Pure Networks Platform Service foutmelding

groentje · 15 mei 2013 18:15

Beste M

Ik heb een computer van WindowsXP pro

Als ik mijn computer opstart krijg ik een bericht van,
Pure Networks Platform Service

szAppName : nmsrvc.exe szAppVer : 11.0.9154.0 szModName : nmcore.dll
szModVer : 11.2.9169.1 offset : 001de309

C:\DOCUME~1\Jels\LOCALS~1\Temp\WERb02d.dir00\nmsrvc.exe.mdmp
C:\DOCUME~1\Jels\LOCALS~1\Temp\WERb02d.dir00\appcompat.txt

Ik weet niet wat ik hier mee moet.
kunnen jullie me helpen?
Vr gr Gea

16 mei 2013 22:44

Hallo Gea,

heb jij software van Cisco geïnstalleerd?

groentje · 18 mei 2013 17:53

Hallo Abraham54

Meende dat ik al had gereageerd op je vraag,maar denk dat er iets met het verzenden is misgegaan.
Waarin je me vroeg of ik ook software van cisco had geinstalleerd.

Nee dat heb ik niet.en weet ook niet wat het is

Hartelijk dank voor je hulp.
vr gr Gea

18 mei 2013 18:02

Doe dan het volgende:

Welk programma: OTL.exe
Waarvoor/waarom: multifunktioneel tool - analyse en fix
Moeilijkheidsgraad: geen.
Download: OTL.exe en plaats het bestand op het bureaublad.
Sluit voordat OTL.exe gaat scannen, eerst alle andere openstaande vensters![
OTL.exe gebruiken:

- Windows 2000 en Windows XP: dubbelklik op OTL.exe.
- Windows Vista, Windows 7 en Windows 8: via rechtsklik op OTL.exe en kies voor "Als Administrator uitvoeren".

Zet een vinkje bij Scan All Users, LOP Check en bij PURITY Check.

Kopieer onderstaande in de Code-kader staande tekst en plak deze in het kader onder Afbeelding

Code: Selecteer alles

services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
netsvcs
BASESERVICES
DRIVES
msconfig
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%PROGRAMFILES%\*

Klik vervolgens op de knop .
Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
De scan zal niet heel erg lang duren.
- Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: OTL.Txt en Extras.txt.
- Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.

Notabene: indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.

groentje · 18 mei 2013 19:47

Bedankt abraham54 voor je antwoord.
Ik zal ermee aan de slag.

Mocht het lang duren dan meld ik tussendoor wel even hoe ver ik ben.

Vr gr Gea

18 mei 2013 20:03

Voordat OTL beide logs produceert is wel enige tijd voorbij gegaan, maar dat hoef je echt niet tussentijds te melden hoor.
Wel als je natuurlijk problemen ontmoet.

groentje · 18 mei 2013 21:53

Bedankt ik OTL logfile created on: 18-5-2013 21:21:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jels\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1023,48 Mb Total Physical Memory | 440,17 Mb Available Physical Memory | 43,01% Memory free
2,41 Gb Paging File | 1,89 Gb Available in Paging File | 78,49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77,55 Gb Total Space | 34,96 Gb Free Space | 45,08% Space Free | Partition Type: NTFS
Drive E: | 306,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 108,75 Gb Total Space | 101,70 Gb Free Space | 93,51% Space Free | Partition Type: NTFS

Computer Name: JELS-9WIWUZEM4Z | User Name: Jels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-05-18 20:52:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jels\Bureaublad\OTL.exe
PRC - [2013-05-04 22:49:05 | 001,223,344 | ---- | M] (AVG Secure Search) -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013-05-04 22:49:05 | 001,008,816 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe
PRC - [2013-04-29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013-04-25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013-04-10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013-04-04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013-03-28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013-03-18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013-02-19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012-06-06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010-02-09 17:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009-07-09 07:19:21 | 001,366,064 | R--- | M] (Cisco Systems, Inc.) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2009-06-18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009-05-04 18:22:30 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Sitecom\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2013-05-04 22:49:06 | 000,158,384 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\SiteSafety.dll
MOD - [2009-04-03 17:32:10 | 000,110,592 | ---- | M] () -- C:\Program Files\Sitecom\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2009-02-27 19:13:06 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.NLD
MOD - [2009-02-27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008-05-16 14:01:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007-07-12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\Sitecom\11n USB Wireless LAN Utility\acAuth.dll

========== Services (SafeList) ==========

SRV - [2013-05-15 15:26:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-04 22:49:05 | 001,008,816 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe -- (vToolbarUpdater15.1.0)
SRV - [2013-04-25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-04-10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009-06-18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jels\LOCALS~1\Temp\Amsmpu4p.sys -- (Amsmpu4p)
DRV - [2013-05-04 22:49:06 | 000,034,592 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013-03-29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013-03-01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-02-08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-02-08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-02-08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-02-08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-02-08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012-01-12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012-01-12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010-02-11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009-08-02 13:57:38 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009-05-26 15:35:12 | 000,583,552 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009-05-13 15:47:44 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009-05-13 15:47:44 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008-10-12 12:42:47 | 001,275,584 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004-03-17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002-09-16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001-08-17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=iron&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.bing.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 AE 34 9A 37 34 CE 01 [binary data]
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes,DefaultScope = {07078455-77CB-43CA-9910-643EF5D90359}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes\{07078455-77CB-43CA-9910-643EF5D90359}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5373 ... 2013-05-04 22:49:23&v=15.1.0.2&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?clien ... 00YYNL&&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com

