Virus: Achtung! Das Betriebssystem

**marle** · 25 maart 2012, 09:49

Hey,

ik had het virus 'Achtung! Das Betriebssystem...' opgelopen en heb mijn register aangepast zoals hier verteld: Achtung! Das Betriebssystem wurde im Zusammenhang mit Verstoßen gegen die Gesetze der Bundesrepublik Deutschland gesperrt virus « Virus Removal Toolbox

Virus was ook gefixt maar deze is nog eens terug gekomen. Mijn avg heeft ook al vanalles gevonden (logon.scr ect).

Alles blijkt nu goed te werken, maar ik zou toch nog eens mijn hijack logje willen laten cheken.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:52, on 25-3-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
E:\TwinCAT\EventLogger\TcEventLogger.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
E:\TwinCAT\TCATSysSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIG CE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files\firefox.exe
E:\Program Files\plugin-container.exe
C:\Documents and Settings\Kris\Mijn documenten\Downloads\Nieuwe map\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCSSync] "E:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX420W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIG CE.EXE /FU "C:\WINDOWS\TEMP\E_SEB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKLM\..\Policies\Explorer\Run: [22267] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.com
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Verzenden naar OneNote - res://E:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Kris\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6621E9BE-86F6-475F-827D-D1FBC3E1B8D2}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TcEventLogger - Unknown owner - E:\TwinCAT\EventLogger\TcEventLogger.exe
O23 - Service: TwinCAT System Service - BECKHOFF Automation - E:\TwinCAT\TCATSysSrv.exe

--
End of file - 9965 bytes

**Juisterr** · 26 maart 2012, 18:33

Start HijackThis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Policies\Explorer\Run: [22267] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.com

Sluit alle vensters behalve HijackThis
Klik op 'Fix checked' om de items te verwijderen.

Download OTL naar je Bureaublad

Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
Zet een vinkje bij Scan All Users.
Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
- Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
- Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

**marle** · 26 maart 2012, 21:21

OTL logfile created on: 26-3-2012 21:07:34 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Kris\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,25 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 82,97% Memory free
5,09 Gb Paging File | 4,62 Gb Available in Paging File | 90,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 59,70 Gb Free Space | 59,70% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 239,85 Gb Free Space | 51,50% Space Free | Partition Type: NTFS
Drive E: | 411,98 Gb Total Space | 357,60 Gb Free Space | 86,80% Space Free | Partition Type: NTFS
Drive F: | 419,53 Gb Total Space | 180,15 Gb Free Space | 42,94% Space Free | Partition Type: NTFS

