Ga naar inhoud

politievirus


Aanbevolen berichten

Mijn laptop is besmet geraakt met het politievirus. In veilige modus blijft het scherm met het politievirus gewoon staan. Het probleem is echter dat ik niets kan openen, enkel het start menu. Gelijk wat ik open, het politievirus blijft op de voorgrond staan. Ik heb nooit op iets geklikt wat het zou kunnen installeren en al mijn virusscanners hebben het ook niet gezien (of te laat gezien).

Het voornaamste is vooral dat ik mijn bestanden kan recupereren. Van de helft bestaat een back up, de andere helft niet.

Valt hier nog iets aan te doen?

Link naar reactie
Delen op andere sites

Download "HitmanPro" via de onderstaande link bijvoorbeeld naar het bureaublad op een niet geïnfecteerde computer

Klik hier om de uitgebreide handleiding te raadplegen

Klik hier om de handleiding voor het uitvoeren van HitmanPro.Kickstart via een Boot-CD


  • HitmanPro downloaden.(Kies hier de 32 of 64 bit versie).

    [*] Dubbelklik op HitmanPro36.exe of HitmanPro36_64.exe om het programma op te starten.

    [*] Klik in het beginscherm op de "Kickstartknop" zoals u kunt zien in het onderstaande rode kader.

    hmpks-a.jpg

    [*] Indien er reeds een USB-stick is aangesloten zal HitmanPro Kickstart deze automatisch herkennen en weergeven.

    [*] Klik deze USB-stick éénmaal aan waarna u de keuze krijgt om Kickstart te installeren op de USB-stick.

  • Voordat HitmanPro.Kickstart wordt geïnstalleerd wordt de USB-stick opnieuw geformatteerd.

  • Waarschuwing! Bij het opnieuw formatteren gaan alle gegevens verloren die op de USB-stick zijn opgeslagen.


  • Nadat de HitmanPro Kickstart USB-stick is aangemaakt zal deze automatisch “veilig verwijderd” worden van het betreffende systeem waarop deze is aangemaakt.

  • Start de geïnfecteerde computer op van de HitmanPro.Kickstart USB-stick. (Hoe u de computer van een USB-stick kunt opstarten lees u hier)


  • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"

  • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.

  • Als de scan klaar is klik je op "volgende"

  • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.

  • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.

  • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
    Post dit logje.

  • Klik nu op de knop "Herstarten".

aangepast door kape
Link naar reactie
Delen op andere sites

Fantastisch, het werkt :) Mijn pc doet het weer.

Wat ik wel niet wist was dat je bij het herstarten de instellingen terug naar HDD moest zetten. Ben maar een leek op het gebied van dit soort zaken. OP de pc werken allemaal goed en wel, tot er iets fout loopt...

Ik had dat logje opgeslagen. Probleem is dat ik dit nergens meer terug kan vinden. Ik had geen keuze voor op te slaan en heb gewoon op "ok" geklikt, niet wetend waar het terug te vinden.

Hoe kun je dit in de toekomst eigenlijk vermijden? Ik heb AVG en spybot maar die hadden niets gezien.

Link naar reactie
Delen op andere sites

Naar mijn bescheiden mening bijna niet te vermijden. :(

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  1. Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  2. Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik vervolgens op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
    
    
    emptyclsid; 
    emptyfolderscheck;delete
    firefoxlook; 
    Chromelook; 
    CHRdefaults;
    autoclean; 
    iedefaults; 
    filesrcm;
    
    
    


  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Link naar reactie
Delen op andere sites

Na een half uur start het, maar wanneer de pc herstart krijg ik enkel een zwart scherm en gaat hij niet meer aan. Dan moet ik hem opnieuw opstarten. Wanneer ik dan zoek.exe open is er niets meer te zien.

Denk dat er nog wat andere vuiligheid op zit dan dat politievirus.

Link naar reactie
Delen op andere sites

Als hij wel gescand heeft dan moet er ook een logje zijn, zoek eens op je C schijf.

ondertussen wil je misschien deze doen?

Download 51a5d669693dd-icon_OTL.pngOTL naar je bureaublad.

  • Dubbelklik op "OTL.exe" om de tool te starten.
  • Wanneer er een melding verschijnt van het gebruikersaccountbeheer klik dan op "Ja / Yes".
  • Vink bovenin OTL de optie "Scan all users" aan.
  • Klik nu op de knop "Run Scan" 511b6947e8e98-runscan.png.
  • Wanneer OTL gereed is zullen er twee log bestanden worden geopend (Deze worden tevens op dezelfde locatie opgeslagen als waar OTL is uitgevoerd).
  • Voeg beide bestanden nu als bijlage toe aan het volgende bericht.

Link naar reactie
Delen op andere sites

Is dat deze log?

Zoek.exe Version 4.0.0.5 Updated 17-October-2013

Tool run by Olav on zo 20/10/2013 at 21:33:07,80.