[2013-05-05 19:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jels\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001-09-07 14:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (My_Comp7474 Toolbar) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My_Comp7474 Toolbar) - {47e161a0-f4ba-41dd-a17b-d2eb26ad6a02} - C:\Program Files\LimewirePlus\tbLim0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.1.0.2\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\WebBrowser: (My_Comp7474 Toolbar) - {47E161A0-F4BA-41DD-A17B-D2EB26AD6A02} - C:\Program Files\LimewirePlus\tbLim0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Sitecom 11n USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O15 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microso ... 0573884765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{316229CA-602B-4B8A-9ED7-6981DBC1937F}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{869FFAB9-EFD1-41CA-BBBF-76AE0C9350AB}: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Jels/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-01 23:26:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-08-01 01:00:00 | 000,000,148 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013-02-10 16:12:36 | 000,000,095 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{63b3f9c3-787c-11dd-bd9a-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{63b3f9c3-787c-11dd-bd9a-806d6172696f}\Shell\AutoRun\command - "" = E:\SeniorWeb cd-rom 2009-2010.exe -- [2009-08-10 15:21:02 | 016,581,962 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013-05-18 20:52:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jels\Bureaublad\OTL.exe
[2013-05-18 19:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\SeniorWeb cd-rom 2009-2010
[2013-05-16 17:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\Fam Bouma foto's
[2013-05-10 09:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Menu Start\Programma's\HHE
[2013-05-10 09:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\HHE
[2013-05-10 08:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG
[2013-05-09 20:56:21 | 000,188,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGDE.DLL
[2013-05-09 20:56:21 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WING.DLL
[2013-05-09 20:56:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WING32.DLL
[2013-05-09 20:56:21 | 000,006,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGDIB.DRV
[2013-05-09 20:56:21 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGPAL.WND
[2013-05-09 20:56:19 | 000,000,000 | ---D | C] -- C:\MSSETUP
[2013-05-05 19:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\Downloads
[2013-05-05 19:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013-05-05 10:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013-05-05 10:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\AVG
[2013-05-05 10:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013-05-05 10:52:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013-05-05 10:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2013-05-04 22:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\AVG2013
[2013-05-04 22:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Local Settings\Application Data\AVG Secure Search
[2013-05-04 22:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\TuneUp Software
[2013-05-04 22:49:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\AVG Secure Search
[2013-05-04 22:49:21 | 000,034,592 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013-05-04 22:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013-05-04 22:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2013-05-04 22:47:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013-05-04 22:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013-05-04 22:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013-05-04 22:43:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013-05-04 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Local Settings\Application Data\MFAData
[2013-05-04 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013-05-04 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Local Settings\Application Data\Avg2013
[2013-05-04 11:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Bureaublad\Slot57
[2013-05-04 10:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\save game schizm 2
[2013-05-03 20:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Bureaublad\Slot29
[2010-08-29 18:12:15 | 000,778,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpSvc.dll
[2010-08-29 18:12:15 | 000,704,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\LegitLib.dll
[2010-08-29 18:12:15 | 000,451,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpClient.dll
[2010-08-29 18:12:15 | 000,232,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpCommu.dll
[2010-08-29 18:12:15 | 000,064,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MsMpCom.dll
[2010-08-29 18:12:15 | 000,063,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpOAv.dll
[2010-08-29 18:12:15 | 000,053,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpAsDesc.dll
[2010-08-29 18:12:15 | 000,029,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mpevmsg.dll
[2010-08-29 18:12:15 | 000,009,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MsMpLics.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-05-18 21:26:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-05-18 21:24:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013-05-18 20:52:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jels\Bureaublad\OTL.exe
[2013-05-18 18:28:24 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D14933F9-8EE6-44E9-AF8A-1BFC65F8F892}.job
[2013-05-18 10:15:53 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013-05-18 07:55:20 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\bnnohswrc.job
[2013-05-18 07:55:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-05-16 08:07:31 | 000,116,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-05-15 23:40:23 | 000,499,340 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2013-05-15 23:40:23 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-05-15 23:40:23 | 000,086,450 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2013-05-15 23:40:23 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-05-15 23:36:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-05-15 15:26:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-05-15 15:26:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-05-15 07:47:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-05-10 08:38:18 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2013.lnk
[2013-05-09 21:26:53 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Jels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-08 22:03:36 | 000,034,880 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\begin time lapse.tl
[2013-05-07 06:22:15 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013-05-06 12:55:19 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Outlook Express.lnk
[2013-05-06 12:54:42 | 000,000,508 | ---- | M] () -- C:\Program Files\Snelkoppeling naar Outlook Express.lnk
[2013-05-05 09:57:22 | 000,001,115 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Readme_Slot14doc.rtf.lnk
[2013-05-04 22:49:06 | 000,034,592 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013-05-03 21:54:37 | 000,518,160 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Slot57.sav
[2013-05-03 21:54:37 | 000,262,308 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\thumb_57.dtx
[2013-05-03 19:27:01 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Knipsel.lnk
[2013-05-03 18:28:55 | 000,001,075 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar thumb_29.dtx.lnk
[2013-05-03 18:26:45 | 000,001,063 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Slot29.sav.lnk
[2013-05-03 18:17:38 | 000,160,251 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterFogMaze.zip
[2013-05-03 17:41:48 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Knipsel.shs
[2013-05-02 16:59:35 | 000,001,106 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\url.htm
[2013-04-30 22:28:39 | 000,262,308 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_ 29 dtx
[2013-04-30 22:28:39 | 000,216,839 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Slot29.sav
[2013-04-30 18:46:21 | 000,194,587 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterLaserFlowPuzzle.zip
[2013-04-30 09:47:08 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar MJ2.exe.lnk
[2013-04-28 12:18:24 | 000,262,308 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_5.dtx
[2013-04-28 12:18:24 | 000,201,189 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Slot05.sav
[2013-04-24 13:19:05 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\spider.sav
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-05-15 23:33:47 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013-05-09 19:58:47 | 000,034,880 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\begin time lapse.tl
[2013-05-07 19:34:17 | 000,375,808 | ---- | C] () -- C:\WINDOWS\System\binkw32.dll
[2013-05-07 14:56:04 | 000,201,189 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Slot05.sav
[2013-05-07 14:55:39 | 000,262,308 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_5.dtx
[2013-05-06 18:20:16 | 001,206,030 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Save Game - 2012-10-02 - 19-57-41 - Computer, New York Meat Packing Getting to secret office, 02-19-44.BS4
[2013-05-06 12:55:19 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Outlook Express.lnk
[2013-05-06 12:54:42 | 000,000,508 | ---- | C] () -- C:\Program Files\Snelkoppeling naar Outlook Express.lnk
[2013-05-04 22:49:33 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2013.lnk
[2013-05-04 11:26:04 | 000,262,308 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\thumb_57.dtx
[2013-05-04 11:18:21 | 000,518,160 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Slot57.sav
[2013-05-03 19:27:01 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Knipsel.lnk
[2013-05-03 18:28:55 | 000,001,075 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar thumb_29.dtx.lnk
[2013-05-03 18:26:45 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Slot29.sav.lnk
[2013-05-03 18:21:35 | 000,262,308 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_ 29 dtx
[2013-05-03 18:21:15 | 000,216,839 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Slot29.sav
[2013-05-03 18:17:38 | 000,160,251 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterFogMaze.zip
[2013-05-03 17:41:47 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Knipsel.shs
[2013-05-03 12:14:42 | 000,001,106 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\url.htm
[2013-05-01 10:00:03 | 000,001,115 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Readme_Slot14doc.rtf.lnk
[2013-04-30 18:46:21 | 000,194,587 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterLaserFlowPuzzle.zip
[2013-04-30 09:47:08 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar MJ2.exe.lnk
[2013-03-23 23:30:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2013-02-10 17:00:28 | 000,000,434 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013-02-10 17:00:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2013-02-03 14:27:41 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2013-02-03 14:27:41 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2013-01-02 14:59:29 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012-12-11 16:37:10 | 000,375,808 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2012-02-16 11:42:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-01-30 11:48:49 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012-01-27 17:07:30 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012-01-27 17:05:15 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011-12-15 18:31:44 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011-09-05 15:08:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\versaill.ini
[2008-09-03 14:25:53 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Jels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012-09-25 20:51:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008-04-14 19:02:39 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008-04-14 19:02:44 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-06-23 22:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2013-05-05 10:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013-05-05 10:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2013-05-04 22:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013-05-04 22:43:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013-04-09 11:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2013-05-18 19:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008-11-19 21:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2009-08-21 23:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartFix
[2013-05-14 09:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009-11-03 21:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013-05-05 10:52:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013-05-10 08:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013-04-08 14:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\groentje.1\Application Data\Babylon
[2013-04-08 14:46:40 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\groentje.1\Application Data\CrystalSpace
[2013-04-06 20:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\groentje.1\Application Data\Systweak
[2013-05-05 10:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\AVG
[2013-05-04 22:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\AVG Secure Search
[2013-05-04 22:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\AVG2013
[2013-01-16 20:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\BabylonToolbar
[2012-06-14 00:02:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jels\Application Data\CrystalSpace
[2011-02-25 16:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\facemoods.com
[2013-04-09 11:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\File Scout
[2013-04-21 11:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\LimeWirePlus
[2009-11-03 22:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\NewsBin
[2012-01-09 20:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\Onpo
[2013-04-11 10:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\PerformerSoft
[2011-01-11 11:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\ScummVM
[2013-05-18 19:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\SeniorWeb cd-rom 2009-2010
[2009-08-21 23:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\SmartFix
[2013-04-09 21:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\Systweak
[2013-05-04 22:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\TuneUp Software
[2012-01-30 11:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\Tuwage
[2013-05-05 10:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG

========== Purity Check ==========

========== Custom Scans ==========

< Code: >
[2008-09-01 23:24:55 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008-09-01 23:26:23 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011-01-21 14:52:04 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\Tasks\bnnohswrc.job
[2011-02-19 23:16:41 | 000,000,452 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D14933F9-8EE6-44E9-AF8A-1BFC65F8F892}.job
[2012-04-29 11:46:17 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012-06-23 22:34:34 | 000,000,232 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

< services.* >

< explorer.exe >

< winlogon.exe >

< Userinit.exe >

< svchost.exe >

========== Base Services ==========
SRV - [2008-04-14 19:02:48 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008-04-14 19:02:47 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008-04-14 19:02:38 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012-07-06 15:58:53 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008-04-14 19:02:23 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008-04-14 19:02:24 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009-04-20 19:22:17 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009-02-09 13:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008-04-14 19:02:25 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008-04-14 19:02:44 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008-04-14 19:02:27 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008-04-14 19:03:01 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008-04-14 19:02:24 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008-04-14 19:02:54 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008-04-14 19:02:54 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008-04-14 19:02:33 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008-06-20 18:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009-02-09 13:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008-04-14 19:02:39 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008-04-14 19:02:39 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009-02-09 12:56:07 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008-04-14 19:02:34 | 000,437,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008-04-14 19:02:39 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008-04-14 19:02:45 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010-08-27 07:55:04 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008-04-14 19:02:44 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008-04-14 19:02:39 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008-04-14 19:02:29 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008-04-14 19:02:44 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008-04-14 19:02:44 | 000,297,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008-04-14 19:03:17 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008-04-14 19:02:22 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008-04-14 19:02:28 | 000,332,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008-04-14 19:02:44 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008-04-14 19:03:06 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008-04-14 19:02:45 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009-02-09 12:56:07 | 000,684,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008-04-14 19:02:24 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008-04-14 19:02:47 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009-06-10 08:16:47 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3200822AS
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Medion Flash XL CF USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Medion Flash XL MS USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Medion Flash XL MMC/SD USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Medion Flash XL SM USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 78,00GB
Starting Offset: 116782557696
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 109,00GB
Starting Offset: 8225280
Hidden sectors: 0

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2013-05-18 07:55:20 | 000,000,308 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\bnnohswrc.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %PROGRAMFILES%\* >
[2010-01-04 11:48:52 | 000,704,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\LegitLib.dll
[2010-03-25 21:51:40 | 000,053,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpAsDesc.dll
[2010-03-25 21:39:02 | 000,451,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpClient.dll
[2010-03-25 21:39:02 | 000,232,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpCommu.dll
[2010-03-25 21:55:10 | 000,029,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mpevmsg.dll
[2010-03-25 21:39:02 | 000,063,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpOAv.dll
[2010-03-25 21:39:02 | 000,778,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpSvc.dll
[2010-03-25 21:39:02 | 000,064,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MsMpCom.dll
[2010-03-25 21:39:02 | 000,009,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MsMpLics.dll
[2013-05-06 12:54:42 | 000,000,508 | ---- | M] () -- C:\Program Files\Snelkoppeling naar Outlook Express.lnk

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
vond het eerst wat griezelig,maar het ging goed.

groentje · 18 mei 2013 21:55

OTL Extras logfile created on: 18-5-2013 21:21:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jels\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1023,48 Mb Total Physical Memory | 440,17 Mb Available Physical Memory | 43,01% Memory free
2,41 Gb Paging File | 1,89 Gb Available in Paging File | 78,49% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77,55 Gb Total Space | 34,96 Gb Free Space | 45,08% Space Free | Partition Type: NTFS
Drive E: | 306,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 108,75 Gb Total Space | 101,70 Gb Free Space | 93,51% Space Free | Partition Type: NTFS