Computer Name: KRIS | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-26 20:59:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kris\Bureaublad\OTL.com
PRC - [2012-01-24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011-11-28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011-11-16 16:55:02 | 000,670,880 | ---- | M] (BECKHOFF Automation) -- E:\TwinCAT\TCATSysSrv.exe
PRC - [2011-11-16 16:55:02 | 000,453,056 | ---- | M] () -- E:\TwinCAT\EventLogger\TcEventLogger.exe
PRC - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011-10-10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011-09-08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011-08-15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009-12-03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe
PRC - [2009-02-05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2008-04-14 22:33:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2012-01-03 15:10:50 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
MOD - [2011-11-16 16:55:02 | 000,453,056 | ---- | M] () -- E:\TwinCAT\EventLogger\TcEventLogger.exe
MOD - [2011-09-27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-09-27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-03-17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010-03-15 11:28:22 | 000,141,824 | ---- | M] () -- E:\Program Files\WinRAR\RarExt.dll
MOD - [2009-02-05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2008-12-05 17:03:52 | 000,098,304 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011-11-16 16:55:02 | 000,670,880 | ---- | M] (BECKHOFF Automation) [Auto | Running] -- E:\TwinCAT\TCATSysSrv.exe -- (TwinCAT System Service)
SRV - [2011-11-16 16:55:02 | 000,453,056 | ---- | M] () [Auto | Running] -- E:\TwinCAT\EventLogger\TcEventLogger.exe -- (TcEventLogger)
SRV - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-10-02 09:08:42 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
SRV - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-06-12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011-03-16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-05-14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009-02-05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ag1ftk3v)
DRV - [2012-03-26 19:50:57 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012-03-14 19:27:16 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2011-12-20 09:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011-12-06 05:42:18 | 007,490,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011-11-16 16:55:02 | 000,931,488 | ---- | M] (Beckhoff Automation GmbH) [Kernel | Auto | Running] -- E:\TwinCAT\Driver\TcIo.sys -- (TcIo)
DRV - [2011-11-16 16:55:02 | 000,489,120 | ---- | M] (Beckhoff Automation GmbH) [Kernel | Auto | Running] -- E:\TwinCAT\Driver\AddDriver\TcIoECat.sys -- (TcIoECat)
DRV - [2011-11-16 16:55:02 | 000,322,208 | ---- | M] (Beckhoff Automation GmbH) [Kernel | Auto | Running] -- E:\TwinCAT\Driver\AddDriver\TcIoPNet.sys -- (TcIoPNet)
DRV - [2011-11-16 16:55:02 | 000,315,040 | ---- | M] (Beckhoff Automation GmbH) [Kernel | Auto | Running] -- E:\TwinCAT\Driver\AddDriver\TcIoEth.sys -- (TcIoEth)
DRV - [2011-11-16 16:55:02 | 000,293,024 | ---- | M] (BECKHOFF) [Kernel | Auto | Running] -- E:\TwinCAT\Driver\TcPlc.sys -- (TcPlc)
DRV - [2011-11-16 16:55:02 | 000,193,184 | ---- | M] (BECKHOFF) [Kernel | Auto | Running] -- E:\TwinCAT\Driver\TCRouter.sys -- (TcRouter)
DRV - [2011-11-16 16:55:02 | 000,173,728 | ---- | M] (BECKHOFF Automation) [Kernel | Auto | Running] -- E:\TwinCAT\Driver\TCRtime.sys -- (TcRTime)
DRV - [2011-10-12 22:23:27 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011-10-07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011-10-04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011-09-13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-08-08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-07-11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011-07-11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011-07-11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011-07-11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009-04-03 23:08:08 | 000,713,344 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009-01-20 12:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-12-25 11:32:32 | 003,721,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008-11-04 04:21:04 | 000,083,296 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008-01-04 04:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007-04-16 13:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007-01-23 15:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007-01-23 15:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007-01-23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005-12-18 20:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\Program Files\DScaler\DSDrv4.sys -- (DSDrv4)
DRV - [2005-04-12 19:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005-04-12 19:21:32 | 000,017,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2005-04-12 19:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005-04-12 19:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005-04-12 19:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer

ource?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\..\SearchScopes,DefaultScope = {55449B9E-F16C-4B43-9795-E7A271BB6BD4}
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\..\SearchScopes\{55449B9E-F16C-4B43-9795-E7A271BB6BD4}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\..\SearchScopes\{C09ED1D4-B134-4F60-8B26-5E6FF788D1F7}: "URL" = http://www.google.nl/search?hl=nl&q={searchTerms}&meta=
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-02-02 12:41:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Program Files\components [2012-03-17 00:11:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Program Files\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: J:\Program Files\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: J:\Program Files\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2012-01-14 00:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Ex tensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012-02-02 12:41:16 | 000,000,000 | ---D | M]

[2011-08-28 21:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kris\Application Data\Mozilla\Extensions
[2012-03-18 11:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\z3gzlh0f.default\ext ensions
[2011-12-11 23:01:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\z3gzlh0f.default\ext ensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-03-18 11:48:29 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\z3gzlh0f.default\ext ensions\foxyproxy@eric.h.jung
[2011-12-18 13:52:23 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Kris\Application Data\Mozilla\Firefox\Profiles\z3gzlh0f.default\sea rchplugins\videos-zoeken-op-youtube.xml
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z3GZLH0F.DEFAULT\EXT ENSIONS\{9D6218B8-03C7-4B91-AA43-680B305DD35C}.XPI

O1 HOSTS File: ([2012-03-25 22:47:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] E:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1085031214-362288127-682003330-1004..\Run: [AlcoholAutomount] E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer\Run: 22267 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.com
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-362288127-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Verzenden naar OneNote - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Kris\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.129 195.130.130.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{6621E9BE-86F6-475F-827D-D1FBC3E1B8D2}: DhcpNameServer = 195.130.131.129 195.130.130.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{6621E9BE-86F6-475F-827D-D1FBC3E1B8D2}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Ierland.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-08-28 20:46:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

