Ga naar inhoud

Aanbevolen berichten

  • Reacties 28
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Download RootkitRevealer.

Unzip het en dubbelklik op RootkitRevealer.exe.

Wacht een 10 - 15 seconden en klik dan op de scan-knop.

Tijdens de scan doe je niets op de computer. Wacht tot RootkitRevealer klaar is.

Wanneer het tooltje klaar is ga je naar 'File' en kies je voor 'Save'.

Het log van RootkitRevealer wordt nu opgeslagen.

Post de inhoud van dit logje.

Link naar reactie
Delen op andere sites

Het zit niet mee. Ik krijg een dialoogvenster met: ...unable...de service heeft de start of stuuropdracht niet op juiste wijze beantwoord. Dan niets meer.

´t lijkt of het virus alles dwarsboomt.

bij de laatste scan met AVG had ik nog 2 meldingen NtCreate en NtAlpcCo. Ntmapvie zat er niet meer bij. Een klein lichtpuntje.

Link naar reactie
Delen op andere sites

Hoi Kape,

´t lijkt of mijn pc de scan niet trekt. Ik heb ´m tussendoor opgeslagen want hij haalt ´t einde niet.

Ik hoop dat je er iets aan hebt.

HKU\S-1-5-21-709391076-3668097275-2558483745-1000\Console 5-3-2013 0:07 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN 27-2-2011 3:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\CertMapping 27-2-2011 3:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client 2-11-2006 13:54 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Listener 2-11-2006 13:54 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin 27-2-2011 3:06 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Service 2-11-2006 13:54 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS 21-1-2008 3:41 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\WinRS\CustomRemoteShell 21-1-2008 3:41 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{1FCC09B7-8D0E-484D-A49C-8A68CFA62FD0}\DateLastConnected 6-3-2013 11:17 16 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 2-11-2006 11:33 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\013 21-1-2008 7:47 0 bytes Security mismatch.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C041448-C69A-4D8B-A774-4F3948997407}\DynamicInfo 6-3-2013 11:18 28 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Swearware\backup\winsock2 4-3-2013 23:55 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 4-3-2013 23:55 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 4-3-2013 23:55 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 4-3-2013 23:55 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 4-3-2013 23:55 0 bytes Security mismatch.

HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 4-3-2013 23:55 0 bytes Security mismatch.

HKLM\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{22C3F354-C493-4222-977B-E1C514BCB7A0}\Desc 30-8-2009 13:14 51 bytes Data mismatch between Windows API and raw hive data.

HKLM\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{22C3F354-C493-4222-977B-E1C514BCB7A0}\Icon 30-8-2009 13:14 45 bytes Data mismatch between Windows API and raw hive data.

HKLM\SYSTEM\ControlSet003\Control\StillImage\Events\STIProxyEvent\{22C3F354-C493-4222-977B-E1C514BCB7A0}\Desc 30-8-2009 13:14 51 bytes Data mismatch between Windows API and raw hive data.

HKLM\SYSTEM\ControlSet003\Control\StillImage\Events\STIProxyEvent\{22C3F354-C493-4222-977B-E1C514BCB7A0}\Icon 30-8-2009 13:14 45 bytes Data mismatch between Windows API and raw hive data.

Ik kijk of ik nog iets verder komt maar bij ´sorting c:´ wordt ´t scherm al zwart en krijg ik niets meer te zien laat staan dat ik kan saven.

Groet, Pat

Link naar reactie
Delen op andere sites

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
     
    startupall; 
    filesrcm; 
    


  • Klik op de knop "Options" en vink nu de onderstaande opties aan.

    • Running processes
    • Recently Created
    • Startup Information
    • Installed Programs
    • HijackThis Log
    • Firefox Look
    • Chrome Look
    • System Specs
    • Silent Runners
    • Firefox Defaults
    • Reset Chrome
    • Reset IE proxy
    • Empty Temp Folders
    • System Restore Point
    • System Restore Info
    • Reset System Restore
    • Shortcut Fix
    • IE Defaults
    • Reset Hosts
    • Auto Clean

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Hoi Kape,

hier ´t logje

Zoek.exe Version 4.0.0.2 Updated 06-March-2013

Tool run by Patrick on wo 06-03-2013 at 16:47:01,79.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

6-3-2013 16:49:25 System Restore is disabled.

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Patrick\Desktop\RootkitRevealer.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\conime.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG2013\avgcfgex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\mobsync.exe

C:\Users\Patrick\Desktop\zoek.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

==== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0) - Nederlands

Apple Mobile Device Support

Apple Software Update

Applian FLV and Media Player 3.1.1.12

ASIO4ALL

Audacity 1.3.14 (Unicode)

AudioLava 1.0

AVG 2011

AVG 2012

AVG 2013

AVS Video Editor 6

Bonjour

Canon Easy-PhotoPrint EX

Canon MG3100 series MP Drivers

Canon MG3100 series On-screen Manual

Canon MP Navigator EX 5.0

Canon My Printer

Canon Solution Menu EX

Choice Guard

Compatibiliteitspakket voor het 2007 Microsoft Office system

EasyBits Magic Desktop

ECHO is off (uit).