Microsoft® Windows Vista™ Home Basic 6.0.6001 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Olav\Desktop\zoek\zoek.exe [script inserted]

==== System Restore Info ======================

20/10/2013 22:03:54 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully

C:\Program Files\Power4Gear eXtreme deleted successfully

C:\Program Files\Yontoo Layers Runtime deleted successfully

C:\ProgramData\Babylon deleted successfully

C:\ProgramData\CanonEPP deleted successfully

C:\ProgramData\CanonIJEPPEX2 deleted successfully

C:\Users\Olav\AppData\Roaming\Lite deleted successfully

C:\Users\Olav\AppData\Roaming\Riege deleted successfully

C:\Users\Olav\AppData\Local\PackageAware deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Program Files\BabylonToolbar deleted

C:\Program Files\Free Offers from Freeze.com deleted

C:\Program Files\DealPly deleted

C:\Program Files\DealPlyLive deleted

C:\Program Files\WhiteSmoke_New_V6 deleted

C:\Users\Olav\AppData\Roaming\Babylon deleted

C:\Users\Olav\AppData\Roaming\Dealply deleted

C:\ProgramData\Ask deleted

C:\ProgramData\Conduit deleted

C:\ProgramData\DealPlyLive deleted

C:\ProgramData\WindowsSearch deleted

C:\ProgramData\Tarma Installer deleted

C:\Users\Olav\AppData\Local\iMesh deleted

C:\Users\Olav\AppData\Local\DealPlyLive deleted

C:\Users\Olav\AppData\Local\Babylon deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue deleted

C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly deleted

C:\Users\Olav\AppData\LocalLow\mediabarim deleted

C:\Users\Olav\AppData\LocalLow\AskToolbar deleted

C:\Users\Olav\AppData\LocalLow\BabylonToolbar deleted

C:\Users\Olav\AppData\LocalLow\PriceGong deleted

C:\Users\Olav\AppData\LocalLow\Conduit deleted

C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted

C:\user.js deleted

C:\END deleted

C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted

"C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe" deleted

"C:\Program Files\Ask.com\Updater\Updater.exe" deleted

"C:\Users\Olav\AppData\Roaming\Uniblue\RegistryBooster\monitor.log" not deleted

"C:\Program Files\iMesh Applications" deleted

"C:\Program Files\Ask.com" deleted

"C:\Users\Olav\AppData\Roaming\Uniblue" not deleted

"C:\Program Files\iMesh Applications\MediaBar" deleted

"C:\Program Files\iMesh Applications\MediaBar\Datamngr" deleted

"C:\Program Files\Ask.com\Updater" deleted

"C:\Users\Olav\AppData\Roaming\Uniblue\RegistryBooster" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\Olav\AppData\Local\Temp ====

====== Java Cache =====

2013-10-17 21:23:01 EFBF366F3DE8E24E822444EA094D190E 8738 ----a-w- C:\Users\Olav\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\60266dd5-6ae76b84

====== C:\Windows\system32 =====

2013-10-19 19:53:13 36176A59DB516C54B535F6C471D5EAA8 554 ----a-w- C:\Windows\System32\.crusader

====== C:\Windows\system32\drivers =====

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-10-02 16:10:42 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft

2013-10-02 16:10:41 -------- d-----w- C:\Program Files\DVDVideoSoft

======= C: =====

====== C:\Users\Olav\AppData\Roaming ======

2013-10-20 10:43:32 -------- d-----w- C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD

2013-10-02 16:13:00 -------- d-----w- C:\Users\Olav\AppData\Locallow\WhiteSmoke_New_V6

2013-10-02 16:12:52 -------- d-----w- C:\Users\Olav\AppData\Locallow\Temp

2013-10-02 16:10:42 -------- d-----w- C:\Users\Olav\AppData\Roaming\DVDVideoSoft

====== C:\Users\Olav ======

2013-10-19 19:37:34 -------- d-----w- C:\ProgramData\HitmanPro

2013-10-17 21:23:09 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\ProgramData\mqr8zjjw.ctrl

2013-10-17 21:23:07 AE4DAB569DA7007318B7897AD24C7EE4 95025368 ----atw- C:\ProgramData\mqr8zjjw.pff

2013-09-22 09:41:54 2F43069A98F9590595A1B434F80864AE 2693 ----a-w- C:\Users\Olav\.recently-used.xbel

====== C: exe-files ==

=== C: other files ==

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4" [10/04/2013 16:12]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx[09/09/2011 03:11]

niapdbllcanepiiimjjndipklodoedlc - C:\Users\Olav\AppData\Local\Temp\YontooLayers.crx[30/09/2011 19:27]

DealPly Shopping - Olav - Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi

==== Chrome Fix ======================

C:\Users\Olav\AppData\Local\Temp\YontooLayers.crx deleted successfully

C:\Users\Olav\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="HLN.be, Nieuws, sport en showbizz, 24/24, 7/7, meer dan 350 nieuwsupdates per dag"

"Default_Page_URL"="ASUS"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="ASUS"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!"