**marle** · 26 maart 2012, 21:21

========== Files/Folders - Created Within 30 Days ==========

[2012-03-26 20:59:57 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kris\Bureaublad\OTL.com
[2012-03-26 20:58:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-03-25 22:39:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-03-25 22:38:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-03-25 22:38:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-03-25 22:38:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-03-25 22:38:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-03-25 22:38:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-03-25 22:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-25 22:37:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kris\Menu Start\Programma's\Systeembeheer
[2012-03-25 22:37:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kris\Mijn documenten\Mijn video's
[2012-03-25 18:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Menu Start\Programma's\SopCast
[2012-03-21 00:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Mijn documenten\FixO
[2012-03-20 23:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Application Data\synapmeqidi
[2012-03-20 22:42:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-03-20 22:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Application Data\hiadpt
[2012-03-20 22:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Local Settings
[2012-03-14 19:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Local Settings\Application Data\Help
[2012-03-14 19:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Application Data\Help
[2012-03-14 19:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\SSC Service Utility
[2012-03-10 13:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012-03-10 11:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kris\Application Data\Beckhoff
[2012-03-10 11:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\BECKHOFF
[2012-03-09 16:51:50 | 000,085,664 | ---- | C] (Beckhoff) -- C:\WINDOWS\System32\drivers\TcI8254x.sys
[2012-03-09 16:51:50 | 000,054,432 | ---- | C] (Beckhoff) -- C:\WINDOWS\System32\drivers\TcI8255x.sys
[2012-03-09 16:51:50 | 000,050,872 | ---- | C] (Beckhoff Automation GmbH) -- C:\WINDOWS\System32\drivers\TcPnP.sys
[2012-03-09 16:51:50 | 000,032,256 | ---- | C] (Beckhoff Industrie Elektronik) -- C:\WINDOWS\System32\TCatIoOcx.ocx
[2012-03-09 16:51:50 | 000,031,904 | ---- | C] (Beckhoff) -- C:\WINDOWS\System32\drivers\TcRteIm.sys
[2012-03-09 16:51:50 | 000,028,728 | ---- | C] (Beckhoff) -- C:\WINDOWS\System32\FcIoApi.dll
[2012-03-09 16:51:50 | 000,027,808 | ---- | C] (Beckhoff) -- C:\WINDOWS\System32\drivers\TcEther.sys
[2012-03-09 16:51:49 | 000,048,288 | ---- | C] (Beckhoff) -- C:\WINDOWS\System32\TCatIoDrv.dll
[2012-03-09 16:51:37 | 000,222,368 | ---- | C] (BECKHOFF) -- C:\WINDOWS\System32\TCATAdsAms7.dll
[2012-03-09 16:51:37 | 000,208,959 | ---- | C] (BECKHOFF) -- C:\WINDOWS\System32\TCATAdsAms.dll
[2012-03-09 16:51:37 | 000,121,504 | ---- | C] (BECKHOFF) -- C:\WINDOWS\System32\TCATHooks.dll
[2012-03-09 16:51:37 | 000,090,272 | ---- | C] (BECKHOFF) -- C:\WINDOWS\System32\TCATUserMan7.dll
[2012-03-09 16:51:37 | 000,032,835 | ---- | C] (BECKHOFF) -- C:\WINDOWS\System32\TCATGina.dll
[2012-03-09 16:51:37 | 000,029,344 | ---- | C] (BECKHOFF) -- C:\WINDOWS\System32\TCATGina7.dll
[2012-03-09 16:51:34 | 000,196,096 | ---- | C] (BECKHOFF) -- C:\WINDOWS\System32\AdsOcx.ocx
[2012-03-09 16:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\TwinCAT System
[2012-03-09 16:51:33 | 000,056,480 | ---- | C] (BECKHOFF) -- C:\WINDOWS\System32\AdsDll.dll
[2012-03-04 12:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\WAGO Software
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-26 20:59:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kris\Bureaublad\OTL.com
[2012-03-26 19:55:18 | 000,576,686 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-03-26 19:55:18 | 000,502,476 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-03-26 19:55:18 | 000,111,844 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-03-26 19:55:18 | 000,088,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-03-26 19:54:26 | 092,733,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-03-26 19:50:51 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012-03-26 19:50:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-03-25 22:47:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-03-25 22:39:49 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012-03-25 18:30:29 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Kris\Bureaublad\SopCast.lnk
[2012-03-25 09:38:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-03-23 19:53:43 | 000,122,867 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-03-22 22:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-03-22 20:53:29 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-03-20 22:43:23 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2012-03-20 22:40:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-03-15 19:45:56 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-03-15 00:02:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-03-14 19:27:16 | 000,005,248 | ---- | M] () -- C:\WINDOWS\System32\giveio.sys
[2012-03-14 19:26:06 | 000,000,558 | ---- | M] () -- C:\Documents and Settings\Kris\Bureaublad\SSC Service Utility.lnk
[2012-03-04 12:11:05 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\WAGO Ethernet Settings.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-25 22:39:49 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012-03-25 22:39:47 | 000,261,936 | RHS- | C] () -- C:\cmldr
[2012-03-25 22:38:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-03-25 22:38:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-03-25 22:38:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-03-25 22:38:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-03-25 22:38:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-03-25 18:30:29 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Kris\Bureaublad\SopCast.lnk
[2012-03-14 19:27:16 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2012-03-14 19:26:06 | 000,000,558 | ---- | C] () -- C:\Documents and Settings\Kris\Bureaublad\SSC Service Utility.lnk
[2012-03-09 16:51:33 | 000,270,399 | ---- | C] () -- C:\WINDOWS\System32\TcAdsDll.dll
[2012-03-04 12:11:05 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\WAGO Ethernet Settings.lnk
[2012-02-21 23:09:50 | 000,209,422 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-362288127-682003330-1004-0.dat
[2012-02-21 23:09:49 | 000,209,422 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012-02-15 14:50:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-01-16 15:23:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011-12-05 23:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011-12-05 23:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011-11-21 20:38:47 | 000,028,368 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-11-14 21:04:36 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2011-11-14 21:04:36 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2011-11-05 13:05:49 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2011-10-09 17:21:04 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011-10-02 09:09:52 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011-09-12 20:08:29 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011-09-12 20:08:29 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Kris\Application Data\PnkBstrK.sys
[2011-09-12 20:08:04 | 000,202,448 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011-09-12 20:08:02 | 003,360,624 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011-09-12 20:08:02 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011-08-29 23:30:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011-08-29 09:16:19 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Kris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-08-28 22:36:54 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-08-28 22:27:56 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-08-28 21:30:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-08-28 21:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011-08-28 21:19:49 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011-08-28 21:19:49 | 000,608,507 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011-08-28 21:19:49 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011-08-28 20:51:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-08-28 20:43:55 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