Computer Name: JELS-9WIWUZEM4Z | User Name: Jels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Documents and Settings\Jels\Application Data\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\LimeWire Plus\LimeWire.exe" = C:\Program Files\LimeWire Plus\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Installer voor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Persoonlijke e-mailscanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1BAA7DE9-6EDC-4432-B32E-B1911543BE2C}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{52592821-F0CA-4131-8958-BCAE6E50B523}" = Pure Networks Platform
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter en de Vuurbeker™
"{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 11n USB Wireless LAN Driver and Utility
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III: Exile
"{A258173E-F308-475A-951B-F1BF76A4451B}" = Windows Live installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1043-7B44-A95000000001}" = Adobe Reader 9.5.4 - Nederlands
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"20/20 v2.2" = 20/20 v2.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2013
"Broken Sword" = Broken Sword
"Broken Sword - The Sleeping Dragon" = Broken Sword - The Sleeping Dragon
"CCleaner" = CCleaner
"China, Intrigue in the Forbidden City" = China, Intrigue in the Forbidden City
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Jewel Quest" = Jewel Quest (verwijderen)
"Jewel Quest Mysteries: Curse of the Emerald Tear" = Jewel Quest Mysteries: Curse of the Emerald Tear (verwijderen)
"Keepsake" = Keepsake
"LimeWire Plus" = LimeWire Plus 1.7
"LimewirePlus Toolbar" = LimewirePlus Toolbar
"Linksys Wireless Manager" = Linksys Wireless Manager
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Mah Jong Quest" = Mah Jong Quest (verwijderen)
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre 6.3.1_is1" = PhotoFiltre 6.3.1
"Riven 1.0" = Riven
"Schizm - mysterious journey" = Schizm - mysterious journey
"Scratches" = Scratches
"SupportAgent_HCC" = HCC!Hulp PC!OK Agent
"The Ball_is1" = The Ball
"TimeLapse" = TimeLapse
"VLC media player" = VLC media player 2.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18-5-2013 3:51:40 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 09:51:40.312]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 18-5-2013 4:02:01 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 10:02:01.312]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 18-5-2013 4:06:37 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 10:06:37.312]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 18-5-2013 4:20:25 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 10:20:25.531]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 18-5-2013 4:41:07 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 10:41:07.640]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 18-5-2013 5:30:34 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 11:30:34.703]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 18-5-2013 5:47:49 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 11:47:49.703]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 18-5-2013 6:03:55 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 12:03:55.734]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 18-5-2013 6:06:13 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 12:06:13.734]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 18-5-2013 6:15:25 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/18 12:15:25.734]: [00001976]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

[ System Events ]
Error - 18-5-2013 13:11:44 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 18-5-2013 13:11:46 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 18-5-2013 13:11:48 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 18-5-2013 13:11:49 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 18-5-2013 13:11:51 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 18-5-2013 13:11:53 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 18-5-2013 13:11:55 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 18-5-2013 13:11:56 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 18-5-2013 13:26:23 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

Error - 18-5-2013 13:41:25 | Computer Name = JELS-9WIWUZEM4Z | Source = Disk | ID = 262151
Description = Beschadigd blok in apparaat \Device\Harddisk1\D.

< End of report >

18 mei 2013 22:04

Er zit een heel vieze toolbar in jouw Windows!
En Cisco zit ook in jouw Windows.

Graag de drie logs in één keer posten.

Stap •1•
Welk programma: AdwCleaner
Waarvoor/waarom: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
Moeilijkheidsgraad: Geen.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Download: AdwCleaner by Xplode.

Opmerkingen:

Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
Dat na opstarten van AdwCleaner de snelkoppelingen verdwijnen van bureaublad, is normaal.

AdwCleaner opstarten:

Windows 2000 en Windows XP: dubbelklik op adwcleaner.exe.
Windows Vista, Windows 7 en Windows 8: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".

AdwCleaner is opgestart:

Klik op de knop Verwijderen
Klik bij AdwCleaner – Afsluiting van de programma's op OK
Klik bij AdwCleaner – Herstarten noodzakelijk op OK

AdwCleaner logbestand:

Nadat de PC opnieuw is opgestart, opent een logfile.
Post vervolgens de inhoud van dit log in je volgende bericht.

Stap •2•
Welk programma: Junkware Removal Tool by Thisisu
Waarvoor/waarom: Scanner om Windows o.a. te ontdoen van malafide toolbars.
Moeilijkheidsgraad: Geen.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Download: JRT.exe.
Opmerkingen:

Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.:
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
Dat tijdens de scan van JRT.exe tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.

Junkware Removal Tool by Thisisu opstarten:

Windows 2000 en Windows XP: dubbelklik op JRT.exe.
Windows Vista, Windows 7 en Windows 8: via rechtsklik op JRT.exe en kies voor "Als Administrator uitvoeren".
JRT.exe zal daarna Windows gaan scannen.
Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig.
Indien de scan voltooid is, zal een logje (JRT.txt) op het bureaublad opgeslagen worden en automatisch openen.
Post de inhoud van dit log in je volgende bericht.

Stap •3•
Welk programma: Malwarebytes MBAM
Waarvoor/waarom: gratis specialistische ondemandscanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.
Download: Malwarebytes MBAM

Allereerst:

Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
Ook bij herhaald gebruik: eerst Malwarebytes MBAM updaten via de tab 'Update'!

Malwarebytes MBAM opstarten:

Sluit nu eerst alle nog openstaande programmavensters!
Windows 2000 en Windows XP: dubbelklik op de MBAM -snelkoppeling.
Windows Vista, Windows 7 en Windows 8: rechtsklik op de MBAM-snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

Let op:

Malwarebytes MBAM verstrekt nu de volledige versie van MBAM.
Bij de eerste start kijg je de mogelijkheid de gratis probeerversie van Malwarebytes AntiMalware tijdelijk te gebruiken.
Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan voor de gratis versie te gaan en dus het vinkje bij de probeerversie te verwijderen.
Zodoende zal Malwarebytes MBAM als gratis versie verder te gebruiken zijn

Doe ook nog het volgende:

Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".

Scannen:

Bij het starten Malwarebytes MBAM kies je voor 'Snelle Scan'.
Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.

Infecties gevonden:

Klik nu eerst op OK om de melding weg te klikken
Klik vervolgens rechtsonder op de knop Bekijk resultaten.
Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
Daarna zal Malwarebytes MBAM vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.

MBAM-Log:

Het log wordt automatisch bewaard door Malwarebytes MBAM en dat kan je terugvinden door in het hoofdmenu van Malwarebytes MBAM op de tab 'Logbestanden' te klikken.