Free YouTube to MP3 Converter version 3.12.0.128

Gebruikersregistratie voor Canon MG3100 series

Google Chrome Frame

Google Toolbar for Internet Explorer

Google Update Helper

HDRegNL

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iCloud

IL Download Manager

Intel® Graphics Media Accelerator Driver

iTunes

Java 7 Update 9

Java Auto Updater

Java 6 Update 20

jetAudio Basic

Junk Mail filter update

Malwarebytes Anti-Malware versie 1.70.0.1100

Microsoft .NET Framework 3.5 Language Pack SP1 - nld

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile NLD Language Pack

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office Home and Student

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office PowerPoint Viewer 2007 (Dutch)

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (Dutch) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft Works 9.0

MobileMe Control Panel

Mozilla Firefox 19.0 (x86 nl)

Mozilla Maintenance Service

MSVC80_x86

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 8 Essentials

neroxml

Nokia Connectivity Cable Driver

Nokia Ovi Suite

Nokia Ovi Suite Software Updater

Nokia PC Suite

Nokia_Multimedia_Common_Components_2_5

Norton Internet Security

OGA Notifier 2.0.0048.0

Ovi Desktop Sync Engine

OviMPlatform

Packard Bell ImageWriter

Packard Bell Updator

PC Connectivity Solution

Picasa 3

PRS-500 USB driver

QuickTime

Reader Library by Sony

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

Setup My PC

Spotify

Switch Sound File Converter

Synaptics Pointing Device Driver

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Windows-stuurprogrammapakket - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)

Windows Live - Hulpprogramma voor uploaden

Windows Live aanmeldhulp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Writer

Windows Movie Maker 2.6

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

::1 localhost

==== FireFox Fix ======================

Deleted from C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\prefs.js:

Added to C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\prefs.js:

user_pref("browser.startup.homepage", "Google");

user_pref("browser.search.defaulturl", "Google=");

user_pref("browser.newtab.url", "Google");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "Google=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default

user.js not found

---- Lines CT2801948 removed from prefs.js ----

---- Lines CT2801948 modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_06-03-2013_1651_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\jetpack" deleted

"C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\CT2801948" deleted

"C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\CT2801948" deleted

==== System Specs ======================

Windows: Windows Vista Home Premium Edition Service Pack 2 (Build 6002)

Internet Explorer: 9.0.8112.16421

Memory (RAM): 3000 MB

CPU Info: Pentium® Dual-Core CPU T4200 @ 2.00GHz

CPU Speed: 1814,7 MHz

Sound Card: Luidsprekers (Realtek High Defi |

Display Adapters: Mobile Intel® 4 Series Express Chipset Family | Mobile Intel® 4 Series Express Chipset Family | RDPDD Chained DD | RDP Encoder Mirror Driver

Monitors: 1x; Algemeen PnP-beeldscherm |

Screen Resolution: 1280 X 800 - 32 bit

Network: Network Present

Network Adapters: Ralink 802.11n Wireless LAN Card | Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)

CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GSA-T50N

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C: 452,8GB

Hard Disks - Free: C: 268,2GB

Manufacturer *: Phoenix Technologies LTD

BIOS Info: AT/AT COMPATIBLE | 12/22/08 | PacBel - 20081222

Time Zone: West-Europa (standaardtijd)

Motherboard *: PACKARD BELL BV PE2

Sun Java version: 1.7.0_09

Country: Nederland

Language: NLD

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-03-04 14:26:45 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-03-04 14:26:45 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-03-04 14:26:45 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-03-04 14:26:45 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-03-04 14:26:45 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

2013-03-04 11:39:24 B4FA6D277F63CE3E5E547DD40365F178 14664 ----a-w- C:\Windows\stinger.sys

====== C:\Users\Patrick\AppData\Local\Temp ====

2013-03-06 14:34:05 2FF0591282B93DA1B83997A528E76CC2 416640 ----a-w- C:\Users\Patrick\AppData\Local\Temp\MHYTWUPJHGWXYUCAV.exe

2013-03-06 10:18:08 E17EDAB9F8766BACC3CA8AB6A82A646C 510848 ----a-w- C:\Users\Patrick\AppData\Local\Temp\VQEPQYDF.exe

2013-03-06 08:39:21 7F1E6BE9DAE420BB4B8A10B1A3B974BA 576384 ----a-w- C:\Users\Patrick\AppData\Local\Temp\GQB.exe

2013-03-05 23:35:48 02D84B934C859B6E19FA7AF7663853BF 433024 ----a-w- C:\Users\Patrick\AppData\Local\Temp\OJXCXURF.exe

2013-03-05 23:14:54 02D84B934C859B6E19FA7AF7663853BF 433024 ----a-w- C:\Users\Patrick\AppData\Local\Temp\DEXTIYTVIFQVGT.exe

2013-03-05 18:36:14 52D5B51FD0C9DCBC908C37D0A2C09364 379776 ----a-w- C:\Users\Patrick\AppData\Local\Temp\WSODVILX.exe