========== LOP Check ==========

[2012-03-22 19:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011-10-12 23:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2011-08-28 21:21:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011-12-05 19:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011-12-05 19:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012-03-18 11:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012-03-26 19:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-01-19 23:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2011-12-09 18:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2011-08-29 14:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011-09-18 17:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011-12-11 22:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011-08-29 23:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011-11-05 13:03:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\AVG2012
[2012-03-10 11:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Beckhoff
[2011-12-11 23:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\DVDVideoSoft
[2011-12-11 23:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\DVDVideoSoftIEHelpers
[2012-03-18 11:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Epson
[2012-03-20 23:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\hiadpt
[2012-03-20 23:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\synapmeqidi
[2011-10-09 13:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\SystemRequirementsLab
[2012-01-14 00:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\Thunderbird
[2012-03-22 11:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\uTorrent
[2011-09-18 17:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kris\Application Data\WindSolutions
[2012-03-26 19:50:51 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

**marle** · 26 maart 2012, 21:22

OTL Extras logfile created on: 26-3-2012 21:07:34 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Kris\Bureaublad
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3,25 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 82,97% Memory free
5,09 Gb Paging File | 4,62 Gb Available in Paging File | 90,73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 59,70 Gb Free Space | 59,70% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 239,85 Gb Free Space | 51,50% Space Free | Partition Type: NTFS
Drive E: | 411,98 Gb Total Space | 357,60 Gb Free Space | 86,80% Space Free | Partition Type: NTFS
Drive F: | 419,53 Gb Total Space | 180,15 Gb Free Space | 42,94% Space Free | Partition Type: NTFS