Post aansluitend in je volgende bericht de inhoud van het MBAM-log.

groentje · 19 mei 2013 19:21

Hier zijn d# AdwCleaner v2.301 - Verslag gemaakt op 19/05/2013 om 16:49:10
# Geactualiseerd op 16/05/2013 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : Jels - JELS-9WIWUZEM4Z
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Documents and Settings\Jels\Local Settings\Temporary Internet Files\Content.IE5\X5RQYE2W\adwcleaner[1].exe
# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

Verwijdert bij het opstarten : C:\Program Files\Common Files\AVG Secure Search

***** [Register] *****

***** [Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v [Onmogelijk de versie te verkrijgen]

File : C:\Documents and Settings\Jels\Application Data\Mozilla\Firefox\Profiles\1dlwil2j.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

File : C:\Documents and Settings\Jels\Application Data\Mozilla\Firefox\Profiles\tyh3lv6j.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

File : C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[S2].txt - [1362 octets] - [19/05/2013 16:49:10]

########## EOF - C:\AdwCleaner[S2].txt - [1422 octets] ##########
e logjes~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Jels on zo 19-05-2013 at 18:18:20,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Jels\Application Data\systweak"
Successfully deleted: [Folder] "C:\Program Files\registry mechanic"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on zo 19-05-2013 at 18:21:13,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Databaseversie: v2013.05.19.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jels :: JELS-9WIWUZEM4Z [administrator]

19-5-2013 19:00:05
mbam-log-2013-05-19 (19-00-05).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 235769
Verstreken tijd: 10 minuut/minuten, 37 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

19 mei 2013 20:14

Ik ben een beetje teleurgesteld over de "oogst" van de logs.
Daarom gaan we nu dieper in jouw Windows kijken.

Welk programma: OTL.exe
Waarvoor/waarom: multifunktioneel tool - analyse en fix
Moeilijkheidsgraad: geen.
Download: OTL.exe en plaats het bestand op het bureaublad.
Sluit voordat OTL.exe gaat scannen, eerst alle andere openstaande vensters!

OTL.exe gebruiken:

- Windows 2000 en Windows XP: dubbelklik op OTL.exe.
- Windows Vista, Windows 7 en Windows 8: via rechtsklik op OTL.exe en kies voor "Als Administrator uitvoeren".

Zet een vinkje bij Scan All Users, LOP Check en bij PURITY Check.

Kopieer onderstaande in de Code-kader staande tekst en plak deze in het kader onder Afbeelding

Code: Selecteer alles

services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
netsvcs
BASESERVICES
DRIVES
msconfig
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%PROGRAMFILES%\*

Klik vervolgens op de knop .
Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
De scan zal niet heel erg lang duren.
- Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: OTL.Txt en Extras.txt.
- Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.

Notabene: indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.

groentje · 19 mei 2013 21:17

Hallo Abraham

Zelf was ik ook teleurgesteld en daarom nog even gaan zoeken.

Misschien is er hoop!

By MarwareBytes staat in quarantaine

AdwareAgent C:\Documents en settings\jels\Local settings\Temp.

Omdat hij in quarantaine staat meld ik dit maar even voor ik de scan opnieuw ga doen.

Ik hoop dat we succes hebben

vr gr Gea

19 mei 2013 22:21

Hallo Gea, doe nu maar die OTL-scan - die gaat nu eerst enkel een duidelijk overzicht maken.

groentje · 20 mei 2013 09:41

OTL Extras logfile created on: 20-5-2013 9:21:01 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jels\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1023,48 Mb Total Physical Memory | 528,79 Mb Available Physical Memory | 51,67% Memory free
2,41 Gb Paging File | 1,95 Gb Available in Paging File | 81,09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77,55 Gb Total Space | 34,90 Gb Free Space | 45,00% Space Free | Partition Type: NTFS
Drive E: | 306,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 108,75 Gb Total Space | 101,70 Gb Free Space | 93,51% Space Free | Partition Type: NTFS
Drive G: | 596,02 Gb Total Space | 540,36 Gb Free Space | 90,66% Space Free | Partition Type: FAT32

Computer Name: JELS-9WIWUZEM4Z | User Name: Jels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Documents and Settings\Jels\Application Data\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\LimeWire Plus\LimeWire.exe" = C:\Program Files\LimeWire Plus\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Installer voor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Persoonlijke e-mailscanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1BAA7DE9-6EDC-4432-B32E-B1911543BE2C}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{52592821-F0CA-4131-8958-BCAE6E50B523}" = Pure Networks Platform
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter en de Vuurbeker™
"{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 11n USB Wireless LAN Driver and Utility
"{9F05B89E-2873-11D5-9E9D-0050DA1EA555}" = Myst III: Exile
"{A258173E-F308-475A-951B-F1BF76A4451B}" = Windows Live installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1043-7B44-A95000000001}" = Adobe Reader 9.5.4 - Nederlands
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"20/20 v2.2" = 20/20 v2.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2013
"Broken Sword" = Broken Sword
"Broken Sword - The Sleeping Dragon" = Broken Sword - The Sleeping Dragon
"CCleaner" = CCleaner
"China, Intrigue in the Forbidden City" = China, Intrigue in the Forbidden City
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"Jewel Quest" = Jewel Quest (verwijderen)
"Jewel Quest Mysteries: Curse of the Emerald Tear" = Jewel Quest Mysteries: Curse of the Emerald Tear (verwijderen)
"Keepsake" = Keepsake
"LimeWire Plus" = LimeWire Plus 1.7
"Linksys Wireless Manager" = Linksys Wireless Manager
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Mah Jong Quest" = Mah Jong Quest (verwijderen)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre 6.3.1_is1" = PhotoFiltre 6.3.1
"Riven 1.0" = Riven
"Schizm - mysterious journey" = Schizm - mysterious journey
"Scratches" = Scratches
"SupportAgent_HCC" = HCC!Hulp PC!OK Agent
"The Ball_is1" = The Ball
"TimeLapse" = TimeLapse
"VLC media player" = VLC media player 2.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19-5-2013 13:18:57 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/19 19:18:57.265]: [00001872]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 19-5-2013 13:20:06 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/19 19:20:06.265]: [00001872]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 19-5-2013 13:21:15 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/19 19:21:15.265]: [00001872]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 19-5-2013 13:22:24 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/19 19:22:24.281]: [00001872]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 19-5-2013 13:23:33 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/19 19:23:33.281]: [00001872]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 19-5-2013 13:26:10 | Computer Name = JELS-9WIWUZEM4Z | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: nmsrvc.exe, versie: 11.0.9154.0, vastgelopen
module: nmcore.dll, versie: 11.2.9169.1, vastgelopen op: 0x001de309.

