Ga naar inhoud

kemicky

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    56

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door kemicky

  1. kemicky
    Beste mensen, Ik heb nu een laptop van een vriend die niet zo goed is in computer! Vandaar dat ik hem wil helpen het probleem oplossen! Kunnen jullie me helpen? Wat is de eerste stap wat ik kan doen? Vriendelijke groet Kemicky
  2. kemicky
    Speccy: http://speccy.piriform.com/results/F3NrXanfyvGyH1Nu5pouCAe Aangifte inkomstenbelasting 2010 Belastingdienst 23-3-2011 Aangifte inkomstenbelasting 2011 Belastingdienst 28-2-2012 Aangifte inkomstenbelasting 2012 Belastingdienst 6-3-2013 Acrobat.com Adobe Systems Incorporated 5-7-2010 1,61 MB 1.6.65 Adobe Acrobat 5.0 Adobe Systems, Inc. 25-10-2012 5.0 Adobe Digital Editions 29-3-2012 Adobe Digital Editions 2.0 Adobe Systems Incorporated 30-1-2013 15,4 MB 2.0 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 16-12-2011 6,00 MB 11.1.102.55 Adobe Reader XI - Nederlands Adobe Systems Incorporated 12-12-2012 124,1 MB 11.0.00 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 17-2-2012 11.6.4.634 Advanced System Protector Systweak Software 6-3-2013 18,1 MB 2.1.1000.10568 Ahnenblatt 2.70 Dirk Boettcher 25-7-2012 10,5 MB 2.70.0.0 Albelli Fotoboeken Albelli 11-1-2013 11,0 MB ArcSoft PhotoBase 3 26-4-2011 Ashampoo Burning Studio ashampoo GmbH & Co. KG 8-8-2010 129,0 MB 9.23.0 Ashampoo Photo Commander ashampoo GmbH & Co. KG 8-8-2010 114,0 MB 8.1.0 Ashampoo Snap ashampoo GmbH & Co. KG 8-8-2010 27,4 MB 3.4.0 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 8-8-2010 1.0.0.27 avast! Free Antivirus AVAST Software 15-2-2013 7.0.1474.0 Bing Bar Microsoft Corporation 24-3-2011 24,4 MB 7.0.609.0 Canon CanoScan Toolbox 4.0 26-4-2011 Canon Easy-WebPrint EX 24-1-2011 Canon Inkjet Printer/Scanner/Fax Extended Survey Program 24-1-2011 Canon iP2700 series Printer Driver 24-1-2011 Canon Utilities Easy-PhotoPrint EX 24-1-2011 Canon Utilities My Printer 24-1-2011 Canon Utilities Solution Menu 24-1-2011 CCleaner Piriform 31-1-2011 3.03 Cisco EAP-FAST Module Cisco Systems, Inc. 8-8-2010 1,15 MB 2.2.14 Cisco LEAP Module Cisco Systems, Inc. 8-8-2010 0,48 MB 1.0.19 Cisco PEAP Module Cisco Systems, Inc. 8-8-2010 0,90 MB 1.1.6 Compatibiliteitspakket voor het 2007 Microsoft Office system Microsoft Corporation 10-1-2013 185,2 MB 12.0.6612.1000 CorelDRAW Essentials 4 Corel Corporation 23-1-2011 CorelDRAW Essentials 4 - Windows Shell Extension Corel Corporation 23-1-2011 2,93 MB Creative WebCam NX Pro Driver (1.03.03.0326) 23-2-2011 CyberLink LabelPrint CyberLink Corp. 8-8-2010 143,4 MB 2.5.2602 CyberLink MediaShow CyberLink Corp. 13-8-2010 247 MB 5.0.1410a CyberLink MediaShow Espresso CyberLink Corp. 8-8-2010 82,0 MB 5.5.1412_24021 CyberLink PhotoNow CyberLink Corp. 8-8-2010 21,8 MB 1.1.6904 CyberLink Power2Go CyberLink Corp. 8-8-2010 104,8 MB 6.1.3602c CyberLink PowerDirector CyberLink Corp. 8-8-2010 284 MB 8.0.2718 CyberLink PowerDVD 9 CyberLink Corp. 8-8-2010 179,8 MB 9.0.2925.52 CyberLink PowerDVD Copy CyberLink Corp. 8-8-2010 30,8 MB 1.5.1306 CyberLink PowerProducer CyberLink Corp. 8-8-2010 173,2 MB 5.0.2.2326 Facebook Video Calling 1.2.0.287 Skype Limited 30-10-2012 4,77 MB 1.2.287 Gebruikersregistratie voor Canon iP2700 series 24-1-2011 Google Chrome Google Inc. 28-5-2011 27.0.1453.116 Haali Media Splitter 24-1-2011 HiJackThis Trend Micro 6-2-2013 0,37 MB 1.0.0 IncrediMail 8-3-2013 IncrediMail 2.0 IncrediMail Ltd. 7-3-2013 6.3.9.5260 Intel® Graphics Media Accelerator Driver Intel Corporation 9-8-2010 8.15.10.2182 Intel® Management Engine Components Intel Corporation 9-8-2010 6.0.0.1179 Intel® Rapid Storage Technology Intel Corporation 9-8-2010 9.6.0.1014 Jasc Paint Shop Pro 8 Uw bedrijfsnaam 29-1-2011 348 MB 8.04.0000 Java 7 Update 17 Oracle 29-3-2013 129,1 MB 7.0.170 Java 6 Update 31 Oracle 6-3-2012 95,1 MB 6.0.310 JavaFX 2.1.1 Oracle Corporation 30-6-2012 20,9 MB 2.1.1 Launch Manager Wistron Corp. 8-8-2010 1.5.1.2 Licensing Service Install Protexis Inc. 15-4-2013 1,58 MB 2.0.1.181 Logitech Vid HD Logitech Inc.. 1-11-2012 7.2 (7248) Logitech-webcamsoftware Logitech Inc. 1-11-2012 2.0 Malwarebytes Anti-Malware versie 1.75.0.1300 Malwarebytes Corporation 20-6-2013 19,3 MB 1.75.0.1300 Medion Home Cinema CyberLink Corp. 8-8-2010 36,4 MB 8.0.1505 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16-6-2012 38,8 MB 4.0.30320 Microsoft Office File Validation Add-In Microsoft Corporation 13-9-2011 7,95 MB 14.0.5130.5003 Microsoft Office Professional Editie 2003 Microsoft Corporation 11-6-2013 1.291 MB 11.0.8173.0 Microsoft Silverlight Microsoft Corporation 12-3-2013 244 MB 5.1.20125.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 5-7-2010 0,25 MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 4-8-2011 2,38 MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 7-8-2010 0,20 MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 3-10-2011 1,42 MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 8-8-2010 0,58 MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23-1-2011 0,58 MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 20-6-2011 0,59 MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15-11-2012 14,3 MB 10.0.40219 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 5-7-2010 1,34 MB 4.20.9876.0 MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 4-8-2011 46,00 KB 4.20.9818.0 MyFonts Order M3976557 MyFonts.com, Inc. 12-8-2012 17,00 KB 1.0 MyHeritage Family Tree Builder MyHeritage.com 26-1-2013 6.0.0.5634 Nokia Connectivity Cable Driver 7-3-2011 6.80.5.1 NVIDIA Display Control Panel NVIDIA Corporation 8-8-2010 6.14.12.5912 NVIDIA Drivers NVIDIA Corporation 8-8-2010 63,0 MB 1.10.62.40 OLYMPUS Digital Camera Updater OLYMPUS IMAGING CORP. 4-8-2011 0,16 MB 1.0.1 OLYMPUS Viewer 2 OLYMPUS IMAGING CORP. 4-8-2011 0,20 MB 1.1.1 ooVoo ooVoo LLC. 28-10-2012 27,7 MB 3.5.3023 PDF24 Creator 5.2.0 PDF24.org 15-1-2013 41,4 MB Pelikan Schulschriften Will Software 18-6-2012 1,80 MB Personal Ancestral File 5 26-11-2011 Photo Notifier and Animation Creator IncrediMail Ltd. 2-3-2012 1.0.0.1009 PlayReady PC Runtime x86 Microsoft Corporation 7-8-2010 1,65 MB 1.3.0 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 8-8-2010 6.0.1.6128 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 8-8-2010 6.1.7600.30121 REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 8-8-2010 1.00.0148 Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 8-8-2010 0,97 MB 2.0.4.0 Samsung Kies Samsung Electronics Co., Ltd. 16-6-2012 209 MB 2.3.2.12054_20 SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 16-6-2012 42,2 MB 1.5.5.0 Search-Results Toolbar APN LLC 6-3-2013 1.2.0.0 Skype Click to Call Skype Technologies S.A. 1-11-2012 13,5 MB 6.3.11079 Skype™ 6.1 Skype Technologies S.A. 31-1-2013 21,1 MB 6.1.129 Speccy Piriform 19-6-2013 1.22 SUPERAntiSpyware SUPERAntiSpyware.com 31-1-2011 44,7 MB 4.48.1000 Synaptics Pointing Device Driver Synaptics Incorporated 8-8-2010 14.0.19.0 Tango TangoMe, Inc. 31-3-2012 1.6.14117 Unity Web Player Unity Technologies ApS 16-12-2011 12,0 MB Video Converter 13-11-2012 Video Converter Packages 13-11-2012 WEB.DE Toolbar für Internet Explorer 1&1 Mail & Media GmbH 29-2-2012 1.7.2.0 Windows Media Encoder 9 Series 8-8-2010 Windows Media Player Firefox Plugin Microsoft Corp 27-5-2012 0,29 MB 1.0.0.8 Windows Searchqu Toolbar Bandoo Media Inc 28-2-2011 2.0.0.94786 Windows-stuurprogrammapakket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) OLYMPUS IMAGING CORP. 4-8-2011 09/09/2009 1.0.0.0 X10 Hardware 24-1-2011 Yahoo! BrowserPlus 2.9.8 Yahoo! Inc. 29-1-2011
  3. kemicky