"Start Page"="HLN.be, Nieuws, sport en showbizz, 24/24, 7/7, meer dan 350 nieuwsupdates per dag"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_USERS\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Olav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Olav\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Olav\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Olav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Olav\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

Link naar reactie
Delen op andere sites

OTL logfile created on: 23/10/2013 21:17:30 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olav\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,94% Memory free

6,20 Gb Paging File | 4,17 Gb Available in Paging File | 67,28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,52 Gb Total Space | 18,04 Gb Free Space | 24,20% Space Free | Partition Type: NTFS

Drive D: | 64,76 Gb Total Space | 51,10 Gb Free Space | 78,91% Space Free | Partition Type: NTFS

Drive E: | 268,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC_VAN_OLAV | User Name: Olav | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/23 21:16:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olav\Desktop\OTL.exe

PRC - [2013/10/09 23:32:08 | 000,310,352 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2013/10/09 19:16:17 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

PRC - [2013/04/24 05:30:28 | 000,483,864 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

PRC - [2013/04/24 05:26:56 | 000,740,888 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe

PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/11/15 05:38:24 | 000,087,944 | ---- | M] (SafeApp Software, LLC) -- C:\Program Files\Computer Updater\ComputerUp-daterService.exe

PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/09/06 04:02:20 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2011/08/04 15:41:44 | 001,637,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

PRC - [2011/07/19 05:53:07 | 002,567,272 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2011/06/02 11:42:53 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2011/01/17 17:54:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011/01/17 17:54:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/04/03 04:09:50 | 000,087,336 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

PRC - [2007/12/12 01:13:22 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe

PRC - [2007/12/04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe

PRC - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/11/29 02:39:36 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe

PRC - [2007/11/13 19:17:14 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2007/11/05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe

PRC - [2007/10/31 06:35:57 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/10/18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

PRC - [2007/10/03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe

PRC - [2007/09/01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe

PRC - [2007/08/15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe

PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007/08/03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

PRC - [2007/07/06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe

PRC - [2007/05/18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2006/11/22 11:31:25 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2005/07/07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/23 13:41:36 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

MOD - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe

MOD - [2007/10/18 04:04:00 | 007,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe

MOD - [2007/08/14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll

MOD - [2007/07/12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007/07/12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

MOD - [2007/06/15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

MOD - [2007/06/02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

MOD - [2006/11/22 11:31:29 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56ita.dll

MOD - [2006/11/22 11:31:29 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56esp.dll

MOD - [2006/11/22 11:31:29 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56brz.dll

MOD - [2006/11/22 11:31:29 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56kor.dll

MOD - [2006/11/22 11:31:27 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56ger.dll

MOD - [2006/11/22 11:31:27 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56fra.dll

MOD - [2006/11/22 11:31:27 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll

MOD - [2006/11/22 11:31:27 | 000,057,344 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll

MOD - [2006/11/22 11:31:27 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56cht.dll

MOD - [2006/11/22 11:31:27 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56chs.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)

SRV - [2013/10/09 19:16:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/04/24 05:30:28 | 000,483,864 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/11/15 05:38:24 | 000,087,944 | ---- | M] (SafeApp Software, LLC) [Auto | Running] -- C:\Program Files\Computer Updater\ComputerUp-daterService.exe -- (ComputerUpdater Service)

SRV - [2011/09/06 04:02:20 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/10/23 14:23:50 | 000,548,864 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)

SRV - [2007/10/03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/08/03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2007/05/18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070820.048\NAVEX15.SYS -- (NAVEX15)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070820.048\NAVENG.SYS -- (NAVENG)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2008/04/08 12:06:54 | 000,036,224 | ---- | M] (MAGIX) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualdisk.sys -- (VirtualDisk)

DRV - [2008/04/04 18:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disksec.sys -- (DiskSec)

DRV - [2007/12/06 22:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/08/11 05:19:26 | 000,029,752 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)

DRV - [2007/08/09 05:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/08/03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV - [2007/07/30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

DRV - [2007/07/13 10:18:19 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2007/02/12 17:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2007/01/24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2006/12/14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2006/11/22 11:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS

IE - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HLN.be, Nieuws, sport en showbizz, 24/24, 7/7, meer dan 350 nieuwsupdates per dag

IE - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found

IE - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = {searchTerms} - Bing

IE - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = {searchTerms} - Google Search}

IE - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/10 16:12:08 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE File not found

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe ()

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Foto_Video_easy_3\Trayserver.exe (MAGIX AG)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)

O4 - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mqr8zjjw.lnk = File not found

O4 - Startup: C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O7 - HKU\S-1-5-21-1769234350-1569753721-1419831171-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.130 195.130.131.130

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81A3B69C-A031-4978-BFA7-754A0743AD3A}: DhcpNameServer = 195.130.130.130 195.130.131.130