2013-03-05 18:34:48 0CD9D8F11EC956DB0454BE4F64623734 539520 ----a-w- C:\Users\Patrick\AppData\Local\Temp\KJFT.exe

2013-03-05 18:33:16 1C5D1B497134A44CAFE734558AE64427 588672 ----a-w- C:\Users\Patrick\AppData\Local\Temp\GTXZIVEZUNPXFZJ.exe

2013-03-05 18:31:14 52D5B51FD0C9DCBC908C37D0A2C09364 379776 ----a-w- C:\Users\Patrick\AppData\Local\Temp\LF.exe

====== C:\Windows\system32 =====

2013-03-05 19:42:24 D45BF3D70CAC0520C60DC5EA7EA0064B 165613973 ----a-w- C:\Windows\System32\NMYZQNLAUURXF

2013-02-21 21:48:12 57159B5E89F2DEBA768C4A1DF6387AEE 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll

====== C:\Windows\system32\drivers =====

2013-02-14 08:36:25 74E2D020C47BB2B2FCCBA29A518A7EB4 905576 ----a-w- C:\Windows\System32\drivers\tcpip.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-03-04 11:32:05 -------- d-----w- C:\Program Files\stinger

2013-03-03 14:36:09 -------- d-----w- C:\Program Files\Trend Micro

2013-03-03 12:00:45 -------- d-----w- C:\Program Files\Gophoto.it

2013-02-21 22:08:07 -------- d-----w- C:\Program Files\iPod

2013-02-21 22:08:00 -------- d-----w- C:\Program Files\iTunes

2013-02-21 21:53:01 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft

======= C: =====

2013-03-05 10:08:02 C1F1BC02F594024785EA3074C0F62E10 30250 ----a-w- C:\AdwCleaner[s1].txt

====== C:\Users\Patrick\AppData\Roaming ======

2013-03-04 23:07:06 -------- d-----w- C:\users\Public\AppData\Local\temp

2013-03-04 23:07:06 -------- d-----w- C:\users\Default\AppData\Local\temp

2013-03-04 23:07:06 -------- d-----w- C:\users\Default User\AppData\Local\temp

====== C:\Users\Patrick ======

2013-03-04 16:15:32 -------- d-----w- C:\Users\Public\AppData

2013-02-21 22:08:01 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

====== C: exe-files ==

2013-03-06 14:34:05 2FF0591282B93DA1B83997A528E76CC2 416640 ----a-w- C:\Users\Patrick\AppData\Local\Temp\MHYTWUPJHGWXYUCAV.exe

2013-03-06 10:18:08 E17EDAB9F8766BACC3CA8AB6A82A646C 510848 ----a-w- C:\Users\Patrick\AppData\Local\Temp\VQEPQYDF.exe

2013-03-06 08:39:21 7F1E6BE9DAE420BB4B8A10B1A3B974BA 576384 ----a-w- C:\Users\Patrick\AppData\Local\Temp\GQB.exe

2013-03-06 07:08:41 FD9E19F831196857B67B117394D61DDE 4637952 ----a-w- C:\Users\Patrick\AppData\Local\Temp\lptmp17964\lastpass.exe

2013-03-05 23:35:48 02D84B934C859B6E19FA7AF7663853BF 433024 ----a-w- C:\Users\Patrick\AppData\Local\Temp\OJXCXURF.exe

2013-03-05 23:14:54 02D84B934C859B6E19FA7AF7663853BF 433024 ----a-w- C:\Users\Patrick\AppData\Local\Temp\DEXTIYTVIFQVGT.exe

2013-03-05 18:36:14 52D5B51FD0C9DCBC908C37D0A2C09364 379776 ----a-w- C:\Users\Patrick\AppData\Local\Temp\WSODVILX.exe

2013-03-05 18:34:48 0CD9D8F11EC956DB0454BE4F64623734 539520 ----a-w- C:\Users\Patrick\AppData\Local\Temp\KJFT.exe

2013-03-05 18:33:16 1C5D1B497134A44CAFE734558AE64427 588672 ----a-w- C:\Users\Patrick\AppData\Local\Temp\GTXZIVEZUNPXFZJ.exe

2013-03-05 18:31:14 52D5B51FD0C9DCBC908C37D0A2C09364 379776 ----a-w- C:\Users\Patrick\AppData\Local\Temp\LF.exe

2013-03-05 18:29:39 EE738FE9BCDD605821002CEC8C7206DB 334720 ----a-w- C:\Users\Patrick\Desktop\RootkitRevealer.exe

2013-03-05 10:04:58 BDA238D4079311DB2C4C96A5A098C956 597667 ----a-w- C:\Users\Patrick\Desktop\adwcleaner.exe

2013-03-05 08:58:12 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Patrick\Desktop\TDSSKiller.exe

2013-03-04 18:51:02 7739D0BD7A11DAC7C6B52CC7FA0AA6E3 3151480 ----a-w- C:\Users\Patrick\Downloads\ccsetup328_slim.exe