Computer Name: KRIS | User Name: Kris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT 4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4 .EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = E:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"E:\Program Files\Steam\Steam.exe" = E:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = E:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"E:\Program Files\Codemasters\F1 2011\F1_2011.exe" = E:\Program Files\Codemasters\F1 2011\F1_2011.exe:*:Enabled:F1 2011 -- (Codemasters)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Installer voor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Ubisoft\NCIS Game\support\UpdateLauncher\gu.exe" = C:\Program Files\Ubisoft\NCIS Game\support\UpdateLauncher\gu.exe:*:Enabled:NCIS Game -- (Ubisoft)
"C:\Program Files\Ubisoft\NCIS Game\NCIS.exe" = C:\Program Files\Ubisoft\NCIS Game\NCIS.exe:*:Enabled:NCIS Game -- ()
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Persoonlij ke e-mailscanner -- (AVG Technologies CZ, s.r.o.)
"E:\Program Files\Steam\steamapps\common\rage\Rage.exe" = E:\Program Files\Steam\steamapps\common\rage\Rage.exe:*:Enabl ed:RAGE -- (id Software)
"E:\Program Files\Steam\steamapps\common\amd driver updater, xp, 32 bit\Setup.exe" = E:\Program Files\Steam\steamapps\common\amd driver updater, xp, 32 bit\Setup.exe:*:Enabled:AMD Driver Updater, XP, 32 bit -- (Advanced Micro Devices, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09C6A4C7-A2D2-1DD9-A81C-44C30042A00C}" = CCC Help Greek
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A173336-214D-0609-4897-5E2547D0395D}" = CCC Help Dutch
"{1211F510-803E-4FEF-A718-137AAE4DCC59}" = NCIS Game
"{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1B9E212F-DFDC-F1D4-D1FD-986149513125}" = CCC Help Russian
"{1CAEFAE2-D12E-CA26-62BC-DF452004B3B1}" = CCC Help Swedish
"{1D9B2B74-82B1-9CE7-0A9A-6234008D11EE}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{220C5102-2566-337F-9E9B-C81C5C761BA2}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NLD
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{406AE7DC-5FD1-FC3A-00F5-024AD25DF01B}" = CCC Help Danish
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{434D0FA1-A4CC-401A-9E74-621000018101}" = F1 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A742CBE-078E-03FF-C7D5-B3E1B676BDF2}" = CCC Help Czech
"{4B6DD00B-BC05-185B-BE8B-997A23B367C4}" = CCC Help Chinese Traditional
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5F1AE198-965A-C65D-218A-B76F19B86BEC}" = CCC Help German
"{5FEEB4D3-31F1-FF10-5F61-A988CD44CA59}" = CCC Help Hungarian
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{651CD0A0-8B64-B3F1-23B9-294C39F09A31}" = CCC Help Finnish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77406E29-63E6-4D8F-B5FB-53C411564B33}" = GooReader
"{77514C51-66D9-2F7C-56D8-5495B8CFAF5E}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{792A669E-71A6-9210-2C06-3FCF0DDFC4C5}" = Catalyst Control Center Localization All
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{860BD052-49CB-7220-8792-15523D08C2A2}" = CCC Help Korean
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C788975-88ED-3C52-A188-6C944E9BD07D}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - NLD
"{8C93615B-5333-B61B-625E-0D4DCD9E09CA}" = CCC Help Norwegian
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8FDBE1E8-2922-4750-9E4B-6B28CA67DBBB}" = Unreal