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2F8B54C-2447-4EC9-A6C1-95013A9689DE}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - File not found

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [1999/01/10 02:00:02 | 000,000,961 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\ar32e301\command - "" = E:\GOODIES\AR32E301.EXE -- [1998/07/30 20:29:20 | 004,018,104 | R--- | M] ()

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AOESETUP.EXE -- [1999/01/10 02:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\directx\command - "" = E:\DIRECTX\DXSETUP.EXE -- [1998/07/30 03:00:06 | 000,086,528 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\dplay\command - "" = E:\DIRECTX\DPLAY60A.EXE -- [1998/09/01 21:37:02 | 000,255,744 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\dxdiag\command - "" = E:\DIRECTX\DXDIAG.EXE -- [1998/07/30 03:00:06 | 000,286,480 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\dxinfo\command - "" = E:\DIRECTX\DXINFO.EXE -- [1998/07/30 03:00:06 | 000,309,760 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\dxtest\command - "" = E:\GOODIES\DIRECTX\DX5TEST.EXE -- [1998/09/03 22:00:02 | 000,106,496 | R--- | M] ()

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\dxtool\command - "" = E:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997/07/14 19:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\msinfo\command - "" = E:\GOODIES\MSINFO\MSINFO32.EXE -- [1996/08/08 20:40:06 | 000,452,096 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\sampler\command - "" = E:\SAMPLER\SAMPLER.EXE -- [1997/06/30 23:11:52 | 000,014,403 | R--- | M] ()

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\setup\command - "" = E:\AOESETUP.EXE -- [1999/01/10 02:00:02 | 000,319,553 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{fa4c7fb3-3295-11dd-941b-806e6f6e6963}\Shell\zone\command - "" = E:\SAMPLER\DEMOS\ZONE\ZONEA501.EXE -- [1998/08/28 22:55:26 | 009,795,972 | R--- | M] ()

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/23 21:16:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olav\Desktop\OTL.exe

[2013/10/23 20:49:26 | 000,000,000 | ---D | C] -- C:\Users\Olav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD

[2013/10/20 22:46:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2

[2013/10/20 22:46:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP

[2013/10/20 22:45:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/10/20 22:41:05 | 000,000,000 | ---D | C] -- C:\Users\Olav\AppData\Roaming\Uniblue

[2013/10/20 22:25:28 | 000,000,000 | ---D | C] -- C:\Windows\Temp

[2013/10/20 22:25:28 | 000,000,000 | ---D | C] -- C:\Users\Olav\AppData\Local\Temp

[2013/10/20 21:19:41 | 000,000,000 | ---D | C] -- C:\Users\Olav\Desktop\zoek

[2013/10/19 21:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/10/02 18:10:42 | 000,000,000 | ---D | C] -- C:\Users\Olav\AppData\Roaming\DVDVideoSoft

[2013/10/02 18:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2013/10/02 18:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft

========== Files - Modified Within 30 Days ==========

[2013/10/23 21:16:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olav\Desktop\OTL.exe

[2013/10/23 21:16:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/10/23 20:52:56 | 140,950,488 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2013/10/23 20:50:35 | 000,005,972 | ---- | M] () -- C:\Users\Olav\AppData\Local\d3d9caps.dat

[2013/10/23 20:49:25 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe

[2013/10/23 20:49:08 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/10/23 20:49:08 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job

[2013/10/23 20:49:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/10/23 20:49:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/10/23 20:49:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/10/23 20:48:56 | 3212,042,240 | -HS- | M] () -- C:\hiberfil.sys

[2013/10/22 22:37:11 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/10/20 21:18:22 | 004,028,526 | ---- | M] () -- C:\Users\Olav\Desktop\zoek.zip

[2013/10/19 23:48:30 | 001,493,046 | ---- | M] () -- C:\Users\Olav\Documents\untitled.bmp

[2013/10/19 23:47:22 | 000,040,549 | ---- | M] () -- C:\Users\Olav\Documents\2ytyxwl.jpg

[2013/10/19 22:43:19 | 000,677,188 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2013/10/19 22:43:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/10/19 22:43:19 | 000,130,186 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2013/10/19 22:43:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/10/19 21:53:13 | 000,000,554 | ---- | M] () -- C:\Windows\System32\.crusader

[2013/10/19 21:37:44 | 095,025,368 | ---- | M] () -- C:\ProgramData\mqr8zjjw.pff

[2013/10/19 21:37:38 | 000,000,000 | ---- | M] () -- C:\ProgramData\mqr8zjjw.ctrl

[2013/10/17 18:48:02 | 000,343,121 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

[2013/10/09 19:16:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/10/09 19:16:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/10/05 17:36:39 | 216,157,167 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/10/04 17:36:13 | 000,103,472 | ---- | M] () -- C:\Users\Olav\Documents\ellen.jpg