2013-03-04 14:26:45 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-03-04 14:26:45 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-03-04 14:26:45 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-03-04 14:26:45 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-03-04 14:26:45 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

2013-03-04 11:29:56 BDFC48A2D947651B721745837E864D17 4318112 ----a-w- C:\Users\Patrick\Downloads\sysrc_trial_9407.exe

2013-03-04 11:26:07 3E88AB708C7F419E1A5535E2EF77C47E 10525728 ----a-w- C:\Users\Patrick\Downloads\Stinger.exe

=== C: other files ==

2013-03-05 18:20:31 59739CCDA2F15D5AC16DB6695CAE3378 231390 ----a-w- C:\Users\Patrick\Downloads\RootkitRevealer.zip

2013-03-05 08:49:57 F795C49456C7B8ED282F615D836B3885 2218636 ----a-w- C:\Users\Patrick\Downloads\tdsskiller.zip

2013-03-04 11:39:24 B4FA6D277F63CE3E5E547DD40365F178 14664 ----a-w- C:\Windows\stinger.sys

2013-03-03 11:54:14 FB77E4B8EF8F32CBC11F789F3ACC2FF5 213444 ----a-w- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\torntv@torntv.com.xpi

======== System Restore Points ========

No Restore Point in System.

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-709391076-3668097275-2558483745-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"SmpcSys"="C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe"

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

"SmpcSys"="C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"Skytel"="Skytel.exe"

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"

"vProt"="C:\Program Files\AVG Secure Search\vprot.exe"

"Reader Library Launcher"="C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"

"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"SmpcSys"="C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe"

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]

"MobileDocuments"="C:\\Program Files\\Common Files\\Apple\\Internet Services\\ubd.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"AVG_TRAY"="\"C:\\Program Files\\AVG\\AVG2012\\avgtray.exe\""

"ROC_roc_dec12"="\"C:\\Program Files\\AVG Secure Search\\ROC_roc_dec12.exe\" /PROMPT /CMPID=roc_dec12"

"Freecorder FLV Service"="\"C:\\Program Files\\Freecorder\\FLVSrvc.exe\" /run"

"HF_G_Jul"="\"C:\\Program Files\\AVG Secure Search\\HF_G_Jul.exe\" /DoAction"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre7\\bin\\jusched.exe\""

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

==== Startup Folders ======================

2012-11-12 19:59:46 1117 ----a-w- C:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27-02-2013 16:50]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16-10-2011 22:55]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [16-10-2011 22:55]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default

- Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn

- Torntv - %ProfilePath%\extensions\torntv@torntv.com.xpi

- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Norton IPS - %AppDir%\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}

==== Firefox Plugins ======================

Profilepath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default

E64819B6014A93E2503BB52419A0F6F3 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll - Shockwave Flash

F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update

AF87C7A3D391F5F5534167546D7DDE30 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3

2034E977759F4EB2226914BFC58F2758 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3

B14417814FCA3A5D4AB170E1823D5484 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3

3EFF190EC0E333DFBD2F5499858044B6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3

C4EB1B18B39BD2F76A64F75D01DEAB61 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3

45CC6EFE643FCB97D986BBE2D21E2491 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3

9FCA15CC38F2E2C6F5E722ED0E1A9E7A - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3

C04FCB7EEBEB5097B30468828F20FB9E - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U9

2C82D753EF779945977C82A3908DA20A - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5

711A2E6A55EC7BFD59B5F649D58B704B - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll - Silverlight Plug-In

54BC55D3D9BD33A6CE38F811CF836794 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat

0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ

85CF435CAB46007D9F7AA477CA68C2A9 - C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll - Reader Library

AAA414455FE1AA87E424BDFCAE249B50 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

21A55BABD31DA624449F06A591AE73ED - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll - Microsoft ® Silverlight

==== Deleting Files \ Folders ======================

"C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\torntv@torntv.com.xpi" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

"Default_Search_URL"="Upgrade to Google Chrome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="iGoogle Redirect"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search/?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="Upgrade to Google Chrome"

"Default_Search_URL"="Upgrade to Google Chrome"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="Bing"

"Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="%s - Bing"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="Bing"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{A415D7DA-9F56-467A-870E-508914FA9156}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"

{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="{searchTerms} - Google Search"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

{A415D7DA-9F56-467A-870E-508914FA9156} Google Url="{searchTerms} - Google Search"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-709391076-3668097275-2558483745-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Patrick\Desktop\ComboFix.exe - Snelkoppeling.lnk - C:\Users\Patrick\Downloads\ComboFix.exe

C:\Users\Patrick\Desktop\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

C:\Users\Patrick\Desktop\HiJackThis.lnk - C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AVG 2013.lnk - C:\Program Files\AVG\AVG2013\avgui.exe

C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Patrick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk - C:\Program Files\AVG\AVG2013\avgui.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Studio Manager.lnk - C:\Program Files\Common Files\DVDVideoSoft\FreeStudioManager.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files\Common Files\DVDVideoSoft\bin\DVSSysReport.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Rocket Subscription.lnk - C:\Program Files\Common Files\DVDVideoSoft\bin\RocketSubscription\SubscriptionOffer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files\Common Files\DVDVideoSoft\lib\Uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Verwijder Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe

==== Reset IE Proxy ======================

Value(s) before fix:

"ProxyOverride"="*.local"

"ProxyEnable"=dword:00000000

Value(s) after fix:

"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [smpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DEXTIYTVIFQVGT - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\DEXTIYTVIFQVGT.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GQB - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\GQB.exe

O23 - Service: GTXZIVEZUNPXFZJ - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\GTXZIVEZUNPXFZJ.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: KJFT - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\KJFT.exe

O23 - Service: LF - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\LF.exe

O23 - Service: MHYTWUPJHGWXYUCAV - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\MHYTWUPJHGWXYUCAV.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

O23 - Service: OJXCXURF - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\OJXCXURF.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: VQEPQYDF - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\VQEPQYDF.exe

O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

O23 - Service: WSODVILX - Sysinternals - www.sysinternals.com - C:\Users\Patrick\AppData\Local\Temp\WSODVILX.exe

==== Silent Runners ======================

"Silent Runners.vbs", revision 69, Silent Runners - Adware? Disinfect, don't reformat!

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [Google Inc.]

ehTray.exe = C:\Windows\ehome\ehTray.exe [MS]

SmpcSys = C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [Packard Bell BV]

WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

RtHDVCpl = RtHDVCpl.exe [Realtek Semiconductor]

SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [synaptics, Inc.]

SmpcSys = C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [Packard Bell BV]

IgfxTray = C:\Windows\system32\igfxtray.exe [intel Corporation]

HotKeysCmds = C:\Windows\system32\hkcmd.exe [intel Corporation]

Persistence = C:\Windows\system32\igfxpers.exe [intel Corporation]

Skytel = Skytel.exe [Realtek Semiconductor Corp.]

AppleSyncNotifier = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [Apple Inc.]

NokiaMServer = C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [Nokia]

vProt = "C:\Program Files\AVG Secure Search\vprot.exe" [file not found]

Reader Library Launcher = C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [sony Corporation]

CanonMyPrinter = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [CANON INC.]

CanonSolutionMenuEx = C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [CANON INC.]

AVG_UI = "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.]

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub

-> {HKLM.CLSID} = Adobe PDF Link Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Symantec NCO BHO

-> {HKLM.CLSID} = Symantec NCO BHO

\InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [symantec Corporation]

{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Symantec Intrusion Prevention

-> {HKLM.CLSID} = Symantec Intrusion Prevention

\InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL [symantec Corporation]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM.CLSID} = SSVHelper Class

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\ssv.dll [Oracle Corporation]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM.CLSID} = Windows Live Aanmelden - Help

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)

-> {HKLM.CLSID} = Google Toolbar Helper

\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)

-> {HKLM.CLSID} = Google Toolbar Notifier BHO

\InProcServer32\(Default) = C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [Google Inc.]

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\(Default) = Google Dictionary Compression sdch

-> {HKLM.CLSID} = Google Dictionary Compression sdch

\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Inc.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM.CLSID} = Java Plug-In 2 SSV Helper

\InProcServer32\(Default) = C:\Program Files\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}\(Default) = ChromeFrame BHO

-> {HKLM.CLSID} = ChromeFrame BHO

\InProcServer32\(Default) = C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll [Google Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [synaptics, Inc.]

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search

-> {HKLM.CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office12\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler

-> {HKLM.CLSID} = Microsoft Office Metadata Handler

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler

-> {HKLM.CLSID} = Microsoft Office Thumbnail Handler

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler

-> {HKLM.CLSID} = CLSID_WLMCMimeFilter

\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)

-> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim

-> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim

-> {HKLM.CLSID} = Windows Live Photo Gallery Editor Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim

-> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} = NeroCoverEd Live Icons

-> {HKLM.CLSID} = NeroCoverEdLiveIcons Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG]

{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} = Nokia Phone Browser

-> {HKLM.CLSID} = Nokia Phone Browser

\InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia]

{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} = jetAudio

-> {HKLM.CLSID} = JetFlExt Class

\InProcServer32\(Default) = C:\Program Files\JetAudio\JetFlExt.dll [COWON America]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension

-> {HKLM.CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes

-> {HKLM.CLSID} = iTunes

\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}

-> {HKLM.CLSID} = Microsoft Office InfoPath XML Mime Filter

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> gcf\CLSID = {9875BFAF-B04D-445E-8A69-BE36838CDE3E}

-> {HKLM.CLSID} = ChromeProtocol Class

\InProcServer32\(Default) = C:\Program Files\Google\Chrome Frame\Application\25.0.1364.97\npchrome_frame.dll [Google Inc.]