    Aangifte inkomstenbelasting 2010 Belastingdienst 23-3-2011 Aangifte inkomstenbelasting 2011 Belastingdienst 28-2-2012 Aangifte inkomstenbelasting 2012 Belastingdienst 6-3-2013 Acrobat.com Adobe Systems Incorporated 5-7-2010 1,61 MB 1.6.65 Adobe Acrobat 5.0 Adobe Systems, Inc. 25-10-2012 5.0 Adobe Digital Editions 29-3-2012 Adobe Digital Editions 2.0 Adobe Systems Incorporated 30-1-2013 15,4 MB 2.0 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 16-12-2011 6,00 MB 11.1.102.55 Adobe Reader XI - Nederlands Adobe Systems Incorporated 12-12-2012 124,1 MB 11.0.00 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 17-2-2012 11.6.4.634 Advanced System Protector Systweak Software 6-3-2013 18,1 MB 2.1.1000.10568 Ahnenblatt 2.70 Dirk Boettcher 25-7-2012 10,5 MB 2.70.0.0 Albelli Fotoboeken Albelli 11-1-2013 11,0 MB ArcSoft PhotoBase 3 26-4-2011 Ashampoo Burning Studio ashampoo GmbH & Co. KG 8-8-2010 129,0 MB 9.23.0 Ashampoo Photo Commander ashampoo GmbH & Co. KG 8-8-2010 114,0 MB 8.1.0 Ashampoo Snap ashampoo GmbH & Co. KG 8-8-2010 27,4 MB 3.4.0 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 8-8-2010 1.0.0.27 avast! Free Antivirus AVAST Software 15-2-2013 7.0.1474.0 Bing Bar Microsoft Corporation 24-3-2011 24,4 MB 7.0.609.0 Canon CanoScan Toolbox 4.0 26-4-2011 Canon Easy-WebPrint EX 24-1-2011 Canon Inkjet Printer/Scanner/Fax Extended Survey Program 24-1-2011 Canon iP2700 series Printer Driver 24-1-2011 Canon Utilities Easy-PhotoPrint EX 24-1-2011 Canon Utilities My Printer 24-1-2011 Canon Utilities Solution Menu 24-1-2011 CCleaner Piriform 31-1-2011 3.03 Cisco EAP-FAST Module Cisco Systems, Inc. 8-8-2010 1,15 MB 2.2.14 Cisco LEAP Module Cisco Systems, Inc. 8-8-2010 0,48 MB 1.0.19 Cisco PEAP Module Cisco Systems, Inc. 8-8-2010 0,90 MB 1.1.6 Compatibiliteitspakket voor het 2007 Microsoft Office system Microsoft Corporation 10-1-2013 185,2 MB 12.0.6612.1000 CorelDRAW Essentials 4 Corel Corporation 23-1-2011 CorelDRAW Essentials 4 - Windows Shell Extension Corel Corporation 23-1-2011 2,93 MB Creative WebCam NX Pro Driver (1.03.03.0326) 23-2-2011 CyberLink LabelPrint CyberLink Corp. 8-8-2010 143,4 MB 2.5.2602 CyberLink MediaShow CyberLink Corp. 13-8-2010 247 MB 5.0.1410a CyberLink MediaShow Espresso CyberLink Corp. 8-8-2010 82,0 MB 5.5.1412_24021 CyberLink PhotoNow CyberLink Corp. 8-8-2010 21,8 MB 1.1.6904 CyberLink Power2Go CyberLink Corp. 8-8-2010 104,8 MB 6.1.3602c CyberLink PowerDirector CyberLink Corp. 8-8-2010 284 MB 8.0.2718 CyberLink PowerDVD 9 CyberLink Corp. 8-8-2010 179,8 MB 9.0.2925.52 CyberLink PowerDVD Copy CyberLink Corp. 8-8-2010 30,8 MB 1.5.1306 CyberLink PowerProducer CyberLink Corp. 8-8-2010 173,2 MB 5.0.2.2326 Facebook Video Calling 1.2.0.287 Skype Limited 30-10-2012 4,77 MB 1.2.287 Gebruikersregistratie voor Canon iP2700 series 24-1-2011 Google Chrome Google Inc. 28-5-2011 27.0.1453.116 Haali Media Splitter 24-1-2011 HiJackThis Trend Micro 6-2-2013 0,37 MB 1.0.0 IncrediMail 8-3-2013 IncrediMail 2.0 IncrediMail Ltd. 7-3-2013 6.3.9.5260 Intel® Graphics Media Accelerator Driver Intel Corporation 9-8-2010 8.15.10.2182 Intel® Management Engine Components Intel Corporation 9-8-2010 6.0.0.1179 Intel® Rapid Storage Technology Intel Corporation 9-8-2010 9.6.0.1014 Jasc Paint Shop Pro 8 Uw bedrijfsnaam 29-1-2011 348 MB 8.04.0000 Java 7 Update 17 Oracle 29-3-2013 129,1 MB 7.0.170 Java 6 Update 31 Oracle 6-3-2012 95,1 MB 6.0.310 JavaFX 2.1.1 Oracle Corporation 30-6-2012 20,9 MB 2.1.1 Launch Manager Wistron Corp. 8-8-2010 1.5.1.2 Licensing Service Install Protexis Inc. 15-4-2013 1,58 MB 2.0.1.181 Logitech Vid HD Logitech Inc.. 1-11-2012 7.2 (7248) Logitech-webcamsoftware Logitech Inc. 1-11-2012 2.0 Malwarebytes Anti-Malware versie 1.75.0.1300 Malwarebytes Corporation 20-6-2013 19,3 MB 1.75.0.1300 Medion Home Cinema CyberLink Corp. 8-8-2010 36,4 MB 8.0.1505 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16-6-2012 38,8 MB 4.0.30320 Microsoft Office File Validation Add-In Microsoft Corporation 13-9-2011 7,95 MB 14.0.5130.5003 Microsoft Office Professional Editie 2003 Microsoft Corporation 11-6-2013 1.291 MB 11.0.8173.0 Microsoft Silverlight Microsoft Corporation 12-3-2013 244 MB 5.1.20125.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 5-7-2010 0,25 MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 4-8-2011 2,38 MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 7-8-2010 0,20 MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 3-10-2011 1,42 MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 8-8-2010 0,58 MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23-1-2011 0,58 MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 20-6-2011 0,59 MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15-11-2012 14,3 MB 10.0.40219 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 5-7-2010 1,34 MB 4.20.9876.0 MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 4-8-2011 46,00 KB 4.20.9818.0 MyFonts Order M3976557 MyFonts.com, Inc. 12-8-2012 17,00 KB 1.0 MyHeritage Family Tree Builder MyHeritage.com 26-1-2013 6.0.0.5634 Nokia Connectivity Cable Driver 7-3-2011 6.80.5.1 NVIDIA Display Control Panel NVIDIA Corporation 8-8-2010 6.14.12.5912 NVIDIA Drivers NVIDIA Corporation 8-8-2010 63,0 MB 1.10.62.40 OLYMPUS Digital Camera Updater OLYMPUS IMAGING CORP. 4-8-2011 0,16 MB 1.0.1 OLYMPUS Viewer 2 OLYMPUS IMAGING CORP. 4-8-2011 0,20 MB 1.1.1 ooVoo ooVoo LLC. 28-10-2012 27,7 MB 3.5.3023 PDF24 Creator 5.2.0 PDF24.org 15-1-2013 41,4 MB Pelikan Schulschriften Will Software 18-6-2012 1,80 MB Personal Ancestral File 5 26-11-2011 Photo Notifier and Animation Creator IncrediMail Ltd. 2-3-2012 1.0.0.1009 PlayReady PC Runtime x86 Microsoft Corporation 7-8-2010 1,65 MB 1.3.0 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 8-8-2010 6.0.1.6128 Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 8-8-2010 6.1.7600.30121 REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 8-8-2010 1.00.0148 Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 8-8-2010 0,97 MB 2.0.4.0 Samsung Kies Samsung Electronics Co., Ltd. 16-6-2012 209 MB 2.3.2.12054_20 SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 16-6-2012 42,2 MB 1.5.5.0 Search-Results Toolbar APN LLC 6-3-2013 1.2.0.0 Skype Click to Call Skype Technologies S.A. 1-11-2012 13,5 MB 6.3.11079 Skype™ 6.1 Skype Technologies S.A. 31-1-2013 21,1 MB 6.1.129 Speccy Piriform 19-6-2013 1.22 SUPERAntiSpyware SUPERAntiSpyware.com 31-1-2011 44,7 MB 4.48.1000 Synaptics Pointing Device Driver Synaptics Incorporated 8-8-2010 14.0.19.0 Tango TangoMe, Inc. 31-3-2012 1.6.14117 Unity Web Player Unity Technologies ApS 16-12-2011 12,0 MB Video Converter 13-11-2012 Video Converter Packages 13-11-2012 WEB.DE Toolbar für Internet Explorer 1&1 Mail & Media GmbH 29-2-2012 1.7.2.0 Windows Media Encoder 9 Series 8-8-2010 Windows Media Player Firefox Plugin Microsoft Corp 27-5-2012 0,29 MB 1.0.0.8 Windows Searchqu Toolbar Bandoo Media Inc 28-2-2011 2.0.0.94786 Windows-stuurprogrammapakket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) OLYMPUS IMAGING CORP. 4-8-2011 09/09/2009 1.0.0.0 X10 Hardware 24-1-2011 Yahoo! BrowserPlus 2.9.8 Yahoo! Inc. 29-1-2011
  4. kemicky
    Beste Mako, Heel hartelijk dank voor je hulp en moeite! Nadat de computer eerder al meerdere keren automatisch is opgestart ging het steeds beter. Volgens mij werk mijn pc nu beter. Een vriend van mij heeft een laptop die erg traag is geworden. Mijn vraagje is of jij mij ook zou helpen? Alvast bedankt Vriendelijke groet Kemicky
  5. kemicky
    Zoek.exe Version 4.0.0.2 Updated 22-June-2013 Tool run by ArMi on zo 23-06-2013 at 11:48:37,25. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results20-06-2013-2115.log 280 bytes C:\zoek-results20-06-2013-2122.log 370 bytes C:\zoek-results21-06-2013-1259.log 462 bytes C:\zoek-results21-06-2013-1301.log 462 bytes C:\zoek-results21-06-2013-1325.log 508 bytes C:\zoek-results21-06-2013-1926.log 554 bytes C:\zoek-results21-06-2013-1927.log 600 bytes C:\zoek-results21-06-2013-1953.log 28878 bytes C:\zoek-results22-06-2013-0859.log 8491 bytes C:\zoek-results23-06-2013-0842.log 11203 bytes ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[31-10-2012 00:48] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02-10-2012 13:14] WeatherBug - ArMi - Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak Skype Click to Call - ArMi - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== EOF on zo 23-06-2013 at 11:49:24,84 ======================
  6. kemicky