========== Files Created - No Company Name ==========

[2013/10/20 21:18:19 | 004,028,526 | ---- | C] () -- C:\Users\Olav\Desktop\zoek.zip

[2013/10/19 23:48:38 | 000,040,549 | ---- | C] () -- C:\Users\Olav\Documents\2ytyxwl.jpg

[2013/10/19 23:48:30 | 001,493,046 | ---- | C] () -- C:\Users\Olav\Documents\untitled.bmp

[2013/10/19 21:53:13 | 000,000,554 | ---- | C] () -- C:\Windows\System32\.crusader

[2013/10/18 21:39:57 | 3212,042,240 | -HS- | C] () -- C:\hiberfil.sys

[2013/10/17 23:23:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\mqr8zjjw.ctrl

[2013/10/17 23:23:07 | 095,025,368 | ---- | C] () -- C:\ProgramData\mqr8zjjw.pff

[2013/10/04 17:38:26 | 000,103,472 | ---- | C] () -- C:\Users\Olav\Documents\ellen.jpg

[2013/09/22 11:41:54 | 000,002,693 | ---- | C] () -- C:\Users\Olav\.recently-used.xbel

[2013/08/17 21:46:19 | 000,000,341 | ---- | C] () -- C:\Windows\SIERRA.INI

[2011/11/30 17:24:18 | 000,005,972 | ---- | C] () -- C:\Users\Olav\AppData\Local\d3d9caps.dat

[2009/12/22 01:19:07 | 000,000,029 | ---- | C] () -- C:\Users\Olav\AppData\Roaming\default.rss

[2009/12/22 01:19:07 | 000,000,000 | ---- | C] () -- C:\Users\Olav\AppData\Roaming\downloads.m3u

[2009/02/12 23:53:51 | 000,066,048 | ---- | C] () -- C:\Users\Olav\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 04:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

< End of report >

- - - Updated - - -

OTL Extras logfile created on: 23/10/2013 21:17:30 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olav\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,94% Memory free

6,20 Gb Paging File | 4,17 Gb Available in Paging File | 67,28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,52 Gb Total Space | 18,04 Gb Free Space | 24,20% Space Free | Partition Type: NTFS

Drive D: | 64,76 Gb Total Space | 51,10 Gb Free Space | 78,91% Space Free | Partition Type: NTFS

Drive E: | 268,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC_VAN_OLAV | User Name: Olav | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{32B754B8-F5F7-48B1-96F9-327DF5969A24}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F4DE2FE9-6804-4A18-B420-D67AFFE479F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{26DDA011-0C7E-4471-AAA8-BC2F76CD8DB5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{3AE6FE2F-5C3A-4AF9-A52F-318AAE6BE7E7}" = dir=in | app=c:\program files\asustek\asusdvd\powerdvd.exe |

"{5305C29F-6775-4BDB-862C-4E40431D14B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{59C86D24-492B-4365-8B5A-CBAD3ADD4F73}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{6341C09A-9872-45BA-ABDC-8909793D0FA1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{6435B318-629D-4912-9D26-FCD0FDB2D0EF}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{6F6CE849-A3C8-4A99-942F-CBB7635A2517}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{7993BD4F-EE2B-458C-AF94-7CD8118EE20F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{8B74D02C-951A-42EB-A149-060187BC9F50}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{9197E29F-5B08-4B22-8C5B-1EAEBBCFF69E}" = protocol=6 | dir=in | app=c:\users\olav\appdata\local\temp\7zs4124.tmp\symnrt.exe |

"{9EDF987E-7B1E-4B53-ACB7-9B1292C17A09}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{AD89E7A6-5106-41E3-A606-28DBCB1090CD}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{B97A341B-F350-45B6-8C1D-658759FB30DF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{C2976CAC-0A81-4D81-8410-3C25088342BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C4DD5F41-75B5-4BC8-93F3-57C7963040F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{CD9D4055-CBC5-404A-A287-50B68248F505}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{D4A3906C-FA35-4FB8-B42A-7399E57FB1FC}" = protocol=17 | dir=in | app=c:\users\olav\appdata\local\temp\7zs4124.tmp\symnrt.exe |

"{E0BBEE5F-B6E4-4BFA-A9C8-13A7AE4EB562}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{E78FD651-2497-4AD5-A9E9-6D524420F2DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{E824DF16-AC58-4D52-B142-835EFD891C48}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{ECFD1C37-2D4D-42E3-BE41-06BD846EF1F2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{F9E482E7-F2A4-46CF-9A83-214D3C810E2A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{FA146F67-0302-4E8B-9D16-1A7B2B5DF307}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"TCP Query User{102D25D6-3DDF-4381-B4DC-E7256D10C2F6}D:\age of empires\empiresx.exe" = protocol=6 | dir=in | app=d:\age of empires\empiresx.exe |

"TCP Query User{214A61C4-3EFF-4718-8828-84A7F27AC245}C:\program files\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |

"TCP Query User{39AE5DF1-B4FC-4E88-8998-735D00315BD4}C:\program files\logivert\logivert.exe" = protocol=6 | dir=in | app=c:\program files\logivert\logivert.exe |

"TCP Query User{4C447843-2C9D-46FE-94FA-27B42FD459F2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"TCP Query User{9E145AD8-AFE4-4416-8EE1-5CAED2047AD4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{BECABC23-A4AC-4AB1-87F2-DCAB2828F0D0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{3089FDA9-A9B0-43EA-83B7-DF0B46E4BC28}C:\program files\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |

"UDP Query User{591B4FC5-8A68-44D6-B338-CF1664094D76}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{94459F2E-5948-48C3-9231-B5499FA18370}C:\program files\logivert\logivert.exe" = protocol=17 | dir=in | app=c:\program files\logivert\logivert.exe |

"UDP Query User{D56B9255-1B2F-4536-9CFF-3FF7E125F8A7}D:\age of empires\empiresx.exe" = protocol=17 | dir=in | app=d:\age of empires\empiresx.exe |

"UDP Query User{F2961BDF-6318-4CEE-B584-4AA080452E2C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F648D8CE-3615-4988-BA9F-0B672EBB6524}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000413-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1

"{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}" = PlayMemories Home

"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX370_series" = Canon MX370 series MP Drivers

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56504C77-8B9F-4EB2-B33B-C5B9F50B5D64}" = AVG 2011

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{801D6FFF-3710-4F4A-ACCA-3267DAF6248B}" = Super Architect 3D Zilver NexGen

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01

"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1043-7B44-A81200000003}" = Adobe Reader 8.1.2 - Nederlands

"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call

"{C3BAE9CC-EC6B-4B3E-80C1-C1EC29A09AF8}" = OpenOffice.org 3.3

"{CAC5A4CF-0800-4D0B-9DD6-A5BC2708D6D7}" = AVG 2011

"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials

"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold

"AVG" = AVG 2011

"BabylonToolbar" = Babylon toolbar on IE

"Canon MX370 series On-screen Manual" = Canon MX370 series On-screen Manual

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"Computer Updater" = Computer Updater

"DVD Shrink_is1" = DVD Shrink 3.2

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"Firebird SQL Server NL" = Firebird SQL Server - MAGIX Edition

"Free File Opener" = Free File Opener

"Gebruikersregistratie voor Canon MX370 series" = Gebruikersregistratie voor Canon MX370 series

"Half-Life" = Half-Life

"HDMI" = Intel® Graphics Media Accelerator Driver

"Home'Bank Light_is1" = Home'Bank Light 3.3.3

"iMesh 1 MediaBar" = MediaBar

"MAGIX Foto & Video easy 3 NL" = MAGIX Foto & Video easy 3 3.0.1.0 (NL)

"MAGIX Foto Manager 2008 NL" = MAGIX Foto Manager 2008 5.0.3.354 (NL)

"MAGIX MP3 Maker SE NL" = MAGIX MP3 Maker SE 9.0.3.439 (NL)

"MAGIX Screenshare NL" = MAGIX Screenshare 4.3.6.1987 (NL)

"MAGIX Speed 2 NL" = MAGIX Speed 2 3.0.0.8 (NL)

"MAGIX Xtreme Photo Designer 6 NL" = MAGIX Xtreme Photo Designer 6 6.0.24.0 (NL)

"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

"Mijn Budgetplanner 4.50" = Mijn Budgetplanner 4.50

"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1

"PrintParade Studio" = PrintParade Studio

"Sierra Utilities" = Sierra Utilities

"SMSERIAL" = Motorola SM56 Data Fax Modem

"Speed Dial Utility" = Canon Hulpprogramma Snelkiezen

"Synthesia" = Synthesia (remove only)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"The e-commerce logic_is1" = LogiVert 4.0

"Uniblue RegistryBooster" = Uniblue RegistryBooster

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 20/10/2013 16:48:39 | Computer Name = PC_van_Olav | Source = Windows Search Service | ID = 3013

Description =

Error - 20/10/2013 16:48:39 | Computer Name = PC_van_Olav | Source = Windows Search Service | ID = 3013

Description =

Error - 21/10/2013 10:19:23 | Computer Name = PC_van_Olav | Source = ComputerUpdater Service | ID = 109

Description = Error: Service started

Error - 21/10/2013 10:19:26 | Computer Name = PC_van_Olav | Source = WinMgmt | ID = 10

Description =

Error - 21/10/2013 16:37:14 | Computer Name = PC_van_Olav | Source = ComputerUpdater Service | ID = 109

Description = Error: Service started

Error - 21/10/2013 16:37:28 | Computer Name = PC_van_Olav | Source = WinMgmt | ID = 10

Description =

Error - 22/10/2013 11:22:22 | Computer Name = PC_van_Olav | Source = ComputerUpdater Service | ID = 109