<<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS]

<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}

-> {HKLM.CLSID} = HxProtocol Class

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]

<<!>> ms-itss\CLSID = {0A9007C0-4076-11D3-8789-0000F8105754}

-> {HKLM.CLSID} = Microsoft Infotech Storage Protocol for IE 4.0

\InProcServer32\(Default) = c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [MS]

<<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS]

<<!>> symres\CLSID = {AA1061FE-6C41-421f-9344-69640C9732AB}

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [symantec Corporation]

<<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0}

-> {HKLM.CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler

\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

-> {HKLM.CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

Cover Designer\(Default) = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}

-> {HKLM.CLSID} = NeroCoverEdContextMenu Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG]

LavasoftShellExt\(Default) = {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}

-> {HKLM.CLSID} = Lavasoft Shell Extension

\InProcServer32\(Default) = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll [file not found]

PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE}

-> {HKLM.CLSID} = ContextMenuHandler Class

\InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}

-> {HKLM.CLSID} = IEContextMenu Class

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\16.8.3.6\NavShExt.dll" [symantec Corporation]

{100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided)

-> {HKLM.CLSID} = NBShellHook Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4}

-> {HKLM.CLSID} = NBShellHook Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM.CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

jetAudio\(Default) = {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}

-> {HKLM.CLSID} = JetFlExt Class

\InProcServer32\(Default) = C:\Program Files\JetAudio\JetFlExt.dll [COWON America]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Nokia\(Default) = {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}

-> {HKLM.CLSID} = Nokia Phone Browser

\InProcServer32\(Default) = C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}

-> {HKLM.CLSID} = GraphicsShellExt Class

\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info

-> {HKLM.CLSID} = PDF Shell Extension

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

-> {HKLM.CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

jetAudio\(Default) = {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}

-> {HKLM.CLSID} = JetFlExt Class

\InProcServer32\(Default) = C:\Program Files\JetAudio\JetFlExt.dll [COWON America]

LavasoftShellExt\(Default) = {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}

-> {HKLM.CLSID} = Lavasoft Shell Extension

\InProcServer32\(Default) = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll [file not found]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM.CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}

-> {HKLM.CLSID} = IEContextMenu Class

\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\16.8.3.6\NavShExt.dll" [symantec Corporation]

{100BD527-7304-4b7f-BEE2-26D97B04EBA4}\(Default) = (no title provided)

-> {HKLM.CLSID} = NBShellHook Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = {100BD527-7304-4b7f-BEE2-26D97B04EBA4}

-> {HKLM.CLSID} = NBShellHook Class

\InProcServer32\(Default) = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

Wallpaper = C:\Windows\web\Wallpaper\img24.jpg

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

Wallpaper = C:\Windows\web\Wallpaper\img24.jpg

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

SCRNSAVE.EXE = C:\Windows\system32\logon.scr [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ApplianMPPlayCDAudioOnArrival\

Provider = Applian FLV and Media Player

InvokeProgID = ApplianMP.CDAudio

InvokeVerb = Open

HKLM\SOFTWARE\Classes\ApplianMP.CDAudio\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file cdda://%1 [Applian Technologies Inc]

ApplianMPPlayDVDAudioOnArrival\

Provider = Applian FLV and Media Player

InvokeProgID = ApplianMP.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\ApplianMP.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --one-instance %1 [Applian Technologies Inc]

ApplianMPPlayDVDMovieOnArrival\

Provider = Applian FLV and Media Player

InvokeProgID = ApplianMP.DVDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\ApplianMP.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file dvd://%1 [Applian Technologies Inc]

ApplianMPPlayMusicFilesOnArrival\

Provider = Applian FLV and Media Player

InvokeProgID = ApplianMP.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\ApplianMP.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --one-instance %1 [Applian Technologies Inc]

ApplianMPPlaySVCDMovieOnArrival\

Provider = Applian FLV and Media Player

InvokeProgID = ApplianMP.SVCDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\ApplianMP.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file vcd://%1 [Applian Technologies Inc]

ApplianMPPlayVCDMovieOnArrival\

Provider = Applian FLV and Media Player

InvokeProgID = ApplianMP.VCDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\ApplianMP.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file vcd://%1 [Applian Technologies Inc]

ApplianMPPlayVideoFilesOnArrival\

Provider = Applian FLV and Media Player

InvokeProgID = ApplianMP.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\ApplianMP.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --one-instance %1 [Applian Technologies Inc]

iTunesBurnCDOnArrival\

Provider = iTunes

InvokeProgID = iTunes.BurnCD

InvokeVerb = burn

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ImportSongsOnCD

InvokeVerb = import

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.PlaySongsOnCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ShowSongsOnCD

InvokeVerb = showsongs

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

JABurnCDAudioOnArrival\

Provider = jetAudio

InvokeProgID = jetAudio.MediaHandler

InvokeVerb = burncd

HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\burncd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /burncd "%1" [COWON America]

JACreateAlbumOnArrival\

Provider = jetAudio

InvokeProgID = jetAudio.MediaHandler

InvokeVerb = createalbum

HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\createalbum\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /createalbum "%1" [COWON America]

JAPlayCDAudioOnArrival\

Provider = jetAudio

InvokeProgID = jetAudio.MediaHandler

InvokeVerb = playcd

HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playcd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /playcd "%1" [COWON America]