    Zoek.exe Version 4.0.0.2 Updated 22-June-2013 Tool run by ArMi on zo 23-06-2013 at 8:36:37,26. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results20-06-2013-2115.log 280 bytes C:\zoek-results20-06-2013-2122.log 370 bytes C:\zoek-results21-06-2013-1259.log 462 bytes C:\zoek-results21-06-2013-1301.log 462 bytes C:\zoek-results21-06-2013-1325.log 508 bytes C:\zoek-results21-06-2013-1926.log 554 bytes C:\zoek-results21-06-2013-1927.log 600 bytes C:\zoek-results21-06-2013-1953.log 28878 bytes C:\zoek-results22-06-2013-0859.log 8491 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDFE5E63-116A-4655-9B4D-29F4AFE441B3} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ArMi\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-06-12 20:44:26 F67B1B348CBBCB60DAEC276712582E8C 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-12 20:44:25 B3DC4D1658093C1E486CA9F22180BECF 1141248 ----a-w- C:\Windows\System32\urlmon.dll 2013-06-12 20:44:25 5E2D9C88284AA3BECF15BEA0920A1903 391168 ----a-w- C:\Windows\System32\ieui.dll 2013-06-12 20:44:23 FCA0837B2739C044EEC00AF0DDD73FFC 13760512 ----a-w- C:\Windows\System32\ieframe.dll 2013-06-12 20:44:21 F383B1AD5D7FDC1ACB0D900B50572F8D 2046976 ----a-w- C:\Windows\System32\iertutil.dll 2013-06-12 20:44:21 05920BD009621D06722A1CD339DA6481 14327808 ----a-w- C:\Windows\System32\mshtml.dll 2013-06-12 20:41:18 091C7153A1292F19BE34FAC07FFF12EC 690688 ----a-w- C:\Windows\System32\jscript.dll 2013-06-12 20:41:16 97FA62873FF759574B20DF39FF22CC27 2877440 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-12 20:41:16 4395AC0BC02009AFAAB01368BA38AF30 39424 ----a-w- C:\Windows\System32\jsproxy.dll 2013-06-12 20:41:15 A10E7B582DEA86572510CB73CCCECA34 61440 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-12 20:41:13 DD09C65E52F3D5574F9774EE0D4DAA57 33280 ----a-w- C:\Windows\System32\iernonce.dll 2013-06-12 20:41:13 64DF9B793072A53F245515E08D8F5E37 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-06-12 20:41:13 0FEED965B909BA2D210CE78C21626A69 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2013-06-12 20:41:12 CE3EC9D85ED88ED4AD948B90BB9ED31D 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 20:41:12 9593EA1AE5F39C1174B532213D47664B 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-12 20:41:09 2473CA6595A2659D7039A4A89FECA269 1767936 ----a-w- C:\Windows\System32\wininet.dll 2013-06-12 14:51:51 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\System32\d3d11.dll 2013-06-12 14:51:43 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-06-12 14:51:33 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\System32\win32spl.dll 2013-06-12 14:51:31 92245C959E5BC378809D2CC5E9F6E9C7 1160192 ----a-w- C:\Windows\System32\crypt32.dll 2013-06-12 14:51:31 8A8B277067C22F4BF6AA9A31692FC4D3 103936 ----a-w- C:\Windows\System32\cryptnet.dll 2013-06-12 14:51:31 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\System32\certutil.exe 2013-06-12 14:51:30 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\System32\certenc.dll 2013-06-12 14:51:30 3897DFF247D9ED0006190349DE264E14 140288 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-06-12 14:51:27 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-06-12 14:51:25 575DDD83B40880E1DEB48758673BDA71 3913576 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-06-12 14:51:25 3F63CF7DF313428CA9C5D1F410DF4645 3968872 ----a-w- C:\Windows\System32\ntkrnlpa.exe ====== C:\Windows\system32\drivers ===== 2013-06-22 13:26:13 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys 2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-12 14:51:22 D32FDAC73FCD76B85389C39BC1087F2A 1293672 ----a-w- C:\Windows\System32\drivers\tcpip.sys ====== C:\Windows\Tasks ====== 2013-06-20 19:15:17 49509E5A965A94760609D96C3413BE38 3120 ----a-w- C:\Windows\system32\Tasks\{2C483F32-378A-4E30-A7CD-592650256511} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== 2013-06-22 15:03:58 0F4A56B17456C4BBDCAD750429E5C912 8778 ----a-w- C:\AdwCleaner[s2].txt ====== C:\Users\ArMi\AppData\Roaming ====== 2013-06-22 06:35:53 -------- d-----w- C:\users\ArMi\AppData\Local\Temp ====== C:\Users\ArMi ====== 2013-06-22 15:08:09 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\ArMi\Downloads\OTL (1).exe 2013-06-22 15:07:25 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\ArMi\Downloads\OTL.exe 2013-06-22 15:03:24 4EF33D516F31BEB1C9847D1FDA69375C 648201 ----a-w- C:\Users\ArMi\Downloads\adwcleaner.exe 2013-06-21 11:01:47 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\ArMi\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-21 10:46:44 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\ArMi\Downloads\TFC.exe 2013-06-20 17:25:41 8AEB5D7CF5182094977760A765FA5B01 5126104 ----a-w- C:\Users\ArMi\Downloads\spsetup122.exe ====== C: exe-files == 2013-06-19 12:32:24 80633916458CC8041D0F483B7633E9F6 1582944 ----a-w- C:\Users\ArMi\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_27.0.1453.110_chrome_updater.exe 2013-06-19 10:38:44 FC89629363054D6EE349BE6D372FB8A8 129896 ----a-w- C:\Program Files\Speccy\uninst.exe 2013-06-19 10:38:04 185804AC50A546738B466B5CF04AC793 5926168 ----a-w- C:\Program Files\Speccy\Speccy.exe === C: other files == 2013-06-23 06:06:03 59971CC6BF628653C45FBA2FC81F7B3B 144 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys 2013-06-22 13:26:13 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys 2013-06-22 06:29:59 5F564D422FECD62C2FB3BDF9734664F5 756 ----a-w- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip 2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Facebook Update"="C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 " "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" "LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" "NUSB3MON"="C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" "Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui" "LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "PDFPrint"="C:\Program Files\PDF24\pdf24.exe" "Family Tree Builder Update"="C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Facebook Update"="C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job --a------ C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe [31-10-2012 12:32] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job --a------ C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe [31-10-2012 12:32] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job --a------ C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe [24-01-2011 20:51] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job --a------ C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe [24-01-2011 20:51] ==== EOF on zo 23-06-2013 at 8:42:21,50 ======================
  7. kemicky
    Goedemorgen! --------------------------- OTL logfile created on: 6/22/2013 10:07:17 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArMi\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3.18 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 56.46% Memory free 6.35 Gb Paging File | 4.16 Gb Available in Paging File | 65.47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 294.58 Gb Total Space | 237.59 Gb Free Space | 80.65% Space Free | Partition Type: NTFS Drive D: | 270.48 Gb Total Space | 237.82 Gb Free Space | 87.93% Space Free | Partition Type: NTFS Drive F: | 30.00 Gb Total Space | 9.58 Gb Free Space | 31.93% Space Free | Partition Type: NTFS Computer Name: ARMI-PC | User Name: ArMi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/22 17:08:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArMi\Downloads\OTL.