Error - 19-5-2013 13:26:21 | Computer Name = JELS-9WIWUZEM4Z | Source = Application Error | ID = 1004
Description = Vastgelopen toepassing: nmsrvc.exe, versie: 11.0.9154.0, vastgelopen
module: nmcore.dll, versie: 11.2.9169.1, vastgelopen op: 0x001de309.

Error - 19-5-2013 13:28:06 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/19 19:28:06.546]: [00001716]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 19-5-2013 13:29:15 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/19 19:29:15.609]: [00001716]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

Error - 19-5-2013 13:30:24 | Computer Name = JELS-9WIWUZEM4Z | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/19 19:30:24.625]: [00001716]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.2.3]

[ System Events ]
Error - 19-5-2013 10:10:44 | Computer Name = JELS-9WIWUZEM4Z | Source = Service Control Manager | ID = 7034
Description = De Pure Networks Platform Service-service is onverwacht beëindigd.
Dit is nu 1 keer gebeurd.

Error - 19-5-2013 10:53:05 | Computer Name = JELS-9WIWUZEM4Z | Source = Service Control Manager | ID = 7022
Description = De Pure Networks Platform Service-service is bij het starten vastgelopen.

Error - 19-5-2013 10:53:29 | Computer Name = JELS-9WIWUZEM4Z | Source = Service Control Manager | ID = 7034
Description = De Pure Networks Platform Service-service is onverwacht beëindigd.
Dit is nu 1 keer gebeurd.

Error - 19-5-2013 12:44:38 | Computer Name = JELS-9WIWUZEM4Z | Source = MRxSmb | ID = 8003
Description = De masterbrowser heeft een servermelding ontvangen van computer HP29335243542
die
meent de masterbrowser voor het domein te zijn op transport NetBT_Tcpip_{869FFAB9-EFD1-.
De masterbrowser wordt gestopt of er wordt een verkiezing afgedwongen.

Error - 19-5-2013 13:27:37 | Computer Name = JELS-9WIWUZEM4Z | Source = Service Control Manager | ID = 7022
Description = De Pure Networks Platform Service-service is bij het starten vastgelopen.

Error - 19-5-2013 13:27:37 | Computer Name = JELS-9WIWUZEM4Z | Source = Service Control Manager | ID = 7034
Description = De Pure Networks Platform Service-service is onverwacht beëindigd.
Dit is nu 1 keer gebeurd.

Error - 19-5-2013 13:38:28 | Computer Name = JELS-9WIWUZEM4Z | Source = Service Control Manager | ID = 7022
Description = De Pure Networks Platform Service-service is bij het starten vastgelopen.

Error - 19-5-2013 13:42:17 | Computer Name = JELS-9WIWUZEM4Z | Source = Service Control Manager | ID = 7034
Description = De Pure Networks Platform Service-service is onverwacht beëindigd.
Dit is nu 1 keer gebeurd.

Error - 20-5-2013 1:41:52 | Computer Name = JELS-9WIWUZEM4Z | Source = Service Control Manager | ID = 7022
Description = De Pure Networks Platform Service-service is bij het starten vastgelopen.

Error - 20-5-2013 1:41:52 | Computer Name = JELS-9WIWUZEM4Z | Source = Service Control Manager | ID = 7034
Description = De Pure Networks Platform Service-service is onverwacht beëindigd.
Dit is nu 1 keer gebeurd.

< End of report >

groentje · 20 mei 2013 09:57

OTL logfile created on: 20-5-2013 9:01:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jels\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1023,48 Mb Total Physical Memory | 569,23 Mb Available Physical Memory | 55,62% Memory free
2,41 Gb Paging File | 1,98 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77,55 Gb Total Space | 34,89 Gb Free Space | 44,99% Space Free | Partition Type: NTFS
Drive E: | 306,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 108,75 Gb Total Space | 101,70 Gb Free Space | 93,51% Space Free | Partition Type: NTFS
Drive G: | 596,02 Gb Total Space | 540,36 Gb Free Space | 90,66% Space Free | Partition Type: FAT32

Computer Name: JELS-9WIWUZEM4Z | User Name: Jels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-05-18 20:52:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jels\Bureaublad\OTL.exe
PRC - [2013-05-04 22:49:05 | 001,008,816 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe
PRC - [2013-04-29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013-04-25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013-04-10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013-04-04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013-03-28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013-03-18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013-02-19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2010-02-09 17:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009-07-09 07:19:21 | 001,366,064 | R--- | M] (Cisco Systems, Inc.) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2009-06-18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009-05-04 18:22:30 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Sitecom\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008-04-14 19:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2009-04-03 17:32:10 | 000,110,592 | ---- | M] () -- C:\Program Files\Sitecom\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2009-02-27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007-07-12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\Sitecom\11n USB Wireless LAN Utility\acAuth.dll

========== Services (SafeList) ==========

SRV - [2013-05-15 15:26:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-04 22:49:05 | 001,008,816 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe -- (vToolbarUpdater15.1.0)
SRV - [2013-04-25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-04-10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009-06-18 16:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jels\LOCALS~1\Temp\Amsmpu4p.sys -- (Amsmpu4p)
DRV - [2013-05-04 22:49:06 | 000,034,592 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013-03-29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013-03-01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-02-08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-02-08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-02-08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-02-08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-02-08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012-01-12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012-01-12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010-02-11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009-08-02 13:57:38 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009-05-26 15:35:12 | 000,583,552 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009-05-13 15:47:44 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009-05-13 15:47:44 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008-10-12 12:42:47 | 001,275,584 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004-03-17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002-09-16 18:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001-08-17 20:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoSo ... 04/04/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kpnvandaag.nl/
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 AE 34 9A 37 34 CE 01 [binary data]
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes,DefaultScope = {07078455-77CB-43CA-9910-643EF5D90359}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes\{07078455-77CB-43CA-9910-643EF5D90359}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-507921405-152049171-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com

