = 7030
    Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
    Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
    toegestaan. Deze service werkt mogelijk niet juist.

    Error - 1/3/2013 12:35:45 PM | Computer Name = LaptopWillem | Source = Service Control Manager | ID = 7009
    Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
    deze service: Microsoft Forefront UAG Quarantine Enforcement Client.

    Error - 1/3/2013 12:35:45 PM | Computer Name = LaptopWillem | Source = Service Control Manager | ID = 7000
    Description = De Microsoft Forefront UAG Quarantine Enforcement Client-service kan
    vanwege de volgende fout niet worden gestart: %%1053

    Error - 1/5/2013 3:22:44 PM | Computer Name = LaptopWillem | Source = bowser | ID = 8003
    Description =

    Error - 1/7/2013 2:45:08 PM | Computer Name = LaptopWillem | Source = Service Control Manager | ID = 7011
    Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: Dnscache.

    Error - 1/7/2013 3:44:29 PM | Computer Name = LaptopWillem | Source = iaStor | ID = 262153
    Description = Het apparaat \Device\Ide\iaStor0 heeft niet binnen de tijd voor time-out
    gereageerd.

    Error - 1/7/2013 3:45:09 PM | Computer Name = LaptopWillem | Source = Service Control Manager | ID = 7011
    Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: Dnscache.

    Error - 1/7/2013 3:45:11 PM | Computer Name = LaptopWillem | Source = Service Control Manager | ID = 7011
    Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: SysMain.

    Error - 1/7/2013 3:45:21 PM | Computer Name = LaptopWillem | Source = volsnap | ID = 393230
    Description = De schaduwkopieën van volume C: zijn afgebroken vanwege een I/O-fout
    op volume C:.

    Error - 1/7/2013 3:45:39 PM | Computer Name = LaptopWillem | Source = Service Control Manager | ID = 7011
    Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
    transactie van deze service: Dnscache.


    < End of report >

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.