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/10/31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/06/08 04:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011/03/02 00:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/11/02 04:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2013/06/22 08:59:09 | 000,115,137 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll MOD - [2013/06/15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll MOD - [2013/06/15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll MOD - [2013/06/15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013/06/15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013/06/15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013/06/15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll MOD - [2013/05/15 08:47:54 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013/05/15 08:47:40 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013/05/15 08:47:36 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll MOD - [2013/05/15 08:47:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013/05/15 08:47:27 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013/01/12 08:22:48 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll MOD - [2013/01/12 08:22:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll MOD - [2013/01/12 08:21:38 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013/01/12 00:56:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll MOD - [2013/01/12 00:56:29 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013/01/12 00:56:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013/01/12 00:56:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013/01/12 00:56:13 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/03/10 19:03:24 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011/03/02 00:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/03/02 00:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/03/02 00:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/03/02 00:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/03/02 00:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/01/13 03:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll MOD - [2011/01/13 03:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll ========== Services (SafeList) ========== SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/01/25 23:23:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/10/31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/10/31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/10/31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/10/31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/10/31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/10/15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/03/04 03:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2011/03/04 03:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011/03/04 03:27:20 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter) DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/12/02 12:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS -- (SAS***IL) DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010/04/01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006/12/05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2004/05/04 06:49:00 | 000,091,241 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1131Vid.sys -- (P1131VID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{88EAB4FF-0C04-4773-B0BB-661AA49BB50D}: "URL" = http://go.web.de/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{CB62A195-5D27-4833-8F3F-0730AEEB9589}: "URL" = http://go.web.de/br/ie8_search_ebay/?q={searchTerms} IE - HKCU\..\SearchScopes\{E8A0F93B-C792-415F-BF1F-90EF126373C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ArMi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/02/16 22:51:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/16 09:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Extensions [2012/12/08 22:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions [2012/12/08 23:50:53 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013/06/22 08:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\Profiles\aw36llwo.default\extensions [2012/11/14 20:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3434555513224486&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: nu.nl | Het laatste nieuws het eerst op nu.nl CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Unity Player (Enabled) = C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: WeatherBug = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.5_0\ CHR - Extension: Skype Click to Call = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE File not found O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [Facebook Update] C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD7403F-E36C-4313-85BD-AEE823F8A4D3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/22 21:20:18 | 000,000,000 | ---D | C] -- C:\_OTL [2013/06/22 15:26:13 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/06/22 08:59:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\ArMi\AppData\Local\Temp [2013/06/21 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/21 13:02:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/06/21 13:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2013/06/22 21:42:01 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/22 21:42:01 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/22 21:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/22 21:34:36 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys [2013/06/22 21:32:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job [2013/06/22 21:24:09 | 000,006,656 | ---- | M] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/22 20:40:25 | 000,046,973 | ---- | M] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0002.jpg [2013/06/22 20:39:48 | 000,051,126 | ---- | M] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0001.jpg [2013/06/22 20:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job [2013/06/22 18:32:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job [2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/06/22 11:37:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job [2013/06/22 08:29:59 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip [2013/06/22 08:29:09 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013/06/21 18:49:49 | 000,036,226 | ---- | M] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg [2013/06/21 18:48:51 | 000,084,358 | ---- | M] () -- C:\Users\ArMi\Desktop\RunScript.jpg [2013/06/21 13:02:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/21 12:36:35 | 000,484,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/06/21 09:27:59 | 000,052,528 | ---- | M] () -- C:\Windows\System\TT0865M_.TTF [2013/06/21 09:27:59 | 000,052,304 | ---- | M] () -- C:\Windows\System\TT0863M_.TTF [2013/06/21 09:27:59 | 000,051,648 | ---- | M] () -- C:\Windows\System\TT0866M_.TTF [2013/06/21 09:27:59 | 000,051,488 | ---- | M] () -- C:\Windows\System\TT0864M_.TTF [2013/06/21 09:27:59 | 000,038,244 | ---- | M] () -- C:\Windows\System\TT0543M_.TTF [2013/06/21 09:27:59 | 000,036,108 | ---- | M] () -- C:\Windows\System\TT0532M_.TTF [2013/06/21 09:27:59 | 000,035,936 | ---- | M] () -- C:\Windows\System\TT0414M_.TTF [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0866m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0865m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0864m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0863m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0543m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0532m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0414m_.FOT [2013/06/21 09:27:57 | 000,038,392 | ---- | M] () -- C:\Windows\System\TT0533M_.TTF [2013/06/21 09:27:57 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0533m_.FOT [2013/06/21 09:27:19 | 000,701,798 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2013/06/21 09:27:19 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/06/21 09:27:19 | 000,133,798 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2013/06/21 09:27:19 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/06/21 09:24:49 | 000,061,428 | ---- | M] () -- C:\Windows\System\TT0725M_.TTF [2013/06/21 09:24:49 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0725m_.FOT [2013/06/20 21:13:20 | 001,271,997 | ---- | M] () -- C:\Users\ArMi\Desktop\zoek.exe [2013/06/20 19:26:18 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk [2013/06/20 19:22:46 | 000,002,959 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk [2013/06/20 19:20:33 | 001,402,880 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.msi [2013/06/15 14:39:50 | 000,187,272 | ---- | M] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg [2013/06/08 