[2013-05-05 19:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jels\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Jels\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2001-09-07 14:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Sitecom 11n USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-152049171-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe File not found
O15 - HKU\S-1-5-21-507921405-152049171-682003330-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microso ... 0573884765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{316229CA-602B-4B8A-9ED7-6981DBC1937F}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{869FFAB9-EFD1-41CA-BBBF-76AE0C9350AB}: DhcpNameServer = 192.168.2.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Jels/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jels\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-09-01 23:26:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-08-01 01:00:00 | 000,000,148 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013-02-10 16:12:36 | 000,000,095 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2002-10-17 09:56:50 | 000,000,036 | RH-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2003-03-21 12:00:56 | 000,000,000 | RH-D | M] - G:\AUTORUN -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013-05-19 18:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Malwarebytes' Anti-Malware
[2013-05-19 18:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-05-19 18:18:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013-05-19 18:15:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013-05-18 21:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\Nieuwe map hijack this uitslagen en logjes
[2013-05-18 20:52:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jels\Bureaublad\OTL.exe
[2013-05-18 19:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\SeniorWeb cd-rom 2009-2010
[2013-05-16 17:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\Fam Bouma foto's
[2013-05-10 09:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Menu Start\Programma's\HHE
[2013-05-10 09:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\HHE
[2013-05-10 08:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\AVG
[2013-05-09 20:56:21 | 000,188,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGDE.DLL
[2013-05-09 20:56:21 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WING.DLL
[2013-05-09 20:56:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WING32.DLL
[2013-05-09 20:56:21 | 000,006,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGDIB.DRV
[2013-05-09 20:56:21 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINGPAL.WND
[2013-05-09 20:56:19 | 000,000,000 | ---D | C] -- C:\MSSETUP
[2013-05-05 19:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\Downloads
[2013-05-05 19:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013-05-05 10:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013-05-05 10:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\AVG
[2013-05-05 10:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013-05-05 10:52:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013-05-04 22:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\AVG2013
[2013-05-04 22:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Application Data\TuneUp Software
[2013-05-04 22:49:21 | 000,034,592 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013-05-04 22:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013-05-04 22:47:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013-05-04 22:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013-05-04 22:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013-05-04 22:43:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013-05-04 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Local Settings\Application Data\MFAData
[2013-05-04 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013-05-04 22:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Local Settings\Application Data\Avg2013
[2013-05-04 11:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Bureaublad\Slot57
[2013-05-04 10:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Mijn documenten\save game schizm 2
[2013-05-03 20:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jels\Bureaublad\Slot29
[2010-08-29 18:12:15 | 000,778,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpSvc.dll
[2010-08-29 18:12:15 | 000,704,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\LegitLib.dll
[2010-08-29 18:12:15 | 000,451,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpClient.dll
[2010-08-29 18:12:15 | 000,232,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpCommu.dll
[2010-08-29 18:12:15 | 000,064,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MsMpCom.dll
[2010-08-29 18:12:15 | 000,063,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpOAv.dll
[2010-08-29 18:12:15 | 000,053,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MpAsDesc.dll
[2010-08-29 18:12:15 | 000,029,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mpevmsg.dll
[2010-08-29 18:12:15 | 000,009,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MsMpLics.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-05-20 08:40:55 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013-05-20 08:26:15 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-05-20 07:39:56 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\bnnohswrc.job
[2013-05-20 07:39:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-05-19 20:35:30 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D14933F9-8EE6-44E9-AF8A-1BFC65F8F892}.job
[2013-05-19 18:41:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
[2013-05-19 09:07:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-05-18 20:52:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jels\Bureaublad\OTL.exe
[2013-05-16 08:07:31 | 000,116,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-05-15 23:40:23 | 000,499,340 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2013-05-15 23:40:23 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013-05-15 23:40:23 | 000,086,450 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2013-05-15 23:40:23 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013-05-15 23:36:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013-05-15 15:26:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-05-15 15:26:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-05-10 08:38:18 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2013.lnk
[2013-05-09 21:26:53 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Jels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-08 22:03:36 | 000,034,880 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\begin time lapse.tl
[2013-05-07 06:22:15 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013-05-06 12:55:19 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Outlook Express.lnk
[2013-05-06 12:54:42 | 000,000,508 | ---- | M] () -- C:\Program Files\Snelkoppeling naar Outlook Express.lnk
[2013-05-05 09:57:22 | 000,001,115 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Readme_Slot14doc.rtf.lnk
[2013-05-04 22:49:06 | 000,034,592 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013-05-03 21:54:37 | 000,518,160 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Slot57.sav
[2013-05-03 21:54:37 | 000,262,308 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\thumb_57.dtx
[2013-05-03 19:27:01 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Knipsel.lnk
[2013-05-03 18:28:55 | 000,001,075 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar thumb_29.dtx.lnk
[2013-05-03 18:26:45 | 000,001,063 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Slot29.sav.lnk
[2013-05-03 18:17:38 | 000,160,251 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterFogMaze.zip
[2013-05-03 17:41:48 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Knipsel.shs
[2013-05-02 16:59:35 | 000,001,106 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\url.htm
[2013-04-30 22:28:39 | 000,262,308 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_ 29 dtx
[2013-04-30 22:28:39 | 000,216,839 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Slot29.sav
[2013-04-30 18:46:21 | 000,194,587 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterLaserFlowPuzzle.zip
[2013-04-30 09:47:08 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar MJ2.exe.lnk
[2013-04-28 12:18:24 | 000,262,308 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_5.dtx
[2013-04-28 12:18:24 | 000,201,189 | ---- | M] () -- C:\Documents and Settings\Jels\Bureaublad\Slot05.sav
[2013-04-24 13:19:05 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Jels\Mijn documenten\spider.sav
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-05-19 18:41:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Malwarebytes Anti-Malware.lnk
[2013-05-15 23:33:47 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013-05-09 19:58:47 | 000,034,880 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\begin time lapse.tl
[2013-05-07 19:34:17 | 000,375,808 | ---- | C] () -- C:\WINDOWS\System\binkw32.dll
[2013-05-07 14:56:04 | 000,201,189 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Slot05.sav
[2013-05-07 14:55:39 | 000,262,308 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_5.dtx
[2013-05-06 18:20:16 | 001,206,030 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Save Game - 2012-10-02 - 19-57-41 - Computer, New York Meat Packing Getting to secret office, 02-19-44.BS4
[2013-05-06 12:55:19 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Outlook Express.lnk
[2013-05-06 12:54:42 | 000,000,508 | ---- | C] () -- C:\Program Files\Snelkoppeling naar Outlook Express.lnk
[2013-05-04 22:49:33 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\AVG 2013.lnk
[2013-05-04 11:26:04 | 000,262,308 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\thumb_57.dtx
[2013-05-04 11:18:21 | 000,518,160 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Slot57.sav
[2013-05-03 19:27:01 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Knipsel.lnk
[2013-05-03 18:28:55 | 000,001,075 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar thumb_29.dtx.lnk
[2013-05-03 18:26:45 | 000,001,063 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Slot29.sav.lnk
[2013-05-03 18:21:35 | 000,262,308 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\thumb_ 29 dtx
[2013-05-03 18:21:15 | 000,216,839 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Slot29.sav
[2013-05-03 18:17:38 | 000,160,251 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterFogMaze.zip
[2013-05-03 17:41:47 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Knipsel.shs
[2013-05-03 12:14:42 | 000,001,106 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\url.htm
[2013-05-01 10:00:03 | 000,001,115 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar Readme_Slot14doc.rtf.lnk
[2013-04-30 18:46:21 | 000,194,587 | ---- | C] () -- C:\Documents and Settings\Jels\Mijn documenten\Schizm2_AfterLaserFlowPuzzle.zip
[2013-04-30 09:47:08 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Jels\Bureaublad\Snelkoppeling naar MJ2.exe.lnk
[2013-03-23 23:30:02 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2013-02-10 17:00:28 | 000,000,434 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013-02-10 17:00:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2013-02-03 14:27:41 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2013-02-03 14:27:41 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2013-01-02 14:59:29 | 000,000,033 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012-12-11 16:37:10 | 000,375,808 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2012-02-16 11:42:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-01-30 11:48:49 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012-01-27 17:07:30 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2012-01-27 17:05:15 | 000,013,931 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011-12-15 18:31:44 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011-09-05 15:08:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\versaill.ini
[2008-09-03 14:25:53 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Jels\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012-09-25 20:51:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008-04-14 19:02:39 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 12:56:06 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008-04-14 19:02:44 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-05-05 10:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013-05-04 22:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013-05-04 22:43:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013-05-20 08:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008-11-19 21:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2009-08-21 23:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartFix
[2009-11-03 21:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013-05-05 10:52:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013-05-10 08:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013-04-08 14:46:40 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\groentje.1\Application Data\CrystalSpace
[2013-04-06 20:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\groentje.1\Application Data\Systweak
[2013-05-05 10:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\AVG
[2013-05-04 22:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\AVG2013
[2012-06-14 00:02:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jels\Application Data\CrystalSpace
[2009-11-03 22:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\NewsBin
[2012-01-09 20:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\Onpo
[2011-01-11 11:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\ScummVM
[2013-05-18 19:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\SeniorWeb cd-rom 2009-2010
[2009-08-21 23:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\SmartFix
[2013-05-04 22:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\TuneUp Software
[2012-01-30 11:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jels\Application Data\Tuwage
[2013-05-05 10:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG

========== Purity Check ==========

========== Custom Scans ==========

< Code: >
[2008-09-01 23:24:55 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008-09-01 23:26:23 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011-01-21 14:52:04 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\Tasks\bnnohswrc.job
[2011-02-19 23:16:41 | 000,000,452 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D14933F9-8EE6-44E9-AF8A-1BFC65F8F892}.job
[2012-04-29 11:46:17 | 000,000,940 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< services.* >

< explorer.exe >

< winlogon.exe >

< Userinit.exe >

< svchost.exe >

========== Base Services ==========
SRV - [2008-04-14 19:02:48 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008-04-14 19:02:47 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008-04-14 19:02:38 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012-07-06 15:58:53 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008-04-14 19:02:23 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008-04-14 19:02:24 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009-04-20 19:22:17 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009-02-09 13:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008-04-14 19:02:25 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008-04-14 19:02:44 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008-04-14 19:02:27 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008-04-14 19:03:01 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008-04-14 19:02:24 | 000,024,064 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008-04-14 19:02:54 | 000,225,280 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008-04-14 19:02:54 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008-04-14 19:02:33 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008-06-20 18:04:51 | 000,247,296 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009-02-09 13:27:40 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010-08-17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008-04-14 19:02:39 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008-04-14 19:02:39 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009-02-09 12:56:07 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008-04-14 19:02:34 | 000,437,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008-04-14 19:02:39 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008-04-14 19:03:02 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008-04-14 19:02:45 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010-08-27 07:55:04 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008-04-14 19:02:44 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008-04-14 19:02:39 | 000,193,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008-04-14 19:02:29 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008-04-14 19:02:44 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008-04-14 19:02:44 | 000,297,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009-07-28 01:19:12 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008-04-14 19:03:17 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008-04-14 19:02:22 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008-04-14 19:02:28 | 000,332,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008-04-14 19:02:44 | 000,334,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008-04-14 19:03:06 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008-04-14 19:02:45 | 000,145,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009-02-09 12:56:07 | 000,684,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008-04-14 19:02:24 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008-04-14 19:02:47 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009-06-10 08:16:47 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3200822AS
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Medion Flash XL CF USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Medion Flash XL MS USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Medion Flash XL MMC/SD USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Medion Flash XL SM USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: WD 6400AAK External USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 78,00GB
Starting Offset: 116782557696
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 109,00GB
Starting Offset: 8225280
Hidden sectors: 0

DeviceID: Disk #5, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 596,00GB
Starting Offset: 32256
Hidden sectors: 0

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
[2013-05-20 07:39:56 | 000,000,308 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\bnnohswrc.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %PROGRAMFILES%\* >
[2010-01-04 11:48:52 | 000,704,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\LegitLib.dll
[2010-03-25 21:51:40 | 000,053,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpAsDesc.dll
[2010-03-25 21:39:02 | 000,451,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpClient.dll
[2010-03-25 21:39:02 | 000,232,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpCommu.dll
[2010-03-25 21:55:10 | 000,029,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mpevmsg.dll
[2010-03-25 21:39:02 | 000,063,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpOAv.dll
[2010-03-25 21:39:02 | 000,778,624 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MpSvc.dll
[2010-03-25 21:39:02 | 000,064,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MsMpCom.dll
[2010-03-25 21:39:02 | 000,009,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MsMpLics.dll
[2013-05-06 12:54:42 | 000,000,508 | ---- | M] () -- C:\Program Files\Snelkoppeling naar Outlook Express.lnk

< >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

HijackThis - Forum voor virus en spyware problemen - Partner van de VZW PC Helpforum.be

Welkom op ons forum!

Pure Networks Platform Service foutmelding