JAPlayDVDMovieOnArrival\

Provider = jetAudio

InvokeProgID = jetAudio.MediaHandler

InvokeVerb = playdvd

HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playdvd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /playdvd "%1" [COWON America]

JAPlayMediaOnArrival\

Provider = jetAudio

InvokeProgID = jetAudio.MediaHandler

InvokeVerb = playmedia

HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playmedia\DropTarget\CLSID = {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}

-> {HKLM.CLSID} = JetFlExt Class

\InProcServer32\(Default) = C:\Program Files\JetAudio\JetFlExt.dll [COWON America]

JAPlaySVCDMovieOnArrival\

Provider = jetAudio

InvokeProgID = jetAudio.MediaHandler

InvokeVerb = playvcd

HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1" [COWON America]

JAPlayVCDMovieOnArrival\

Provider = jetAudio

InvokeProgID = jetAudio.MediaHandler

InvokeVerb = playvcd

HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1" [COWON America]

JARipCDAudioOnArrival\

Provider = jetAudio

InvokeProgID = jetAudio.MediaHandler

InvokeVerb = ripcd

HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\ripcd\command\(Default) = "C:\Program Files\JetAudio\jetAudio.exe" /ripcd "%1" [COWON America]

MSLivePhotoAcqHWEventHandler\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;nl-nl.8051.1204

ProgID = Microsoft.LivePhotoAcqHWEventHandler

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}

-> {HKLM.CLSID} = (no title provided)

\LocalServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [MS]

MSLivePhotoAcquireDropHandler\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;nl-nl.8051.1204

InvokeProgID = Microsoft.LivePhotoAcqDTShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}

-> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

MSLiveShowPicturesOnArrival\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10;nl-nl.8051.1204

InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1

InvokeVerb = open

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}

-> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim

\InProcServer32\(Default) = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

MSLiveVideoCameraArrivalCaptureWizard\

Provider = @%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10

ProgID = WLXAutoPlayMgr.WLXHWEventHandler

InitCmdLine = WLXVideoAcquireWizard

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = {9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}

-> {HKLM.CLSID} = WLXWEventHandler Class

\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe" [MS]

NeroAutoPlay8CDAudio\

Provider = Nero Express

InvokeProgID = Nero.AutoPlay8

InvokeVerb = CDAudio_HandleCDBurningOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD [Nero AG]

NeroAutoPlay8CopyCD\

Provider = Nero Express

InvokeProgID = Nero.AutoPlay8

InvokeVerb = CopyCD_PlayMusicFilesOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /Dialog:DiscCopy [Nero AG]

NeroAutoPlay8DataDisc_CD\

Provider = Nero Express

InvokeProgID = Nero.AutoPlay8

InvokeVerb = DataDisc_CD_HandleCDBurningOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L [Nero AG]

NeroAutoPlay8DataDisc_DVD\

Provider = Nero Express

InvokeProgID = Nero.AutoPlay8

InvokeVerb = DataDisc_DVD_HandleDVDBurningOnArrival

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L [Nero AG]

NokiaOviSuite\

Provider = Nokia Ovi Suite

ProgID = Nokia.OviSuite

InitCmdLine = -autoplay

HKLM\SOFTWARE\Classes\Nokia.OviSuite\CLSID\(Default) = {27F341A3-9735-41a3-AC51-75734826845F}

-> {HKLM.CLSID} = Nokia Ovi Suite

\LocalServer32\(Default) = C:/Program Files/Nokia/Nokia Ovi Suite/NokiaOviSuite.exe [Nokia]

Picasa2ImportPicturesOnArrival\

Provider = Picasa3

InvokeProgID = picasa2.autoplay

InvokeVerb = import

HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files\Google\Picasa3\Picasa3.exe "%1" [Google Inc.]

WIA_{22C3F354-C493-4222-977B-E1C514BCB7A0}\

Provider = Picasa3

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2;

-> {HKLM.CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{E59B3AA6-5C0C-46F9-899E-DC90235E87DD}\

Provider = MP Navigator EX Ver5.0

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine = /WiaCmd;C:\Program Files\Canon\MP Navigator EX 5.0\mpnex50.exe /StiDevice:%1 /StiEvent:%2;

-> {HKLM.CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

Startup items in "Patrick" & "All Users" startup folders:

---------------------------------------------------------

C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}

OneNote 2007 Schermopname en Snel starten -> shortcut to: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS]

Windows Sidebar Gadgets: {++}

------------------------

C:\Users\Patrick\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

%PROGRAMFILES%\windows sidebar\gadgets\Clock.gadget

%PROGRAMFILES%\windows sidebar\gadgets\SlideShow.Gadget

%PROGRAMFILES%\windows sidebar\gadgets\RSSFeeds.Gadget

%25PROGRAMFILES%25%5Cwindows%20sidebar%5Cshared%20gadgets%5CPBCalc.Gadget

%25PROGRAMFILES%25%5Cwindows%20sidebar%5Cshared%20gadgets%5CPBClock.Gadget

Non-disabled Scheduled Tasks: {++}

-----------------------------

C:\Windows\System32\Tasks

Ad-Aware Update (Weekly) -> launches: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair [file not found]