Description = Error: Service started

Error - 22/10/2013 11:22:39 | Computer Name = PC_van_Olav | Source = WinMgmt | ID = 10

Description =

Error - 23/10/2013 14:49:09 | Computer Name = PC_van_Olav | Source = ComputerUpdater Service | ID = 109

Description = Error: Service started

Error - 23/10/2013 14:49:16 | Computer Name = PC_van_Olav | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 20/10/2013 16:45:04 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 20/10/2013 16:47:31 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 21/10/2013 10:19:19 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 21/10/2013 10:20:42 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 21/10/2013 16:37:07 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 21/10/2013 16:39:49 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 22/10/2013 11:22:18 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 22/10/2013 11:24:55 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 23/10/2013 14:49:06 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 23/10/2013 14:50:59 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

< End of report >

- - - Updated - - -

OTL Extras logfile created on: 23/10/2013 21:17:30 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olav\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,99 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 46,94% Memory free

6,20 Gb Paging File | 4,17 Gb Available in Paging File | 67,28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,52 Gb Total Space | 18,04 Gb Free Space | 24,20% Space Free | Partition Type: NTFS

Drive D: | 64,76 Gb Total Space | 51,10 Gb Free Space | 78,91% Space Free | Partition Type: NTFS

Drive E: | 268,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC_VAN_OLAV | User Name: Olav | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{32B754B8-F5F7-48B1-96F9-327DF5969A24}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F4DE2FE9-6804-4A18-B420-D67AFFE479F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{26DDA011-0C7E-4471-AAA8-BC2F76CD8DB5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{3AE6FE2F-5C3A-4AF9-A52F-318AAE6BE7E7}" = dir=in | app=c:\program files\asustek\asusdvd\powerdvd.exe |

"{5305C29F-6775-4BDB-862C-4E40431D14B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{59C86D24-492B-4365-8B5A-CBAD3ADD4F73}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{6341C09A-9872-45BA-ABDC-8909793D0FA1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{6435B318-629D-4912-9D26-FCD0FDB2D0EF}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{6F6CE849-A3C8-4A99-942F-CBB7635A2517}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{7993BD4F-EE2B-458C-AF94-7CD8118EE20F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{8B74D02C-951A-42EB-A149-060187BC9F50}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{9197E29F-5B08-4B22-8C5B-1EAEBBCFF69E}" = protocol=6 | dir=in | app=c:\users\olav\appdata\local\temp\7zs4124.tmp\symnrt.exe |

"{9EDF987E-7B1E-4B53-ACB7-9B1292C17A09}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{AD89E7A6-5106-41E3-A606-28DBCB1090CD}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{B97A341B-F350-45B6-8C1D-658759FB30DF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{C2976CAC-0A81-4D81-8410-3C25088342BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C4DD5F41-75B5-4BC8-93F3-57C7963040F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{CD9D4055-CBC5-404A-A287-50B68248F505}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{D4A3906C-FA35-4FB8-B42A-7399E57FB1FC}" = protocol=17 | dir=in | app=c:\users\olav\appdata\local\temp\7zs4124.tmp\symnrt.exe |

"{E0BBEE5F-B6E4-4BFA-A9C8-13A7AE4EB562}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{E78FD651-2497-4AD5-A9E9-6D524420F2DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{E824DF16-AC58-4D52-B142-835EFD891C48}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{ECFD1C37-2D4D-42E3-BE41-06BD846EF1F2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{F9E482E7-F2A4-46CF-9A83-214D3C810E2A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{FA146F67-0302-4E8B-9D16-1A7B2B5DF307}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"TCP Query User{102D25D6-3DDF-4381-B4DC-E7256D10C2F6}D:\age of empires\empiresx.exe" = protocol=6 | dir=in | app=d:\age of empires\empiresx.exe |

"TCP Query User{214A61C4-3EFF-4718-8828-84A7F27AC245}C:\program files\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |

"TCP Query User{39AE5DF1-B4FC-4E88-8998-735D00315BD4}C:\program files\logivert\logivert.exe" = protocol=6 | dir=in | app=c:\program files\logivert\logivert.exe |

"TCP Query User{4C447843-2C9D-46FE-94FA-27B42FD459F2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"TCP Query User{9E145AD8-AFE4-4416-8EE1-5CAED2047AD4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{BECABC23-A4AC-4AB1-87F2-DCAB2828F0D0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{3089FDA9-A9B0-43EA-83B7-DF0B46E4BC28}C:\program files\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |

"UDP Query User{591B4FC5-8A68-44D6-B338-CF1664094D76}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{94459F2E-5948-48C3-9231-B5499FA18370}C:\program files\logivert\logivert.exe" = protocol=17 | dir=in | app=c:\program files\logivert\logivert.exe |

"UDP Query User{D56B9255-1B2F-4536-9CFF-3FF7E125F8A7}D:\age of empires\empiresx.exe" = protocol=17 | dir=in | app=d:\age of empires\empiresx.exe |