"{90140000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUS_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0413-0000-0000000FF1CE}_Office14.PROPLUS_{D3B92058-CF96-445F-A297-F7ED19C4E841}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-0044-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0413-0000-0000000FF1CE}_Office14.PROPLUS_{260407D0-98A1-4D9A-A956-3D1DEDDDF3B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-00BA-0413-0000-0000000FF1CE}_Office14.PROPLUS_{7A6AD1A3-6EC6-4840-8A29-4CCD27A21069}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2B41C5-919A-7037-F5E8-42A5E90873B8}" = Catalyst Control Center Graphics Previews Common
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A395750A-78D7-36D1-A59D-1A0B601D4BDC}" = Microsoft .NET Framework 3.5 Language Pack - nld
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6991E11-AF13-652B-5736-C8800EF5527B}" = Catalyst Control Center
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Nederlands
"{ADD24D05-DDEA-39CB-0E92-AA371AEE2894}" = Catalyst Control Center InstallProxy
"{B2420CAA-ADC1-8581-938A-2B25C22EF17A}" = ccc-utility
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B81D9181-67D7-6A90-78EA-34108EBBCF7F}" = CCC Help Thai
"{BA314F9D-8401-1E44-11BF-F112E93F465E}" = CCC Help English
"{BEB0B424-3692-E0DC-8D25-04A36C7AB580}" = CCC Help Portuguese
"{BF38C221-B753-11D2-98C3-00104BB0CC7E}" = Information System
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4186C0D-FB9F-5D83-21FB-A737A13EFAE6}" = AMD Catalyst Install Manager
"{C4574477-C9FA-CF5F-B5AC-D379D655A962}" = CCC Help Chinese Standard
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA4DD0F-0871-39EB-A48B-03BC9E5E437B}" = CCC Help Japanese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DD366319-FDE5-4B15-9299-E1B95AAD5790}" = TwinCAT
"{DE0C72A8-B4A3-4B80-3CF9-2DC45CF865D5}" = CCC Help Spanish
"{E5B2C34F-BEDE-5AF8-DBD3-C05E8C030588}" = CCC Help Italian
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F0A6D1C4-7E73-963B-C4C6-C97121B1992B}" = CCC Help Turkish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"Call of Duty" = Call of Duty
"DScaler 4.1.15_is1" = DScaler 4.1.15
"E22DE6AB158C45011FCE3E63ED60AC9B0D7AB816" = Windows-stuurprogrammapakket - Ralink Technology, Corp. (rt2870) Net (04/03/2009 1.04.02.0000)
"EA0D8F08C10A625644188FE542C75305CB084120" = Windows-stuurprogrammapakket - Ralink Technology, Corp. (rt2870) Net (10/29/2008 1.02.04.0000)
"EPSON Scanner" = EPSON Scan
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"EPSON SX420W Series Manual" = EPSON SX420W Series Handboek
"EPSON SX420W Series Network Guide" = Netwerkhandleiding EPSON SX420W Series
"Free YouTube Download_is1" = Free YouTube Download version 3.0.18.1123
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"ie8" = Windows Internet Explorer 8
"InstallShield_{1211F510-803E-4FEF-A718-137AAE4DCC59}" = NCIS Game
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - nld" = Microsoft .NET Framework 3.5 Nederlands taalpakket
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 nl)" = Mozilla Firefox 11.0 (x86 nl)
"Mozilla Thunderbird 9.0.1 (x86 nl)" = Mozilla Thunderbird 9.0.1 (x86 nl)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.5.0
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Steam App 13140" = America's Army 3
"Steam App 9200" = RAGE
"The KMPlayer" = The KMPlayer (remove only)
"Tor" = Tor 0.2.2.33
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.14
"WAGO Ethernet Settings" = WAGO Ethernet Settings
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12-2-2012 8:09:45 | Computer Name = KRIS | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: crysis2.exe, versie: 1.0.0.5858, vastgelopen
module: crysis2.exe, versie: 1.0.0.5858, vastgelopen op: 0x0092efaf.