Adobe Flash Player Updater -> launches: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]

Adobe-online actualiseringsprogramma -> launches: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated]

CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS]

GoogleUpdateTaskMachineCore -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskMachineUA -> launches: C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

C:\Windows\System32\Tasks\Apple

AppleSoftwareUpdate -> launches: C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}

-> {HKLM.CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler

\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM.CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM.CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

UserTask-Roam -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}

-> {HKLM.CLSID} = Certificate Services Client Task Handler

\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]

OptinNotification -> launches: %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

ManualDefrag -> launches: %windir%\system32\defrag.exe \\?\Volume{2666d14b-8079-11de-83da-806e6f6e6963}\ \\?\Volume{2666d14c-8079-11de-83da-806e6f6e6963}\ [MS]

ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c -i [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]

mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) -gc [MS]

OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]

OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [MS]

UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

-> {HKLM.CLSID} = HotStart User Agent

\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

TMM -> launches: {35EF4182-F900-4632-B072-8639E4478A61}

-> {HKLM.CLSID} = Transient Multi-Monitor Manager

\InProcServer32\(Default) = C:\Windows\System32\TMM.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

-> {HKLM.CLSID} = Microsoft PlaySoundService Class

\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection

NAPStatus UI -> launches: {f09878a1-4652-4292-aa63-8c7d4fd7648f}

-> {HKLM.CLSID} = Nap ITask Handler Implementation

\InProcServer32\(Default) = C:\Windows\System32\QAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

RACAgent -> (HIDDEN!) launches: %windir%\system32\RacAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell

CrawlStartPages -> launches: {51653423-e62d-4ff7-894a-dabb2b8e21e2}

-> {HKLM.CLSID} = CrawlStartPages Task Handler

\InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}

-> {HKLM.CLSID} = GadgetsManager Class

\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

IpAddressConflict1 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]

IpAddressConflict2 -> launches: rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

WSHReset -> (HIDDEN!) launches: %systemroot%\system32\netsh.exe interface tcp set heuristic wsh=default [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}

-> {HKLM.CLSID} = MsCtfMonitor task handler

\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}

-> {HKLM.CLSID} = DiagnosticInfrastructureCustomHandler

\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wired

GatherWiredInfo -> launches: %windir%\system32\gatherWiredInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Wireless

GatherWirelessInfo -> launches: %windir%\system32\gatherWirelessInfo.vbs [null data]

C:\Windows\System32\Tasks\WPD

SqmUpload_S-1-5-21-709391076-3668097275-2558483745-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]

000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]

000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]

000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 24

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

-> {HKLM.CLSID} = Norton Toolbar

\InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [symantec Corporation]

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

-> {HKLM.CLSID} = Google Toolbar

\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar

-> {HKLM.CLSID} = Norton Toolbar

\InProcServer32\(Default) = C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [symantec Corporation]

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)

-> {HKLM.CLSID} = Google Toolbar

\InProcServer32\(Default) = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{6C97EE7A-B5F9-49A9-A6B0-C34C7849A6B2}\(Default) = DVDVideoSoftTB Findbar

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll [file not found]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Onderzoeken

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

ButtonText = In weblog opnemen

MenuText = &In weblog opnemen met Windows Live Writer

CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}

-> {HKLM.CLSID} = BlogThisToolbarButton Class

\InProcServer32\(Default) = C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{2670000A-7350-4F3C-8081-5663EE0C6C49}\

ButtonText = Verzenden naar OneNote

MenuText = Verz&enden naar OneNote

CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}

-> {HKLM.CLSID} = Send to OneNote from Internet Explorer button

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

ButtonText = Research

BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

-> {HKLM.CLSID} = &Onderzoeken

\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]

AVG WatchDog, avgwd, "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.]

Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]

Easybits Shared Services for Windows, ezSharedSvc, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\System32\ezsvc7.dll [EasyBits Sofware AS]}

Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [Nero AG]

Norton Internet Security, Norton Internet Security, "C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll" /prefetch:1 [symantec Corporation]

PLFlash DeviceIoControl Service, PLFlash DeviceIoControl Service, C:\Windows\system32\IoctlSvc.exe [Prolific Technology Inc.]

TomTomHOMEService, TomTomHOMEService, C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [TomTom]

vToolbarUpdater14.2.0, vToolbarUpdater14.2.0, C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [null data]

Safe Mode Drivers & Services (subkey name, subkey default value):

-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> SymEFA.sys, FSFilter Activity Monitor

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> SymEFA.sys, FSFilter Activity Monitor

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor MG3100 series\Driver = CNMLMAR.DLL [CANON INC.]

Canon BJNP Port\Driver = CNMNPPM.DLL [CANON INC.]

PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company]

Send To Microsoft OneNote Monitor\Driver = msonpmon.dll [MS]

==== Empty IE Cache ======================

C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Patrick\AppData\Local\Mozilla\Firefox\Profiles\obrtnenv.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Patrick\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.