"UDP Query User{F2961BDF-6318-4CEE-B584-4AA080452E2C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F648D8CE-3615-4988-BA9F-0B672EBB6524}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000413-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1

"{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}" = PlayMemories Home

"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX370_series" = Canon MX370 series MP Drivers

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56504C77-8B9F-4EB2-B33B-C5B9F50B5D64}" = AVG 2011

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{801D6FFF-3710-4F4A-ACCA-3267DAF6248B}" = Super Architect 3D Zilver NexGen

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01

"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1043-7B44-A81200000003}" = Adobe Reader 8.1.2 - Nederlands

"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology

"{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call

"{C3BAE9CC-EC6B-4B3E-80C1-C1EC29A09AF8}" = OpenOffice.org 3.3

"{CAC5A4CF-0800-4D0B-9DD6-A5BC2708D6D7}" = AVG 2011

"{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials

"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold

"AVG" = AVG 2011

"BabylonToolbar" = Babylon toolbar on IE

"Canon MX370 series On-screen Manual" = Canon MX370 series On-screen Manual

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"Computer Updater" = Computer Updater

"DVD Shrink_is1" = DVD Shrink 3.2

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"Firebird SQL Server NL" = Firebird SQL Server - MAGIX Edition

"Free File Opener" = Free File Opener

"Gebruikersregistratie voor Canon MX370 series" = Gebruikersregistratie voor Canon MX370 series

"Half-Life" = Half-Life

"HDMI" = Intel® Graphics Media Accelerator Driver

"Home'Bank Light_is1" = Home'Bank Light 3.3.3

"iMesh 1 MediaBar" = MediaBar

"MAGIX Foto & Video easy 3 NL" = MAGIX Foto & Video easy 3 3.0.1.0 (NL)

"MAGIX Foto Manager 2008 NL" = MAGIX Foto Manager 2008 5.0.3.354 (NL)

"MAGIX MP3 Maker SE NL" = MAGIX MP3 Maker SE 9.0.3.439 (NL)

"MAGIX Screenshare NL" = MAGIX Screenshare 4.3.6.1987 (NL)

"MAGIX Speed 2 NL" = MAGIX Speed 2 3.0.0.8 (NL)

"MAGIX Xtreme Photo Designer 6 NL" = MAGIX Xtreme Photo Designer 6 6.0.24.0 (NL)

"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

"Mijn Budgetplanner 4.50" = Mijn Budgetplanner 4.50

"MP Navigator EX 5.1" = Canon MP Navigator EX 5.1

"PrintParade Studio" = PrintParade Studio

"Sierra Utilities" = Sierra Utilities

"SMSERIAL" = Motorola SM56 Data Fax Modem

"Speed Dial Utility" = Canon Hulpprogramma Snelkiezen

"Synthesia" = Synthesia (remove only)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"The e-commerce logic_is1" = LogiVert 4.0

"Uniblue RegistryBooster" = Uniblue RegistryBooster

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 20/10/2013 16:48:39 | Computer Name = PC_van_Olav | Source = Windows Search Service | ID = 3013

Description =

Error - 20/10/2013 16:48:39 | Computer Name = PC_van_Olav | Source = Windows Search Service | ID = 3013

Description =

Error - 21/10/2013 10:19:23 | Computer Name = PC_van_Olav | Source = ComputerUpdater Service | ID = 109

Description = Error: Service started

Error - 21/10/2013 10:19:26 | Computer Name = PC_van_Olav | Source = WinMgmt | ID = 10

Description =

Error - 21/10/2013 16:37:14 | Computer Name = PC_van_Olav | Source = ComputerUpdater Service | ID = 109

Description = Error: Service started

Error - 21/10/2013 16:37:28 | Computer Name = PC_van_Olav | Source = WinMgmt | ID = 10

Description =

Error - 22/10/2013 11:22:22 | Computer Name = PC_van_Olav | Source = ComputerUpdater Service | ID = 109

Description = Error: Service started

Error - 22/10/2013 11:22:39 | Computer Name = PC_van_Olav | Source = WinMgmt | ID = 10

Description =

Error - 23/10/2013 14:49:09 | Computer Name = PC_van_Olav | Source = ComputerUpdater Service | ID = 109

Description = Error: Service started

Error - 23/10/2013 14:49:16 | Computer Name = PC_van_Olav | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 20/10/2013 16:45:04 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 20/10/2013 16:47:31 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 21/10/2013 10:19:19 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 21/10/2013 10:20:42 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 21/10/2013 16:37:07 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 21/10/2013 16:39:49 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 22/10/2013 11:22:18 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 22/10/2013 11:24:55 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 23/10/2013 14:49:06 | Computer Name = PC_van_Olav | Source = HTTP | ID = 15016

Description =

Error - 23/10/2013 14:50:59 | Computer Name = PC_van_Olav | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

< End of report >

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.