Error - 15-2-2012 16:01:21 | Computer Name = KRIS | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: e_farngce.exe, versie: 7.0.0.0, vastgelopen
module: e_faprgce.dll, versie: 7.0.0.0, vastgelopen op: 0x000aa09f.

Error - 17-2-2012 13:54:04 | Computer Name = KRIS | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 6-3-2012 19:40:06 | Computer Name = KRIS | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: eslite.exe, versie: 1.0.0.1, vastgelopen module:
eslite.exe, versie: 1.0.0.1, vastgelopen op: 0x00007e84.

Error - 10-3-2012 5:59:44 | Computer Name = KRIS | Source = Microsoft Office 14 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 14.0.6024.1000, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 14-3-2012 12:42:38 | Computer Name = KRIS | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: E_FARNGCE.EXE, versie: 7.0.0.0, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 18-3-2012 7:23:56 | Computer Name = KRIS | Source = Application Error | ID = 1000
Description = Vastgelopen toepassing: e_farngce.exe, versie: 7.0.0.0, vastgelopen
module: e_faprgce.dll, versie: 7.0.0.0, vastgelopen op: 0x000aa09f.

Error - 18-3-2012 8:09:25 | Computer Name = KRIS | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: KMPlayer.exe, versie: 3.0.0.1441, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 18-3-2012 8:09:55 | Computer Name = KRIS | Source = Application Hang | ID = 1002
Description = Vastgelopen toepassing: KMPlayer.exe, versie: 3.0.0.1441, vastgelopen
module: hungapp, versie: 0.0.0.0, vastgelopen op: 0x00000000.

Error - 25-3-2012 16:40:40 | Computer Name = KRIS | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: The server name or address could not be resolved

[ System Events ]
Error - 20-3-2012 18:16:21 | Computer Name = KRIS | Source = sr | ID = 1
Description = Tijdens de verwerking van het bestand op het volume HarddiskVolume1
is de fout 0xC0000001 opgetreden in het filter van Systeemherstel. Controle van
dit volume is gestopt.

Error - 22-3-2012 7:53:50 | Computer Name = KRIS | Source = DCOM | ID = 10005
Description = DCOM kreeg foutmelding '%1084' bij het starten van de EventSystem-service
met de argumenten '' om de server {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten

Error - 22-3-2012 7:54:20 | Computer Name = KRIS | Source = Service Control Manager | ID = 7001
Description = De DHCP Client-service is afhankelijk van de NetBios over Tcpip-service,
die vanwege de volgende fout niet kan worden gestart: %%31

Error - 22-3-2012 7:54:20 | Computer Name = KRIS | Source = Service Control Manager | ID = 7001
Description = De DNS Client-service is afhankelijk van de Stuurprogramma voor TCP/IP-protocol-service,
die vanwege de volgende fout niet kan worden gestart: %%31

Error - 22-3-2012 7:54:20 | Computer Name = KRIS | Source = Service Control Manager | ID = 7001
Description = De TCP/IP NetBIOS Helper-service is afhankelijk van de AFD-service,
die vanwege de volgende fout niet kan worden gestart: %%31

Error - 22-3-2012 7:54:20 | Computer Name = KRIS | Source = Service Control Manager | ID = 7001
Description = De Apple Mobile Device-service is afhankelijk van de Stuurprogramma
voor TCP/IP-protocol-service, die vanwege de volgende fout niet kan worden gestart:
%%31

Error - 22-3-2012 7:54:20 | Computer Name = KRIS | Source = Service Control Manager | ID = 7001
Description = De Bonjour-service-service is afhankelijk van de Stuurprogramma voor
TCP/IP-protocol-service, die vanwege de volgende fout niet kan worden gestart:
%%31

Error - 22-3-2012 7:54:20 | Computer Name = KRIS | Source = Service Control Manager | ID = 7001
Description = De IPSEC-services-service is afhankelijk van de IPSEC-stuurprogramma-service,
die vanwege de volgende fout niet kan worden gestart: %%31

Error - 22-3-2012 7:54:20 | Computer Name = KRIS | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: AFD AmdPPM Avgldx86
Avgmfx86
Avgtdix
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error - 22-3-2012 9:29:57 | Computer Name = KRIS | Source = Service Control Manager | ID = 7034
Description = De TcEventLogger-service is onverwacht beëindigd. Dit is nu 1 keer
gebeurd.

< End of report >

Alvast bedankt om naar mijn pc probleem te kijken!!!!!

**Juisterr** · 27 maart 2012, 20:58

Start OTL

Plak het volgende onder Custom Scans/Fixes

:OTL

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
Klik daarna bovenaan op de knop Run Fix
Laat het programma ongestoord zijn werk doen. De pc zal na afloop opnieuw opgestart worden.

Discussie: Virus: Achtung! Das Betriebssystem

LinkBack

Discussietools

Geef een waardering voor deze discussie

Virus: Achtung! Das Betriebssystem

Discussie informatie

Users Browsing this Thread

Regels voor berichten