12:04:07 | 000,157,898 | ---- | M] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg [2013/05/25 13:59:31 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf ========== Files Created - No Company Name ========== [2013/06/22 21:24:07 | 000,006,656 | ---- | C] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/22 20:41:21 | 000,051,126 | ---- | C] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0001.jpg [2013/06/22 20:41:12 | 000,046,973 | ---- | C] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0002.jpg [2013/06/22 08:35:53 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013/06/22 08:29:59 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip [2013/06/21 18:49:49 | 000,036,226 | ---- | C] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg [2013/06/21 18:48:51 | 000,084,358 | ---- | C] () -- C:\Users\ArMi\Desktop\RunScript.jpg [2013/06/21 13:02:22 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/21 13:01:23 | 001,271,997 | ---- | C] () -- C:\Users\ArMi\Desktop\zoek.exe [2013/06/21 09:27:59 | 000,052,528 | ---- | C] () -- C:\Windows\System\TT0865M_.TTF [2013/06/21 09:27:59 | 000,052,304 | ---- | C] () -- C:\Windows\System\TT0863M_.TTF [2013/06/21 09:27:59 | 000,051,648 | ---- | C] () -- C:\Windows\System\TT0866M_.TTF [2013/06/21 09:27:59 | 000,051,488 | ---- | C] () -- C:\Windows\System\TT0864M_.TTF [2013/06/21 09:27:59 | 000,038,244 | ---- | C] () -- C:\Windows\System\TT0543M_.TTF [2013/06/21 09:27:59 | 000,036,108 | ---- | C] () -- C:\Windows\System\TT0532M_.TTF [2013/06/21 09:27:59 | 000,035,936 | ---- | C] () -- C:\Windows\System\TT0414M_.TTF [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0866m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0865m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0864m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0863m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0543m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0532m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0414m_.FOT [2013/06/21 09:27:57 | 000,038,392 | ---- | C] () -- C:\Windows\System\TT0533M_.TTF [2013/06/21 09:27:57 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0533m_.FOT [2013/06/21 09:24:49 | 000,061,428 | ---- | C] () -- C:\Windows\System\TT0725M_.TTF [2013/06/21 09:24:49 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0725m_.FOT [2013/06/20 19:26:18 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk [2013/06/20 19:22:46 | 000,002,959 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk [2013/06/20 19:22:17 | 001,402,880 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.msi [2013/06/15 14:39:49 | 000,187,272 | ---- | C] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg [2013/06/08 12:04:06 | 000,157,898 | ---- | C] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg [2013/05/25 13:59:31 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013/02/16 09:57:25 | 000,000,262 | RHS- | C] () -- C:\Users\ArMi\ntuser.pol [2013/02/04 19:59:59 | 000,007,605 | ---- | C] () -- C:\Users\ArMi\AppData\Local\Resmon.ResmonCfg [2013/01/27 10:04:03 | 000,000,618 | ---- | C] () -- C:\Windows\MyHeritage.INI [2012/05/29 09:12:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012/03/03 17:56:24 | 000,004,096 | -H-- | C] () -- C:\Users\ArMi\AppData\Local\keyfile3.drm ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/02/21 15:29:58 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Ahnenblatt [2013/03/07 22:06:18 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Belastingdienst [2011/01/24 20:41:13 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\BullGuard [2011/02/24 18:22:12 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\com.oceanbreezegames.cubecrash [2012/09/21 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\convert [2013/02/20 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\DVDVideoSoft [2011/04/27 16:24:56 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\InterTrust [2012/11/02 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Leadertech [2013/03/05 12:14:03 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\MyHeritage [2012/11/06 10:35:37 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\ooVoo Details [2012/10/15 12:51:16 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Opera [2012/06/17 16:26:32 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Samsung [2013/03/14 12:41:55 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Stammbaumdrucker [2013/01/27 10:01:16 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\The Complete Genealogy Reporter - FTB [2012/10/30 08:19:09 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\TuneUp Software [2012/12/08 23:50:51 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\uTorrent [2012/11/14 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\VideoConverterPackages ========== Purity Check ========== < End of report > - - - Updated - - - Ik gebruik Google Chrome en gisteren en zojuist heb ik de log geplaatst. Zodra ik op "snel reageren" heb geklikt, stopt Google Chrome dat ik niet meer kan zien of de log naar je is gestuurd. Nu gebruik ik Internet Explorer en zie dat de log toch is verstuurd! Sorry voor de meerdere keren! - - - Updated - - - Ik gebruik Google Chrome en gisteren en zojuist heb ik de log geplaatst. Zodra ik op "snel reageren" heb geklikt, stopt Google Chrome dat ik niet meer kan zien of de log naar je is gestuurd. Nu gebruik ik Internet Explorer en zie dat de log toch is verstuurd! Sorry voor de meerdere keren! - - - Updated - - - ========== COMMANDS ========== Restore point Set: OTL Restore Point ========== OTL ========== Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: ArMi ->Java cache emptied: 0 bytes User: Default User: Default User User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: ArMi ->Flash cache emptied: 456 bytes User: Default User: Default User User: Public User: UpdatusUser Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06232013_082820
  8. kemicky
    Waar kan ik de log halen? Die is door het opnieuw opstarten verdwenen. - - - Updated - - - Hier Log van Fix: OTL logfile created on: 6/22/2013 10:07:17 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArMi\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3.18 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 56.46% Memory free 6.35 Gb Paging File | 4.16 Gb Available in Paging File | 65.47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 294.58 Gb Total Space | 237.59 Gb Free Space | 80.65% Space Free | Partition Type: NTFS Drive D: | 270.48 Gb Total Space | 237.82 Gb Free Space | 87.93% Space Free | Partition Type: NTFS Drive F: | 30.00 Gb Total Space | 9.58 Gb Free Space | 31.93% Space Free | Partition Type: NTFS Computer Name: ARMI-PC | User Name: ArMi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/22 17:08:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArMi\Downloads\OTL.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/10/31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/06/08 04:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011/03/02 00:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/11/02 04:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2013/06/22 08:59:09 | 000,115,137 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll MOD - [2013/06/15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll MOD - [2013/06/15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll MOD - [2013/06/15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013/06/15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013/06/15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013/06/15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll MOD - [2013/05/15 08:47:54 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013/05/15 08:47:40 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013/05/15 08:47:36 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll MOD - [2013/05/15 08:47:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013/05/15 08:47:27 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013/01/12 08:22:48 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll MOD - [2013/01/12 08:22:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll MOD - [2013/01/12 08:21:38 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013/01/12 00:56:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll MOD - [2013/01/12 00:56:29 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013/01/12 00:56:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013/01/12 00:56:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013/01/12 00:56:13 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/03/10 19:03:24 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011/03/02 00:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/03/02 00:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/03/02 00:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/03/02 00:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/03/02 00:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/01/13 03:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll MOD - [2011/01/13 03:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll ========== Services (SafeList) ========== SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/01/25 23:23:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/10/31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/10/31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/10/31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/10/31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/10/31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/10/15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/03/04 03:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2011/03/04 03:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011/03/04 03:27:20 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter) DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/12/02 12:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS -- (SAS***IL) DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010/04/01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006/12/05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2004/05/04 06:49:00 | 000,091,241 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1131Vid.sys -- (P1131VID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{88EAB4FF-0C04-4773-B0BB-661AA49BB50D}: "URL" = http://go.web.de/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{CB62A195-5D27-4833-8F3F-0730AEEB9589}: "URL" = http://go.web.de/br/ie8_search_ebay/?q={searchTerms} IE - HKCU\..\SearchScopes\{E8A0F93B-C792-415F-BF1F-90EF126373C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ArMi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/02/16 22:51:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/16 09:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Extensions [2012/12/08 22:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions [2012/12/08 23:50:53 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013/06/22 08:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\Profiles\aw36llwo.default\extensions [2012/11/14 20:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3434555513224486&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: http://www.nu.nl/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Unity Player (Enabled) = C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: WeatherBug = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.5_0\ CHR - Extension: Skype Click to Call = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE File not found O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [Facebook Update] C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD7403F-E36C-4313-85BD-AEE823F8A4D3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/22 21:20:18 | 000,000,000 | ---D | C] -- C:\_OTL [2013/06/22 15:26:13 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/06/22 08:59:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\ArMi\AppData\Local\Temp [2013/06/21 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/21 13:02:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/06/21 13:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2013/06/22 21:42:01 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/22 21:42:01 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/22 21:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/22 21:34:36 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys [2013/06/22 21:32:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job [2013/06/22 21:24:09 | 000,006,656 | ---- | M] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/22 20:40:25 | 000,046,973 | ---- | M] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0002.jpg [2013/06/22 20:39:48 | 000,051,126 | ---- | M] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0001.jpg [2013/06/22 20:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job [2013/06/22 18:32:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job [2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/06/22 11:37:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job [2013/06/22 08:29:59 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip [2013/06/22 08:29:09 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013/06/21 18:49:49 | 000,036,226 | ---- | M] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg [2013/06/21 18:48:51 | 000,084,358 | ---- | M] () -- C:\Users\ArMi\Desktop\RunScript.jpg [2013/06/21 13:02:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/21 12:36:35 | 000,484,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/06/21 09:27:59 | 000,052,528 | ---- | M] () -- C:\Windows\System\TT0865M_.TTF [2013/06/21 09:27:59 | 000,052,304 | ---- | M] () -- C:\Windows\System\TT0863M_.TTF [2013/06/21 09:27:59 | 000,051,648 | ---- | M] () -- C:\Windows\System\TT0866M_.TTF [2013/06/21 09:27:59 | 000,051,488 | ---- | M] () -- C:\Windows\System\TT0864M_.TTF [2013/06/21 09:27:59 | 000,038,244 | ---- | M] () -- C:\Windows\System\TT0543M_.TTF [2013/06/21 09:27:59 | 000,036,108 | ---- | M] () -- C:\Windows\System\TT0532M_.TTF [2013/06/21 09:27:59 | 000,035,936 | ---- | M] () -- C:\Windows\System\TT0414M_.TTF [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0866m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0865m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0864m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0863m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0543m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0532m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0414m_.FOT [2013/06/21 09:27:57 | 000,038,392 | ---- | M] () -- C:\Windows\System\TT0533M_.TTF [2013/06/21 09:27:57 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0533m_.FOT [2013/06/21 09:27:19 | 000,701,798 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2013/06/21 09:27:19 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/06/21 09:27:19 | 000,133,798 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2013/06/21 09:27:19 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/06/21 09:24:49 | 000,061,428 | ---- | M] () -- C:\Windows\System\TT0725M_.TTF [2013/06/21 09:24:49 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0725m_.FOT [2013/06/20 21:13:20 | 001,271,997 | ---- | M] () -- C:\Users\ArMi\Desktop\zoek.exe [2013/06/20 19:26:18 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk [2013/06/20 19:22:46 | 000,002,959 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk [2013/06/20 19:20:33 | 001,402,880 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.msi [2013/06/15 14:39:50 | 000,187,272 | ---- | M] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg [2013/06/08 12:04:07 | 000,157,898 | ---- | M] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg [2013/05/25 13:59:31 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf ========== Files Created - No Company Name ========== [2013/06/22 21:24:07 | 000,006,656 | ---- | C] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/22 20:41:21 | 000,051,126 | ---- | C] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0001.jpg [2013/06/22 20:41:12 | 000,046,973 | ---- | C] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0002.jpg [2013/06/22 08:35:53 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013/06/22 08:29:59 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip [2013/06/21 18:49:49 | 000,036,226 | ---- | C] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg [2013/06/21 18:48:51 | 000,084,358 | ---- | C] () -- C:\Users\ArMi\Desktop\RunScript.jpg [2013/06/21 13:02:22 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/21 13:01:23 | 001,271,997 | ---- | C] () -- C:\Users\ArMi\Desktop\zoek.exe [2013/06/21 09:27:59 | 000,052,528 | ---- | C] () -- C:\Windows\System\TT0865M_.TTF [2013/06/21 09:27:59 | 000,052,304 | ---- | C] () -- C:\Windows\System\TT0863M_.TTF [2013/06/21 09:27:59 | 000,051,648 | ---- | C] () -- C:\Windows\System\TT0866M_.TTF [2013/06/21 09:27:59 | 000,051,488 | ---- | C] () -- C:\Windows\System\TT0864M_.TTF [2013/06/21 09:27:59 | 000,038,244 | ---- | C] () -- C:\Windows\System\TT0543M_.TTF [2013/06/21 09:27:59 | 000,036,108 | ---- | C] () -- C:\Windows\System\TT0532M_.TTF [2013/06/21 09:27:59 | 000,035,936 | ---- | C] () -- C:\Windows\System\TT0414M_.TTF [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0866m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0865m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0864m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0863m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0543m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0532m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0414m_.FOT [2013/06/21 09:27:57 | 000,038,392 | ---- | C] () -- C:\Windows\System\TT0533M_.TTF [2013/06/21 09:27:57 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0533m_.FOT [2013/06/21 09:24:49 | 000,061,428 | ---- | C] () -- C:\Windows\System\TT0725M_.TTF [2013/06/21 09:24:49 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0725m_.FOT [2013/06/20 19:26:18 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk [2013/06/20 19:22:46 | 000,002,959 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk [2013/06/20 19:22:17 | 001,402,880 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.msi [2013/06/15 14:39:49 | 000,187,272 | ---- | C] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg [2013/06/08 12:04:06 | 000,157,898 | ---- | C] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg [2013/05/25 13:59:31 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013/02/16 09:57:25 | 000,000,262 | RHS- | C] () -- C:\Users\ArMi\ntuser.pol [2013/02/04 19:59:59 | 000,007,605 | ---- | C] () -- C:\Users\ArMi\AppData\Local\Resmon.ResmonCfg [2013/01/27 10:04:03 | 000,000,618 | ---- | C] () -- C:\Windows\MyHeritage.INI [2012/05/29 09:12:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012/03/03 17:56:24 | 000,004,096 | -H-- | C] () -- C:\Users\ArMi\AppData\Local\keyfile3.drm ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/02/21 15:29:58 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Ahnenblatt [2013/03/07 22:06:18 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Belastingdienst [2011/01/24 20:41:13 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\BullGuard [2011/02/24 18:22:12 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\com.oceanbreezegames.cubecrash [2012/09/21 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\convert [2013/02/20 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\DVDVideoSoft [2011/04/27 16:24:56 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\InterTrust [2012/11/02 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Leadertech [2013/03/05 12:14:03 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\MyHeritage [2012/11/06 10:35:37 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\ooVoo Details [2012/10/15 12:51:16 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Opera [2012/06/17 16:26:32 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Samsung [2013/03/14 12:41:55 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Stammbaumdrucker [2013/01/27 10:01:16 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\The Complete Genealogy Reporter - FTB [2012/10/30 08:19:09 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\TuneUp Software [2012/12/08 23:50:51 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\uTorrent [2012/11/14 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\VideoConverterPackages ========== Purity Check ========== < End of report >
  9. kemicky
    OTL Extras logfile created on: 6/22/2013 5:08:26 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArMi\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3.18 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 56.22% Memory free 6.35 Gb Paging File | 4.27 Gb Available in Paging File | 67.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 294.58 Gb Total Space | 237.78 Gb Free Space | 80.72% Space Free | Partition Type: NTFS Drive D: | 270.48 Gb Total Space | 237.82 Gb Free Space | 87.93% Space Free | Partition Type: NTFS Drive F: | 30.00 Gb Total Space | 9.58 Gb Free Space | 31.93% Space Free | Partition Type: NTFS Computer Name: ARMI-PC | User Name: ArMi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{135564C1-9F4D-4540-8195-CD945D19E6A8}" = lport=10243 | protocol=6 | dir=in | app=system | "{13E1EB36-B1A0-4B0F-BD63-E50EB86A0D93}" = rport=138 | protocol=17 | dir=out | app=system | "{14E34BC6-C554-4C9B-A645-20F3B10F981B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1E5064E2-9D95-4C2B-946B-8723D17FE83E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{223D1B08-E11E-4B95-A2A7-1C44D759BC06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2638D199-E3AE-4374-8862-1B78773B8CEF}" = rport=137 | protocol=17 | dir=out | app=system | "{27169042-D582-474C-A8B0-A2E8EF890BB8}" = rport=10243 | protocol=6 | dir=out | app=system | "{336D2662-58F5-4064-9D7F-D2ABFB0D1532}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{35250961-47EB-4453-8FD7-1DBE35C10782}" = rport=139 | protocol=6 | dir=out | app=system | "{3A23B924-74DF-49F3-A60C-81A5E24DF89F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3BEFD5D9-1763-47B6-9093-344249D9B483}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3C95A0FB-EA39-4969-A307-1DDF3E0C5CBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3D38275C-53ED-4F94-BA3B-43BC922CEAA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{423746D7-1F31-46E9-BB26-A21AE0302A8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{42E0D9A1-D3F3-446F-9524-068FE292D087}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{42FF50B1-6048-49DC-ACA5-189EA9CC83E5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7393F40D-5D16-4E2D-A0AE-CB02ECB3E378}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{764826A9-47C1-41C3-8BDA-6EB15FBF27CB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7713967C-E9C4-49FB-96F5-D48303080C1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7FD8233D-FAD3-411F-8DDD-8AED4EF113BC}" = lport=2869 | protocol=6 | dir=in | app=system | "{83DFE877-D6D0-4E32-839C-F28DD9EF9F90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{86FF87E2-88C2-4F6B-97C1-77CE8B9BF083}" = rport=445 | protocol=6 | dir=out | app=system | "{89EE83A4-D36B-440C-A54C-2EF2EC4D6337}" = lport=139 | protocol=6 | dir=in | app=system | "{8B9CC829-7C51-4EA5-8113-8D2A6DB15783}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8C9F70C2-CB83-49FF-8136-56326779E558}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9AC70EE7-CE80-4656-B1AD-E25A38C3065D}" = lport=138 | protocol=17 | dir=in | app=system | "{B86550EF-5679-4622-B0AB-141C79AA4F1C}" = lport=137 | protocol=17 | dir=in | app=system | "{C024ACC8-031F-44D6-871B-586D0CAC87FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C5B1E57E-77C5-4A61-B686-A344BD3C8EC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C7C18009-53AA-406D-89AE-9B511BB36F27}" = lport=2869 | protocol=6 | dir=in | app=system | "{D1B860E2-58EE-4093-A160-2F4F7202E549}" = lport=445 | protocol=6 | dir=in | app=system | "{E85465D7-333B-4898-A9BF-D62A1699AB0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{EA571973-FA8D-43BD-9076-E754E7814752}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01917116-3C3D-457C-9E33-C85BD0D138A1}" = protocol=17 | dir=in | app=c:\program files\tango\tango.exe | "{05B1C421-4ADA-4DBD-B826-3003EF4D0B9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{06AAADCF-1CA8-4861-9645-9F99D2C38399}" = protocol=6 | dir=out | app=system | "{101694CC-978D-4204-AF2E-84C24C6CE28B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{129D9DAB-E02A-4997-83DA-A48D2505633C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{2484B887-0A28-4157-8858-86F83BAE8448}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2780225B-AF1B-4DAF-B36A-C2382B314C33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{36981AC8-3C9A-425E-B735-C8A77D3ADC53}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{3A872703-D1A9-497C-BA34-600537A437C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{51D9E062-BC3E-460A-9DA1-EC00C0E61AFB}" = protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe | "{545F946E-5F93-428A-8A37-1E0F76CF4E5D}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe | "{54CA4A67-7FA3-44C2-84D6-03F4831ACE01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5B260734-3553-4050-B205-7955C0DBB8E7}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{5D856524-03FA-44B3-9AC4-2EAA410D421D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5FC3E787-1A06-4AE7-A76B-73A39AEED6C5}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe | "{625C91B8-0342-4013-A059-BC58F5ECF94B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{722F9E7E-D99F-499B-9B68-C5184BD724AE}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "{723B0637-366C-4656-A5FD-0C7A6C8C38EF}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{733114A6-8B28-4460-BF3A-43D479E09B28}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | "{79ED595D-15E1-4C4A-B23F-D66C60CBB8D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7D932DB8-C37F-4D91-80B9-18D39A9EDE0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{81FE92FD-4AAD-4E52-BDE1-5029F9BCA2BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{87A77029-BAF0-4E39-96E2-8345F2DE842B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{967BB4E1-1EEF-40B2-BBD8-BCA977DF6D74}" = protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe | "{AE1B2635-C143-442D-BC2E-C572A8E1123F}" = protocol=6 | dir=in | app=c:\program files\tango\tango.exe | "{B7B490AE-DB50-4440-9AA6-98BB573DF399}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{BAD3B513-541A-4B35-B4D2-9C981DC97F63}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "{C027F0B5-8721-4F83-8765-9E5DF55AF8BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CAA6C41A-51EC-43B0-8C49-B26F8E08A834}" = dir=in | app=c:\users\armi\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{CD02A8AE-1EA3-4154-A4D9-4140D0E5FFAD}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe | "{D1341151-ED86-4B43-B86A-48D7C37C2C64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DA5A987C-5B04-4CD3-A77B-E46D84D062FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DCA22027-DCEA-4E6E-BB9C-1948A4AB3678}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | "{DD75EEEB-432A-436F-9F85-2E421915E1FB}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "{EB0A4723-A06D-4878-8607-8CECF9335364}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{ECEB6AC5-E8C0-4CAB-8A63-B41AC1C60E89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EDBD0972-1810-4CB6-8E07-8814B26D533D}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "{F2D9C634-D880-4D49-8742-7BFD6B3BE445}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F2E61FC4-A35D-4A3D-BBB1-33101E94B57C}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | "{FB6AD178-0851-4E93-847F-D54C4D80E9DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FE28BF49-F1E9-4407-BECF-D050BF49183C}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | "TCP Query User{205E8EF8-06CF-4459-9E38-13A0625AF335}C:\program files\tango\tango.exe" = protocol=6 | dir=in | app=c:\program files\tango\tango.exe | "TCP Query User{91F2B978-8D56-4052-A9B3-4F593E33D8EE}C:\users\armi\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\armi\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{B9902C3C-F3AE-467F-B49D-C0779863EB94}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | "TCP Query User{DA5C75F8-7345-48C2-8026-46B44E4125FC}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe | "UDP Query User{576C78D5-29D5-4437-B960-0A25FFA9A85C}C:\program files\tango\tango.exe" = protocol=17 | dir=in | app=c:\program files\tango\tango.exe | "UDP Query User{5AE6E890-90C1-46E5-9B41-B329247FC038}C:\users\armi\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\armi\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{A1CF7663-3C16-4093-9ABA-552FA6822BAB}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | "UDP Query User{D92D37F7-50A8-41CB-8A4C-1305D1FB5A0A}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F976B1D-7CFD-44F6-B016-1D3B0FFA937A}" = TuneUp Utilities Language Pack (nl-NL) "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2 "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D853998-1055-4E45-B99E-F5039C502831}" = Photo Notifier and Animation Creator "{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003 "{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI - Nederlands "{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86 "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech-webcamsoftware "{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "{FB9D2112-0419-E366-290B-9D4807DC34D4}" = MyFonts Order M3976557 "{FDFE5E63-116A-4655-9B4D-29F4AFE441B3}" = IncrediMail "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector "1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer "Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010 "Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011 "Aangifte inkomstenbelasting 2012" = Aangifte inkomstenbelasting 2012 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Ahnenblatt_is1" = Ahnenblatt 2.70 "Ashampoo Burning Studio_is1" = Ashampoo Burning Studio "Ashampoo Photo Commander_is1" = Ashampoo Photo Commander "Ashampoo Snap_is1" = Ashampoo Snap "avast" = avast! Free Antivirus "Canon CanoScan Toolbox 4.0" = Canon CanoScan Toolbox 4.0 "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "Creative PD1131" = Creative WebCam NX Pro Driver (1.03.03.0326) "Digital Editions" = Adobe Digital Editions "Druckschriften Nord_is1" = Pelikan Schulschriften "E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-stuurprogrammapakket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "Family Tree Builder" = MyHeritage Family Tree Builder "Gebruikersregistratie voor Canon iP2700 series" = Gebruikersregistratie voor Canon iP2700 series "HaaliMkx" = Haali Media Splitter "ilividtoolbargaw" = Search-Results Toolbar "IncrediMail" = IncrediMail 2.0 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA.Updatus" = NVIDIA Updatus "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "Searchqu MediaBar" = Windows Searchqu Toolbar "Speccy" = Speccy "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Media Encoder 9" = Windows Media Encoder 9 Series "X10Hardware" = X10 Hardware ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{B7961CCE-CF36-4858-BC1A-D06D3D25ECE5}_is1" = Albelli Fotoboeken "Google Chrome" = Google Chrome "Tango" = Tango "UnityWebPlayer" = Unity Web Player "Video Converter" = Video Converter "Video Converter Packages" = Video Converter Packages "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/1/2012 9:13:39 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1 Description = Error - 8/1/2012 9:17:09 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1 Description = Error - 8/1/2012 9:17:16 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1 Description = Error - 8/2/2012 10:19:21 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1 Description = Error - 8/2/2012 10:19:26 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1 Description = Error - 8/2/2012 10:19:34 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1 Description = Error - 8/6/2012 10:54:09 AM | Computer Name = ArMi-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: ImNotfy.exe, versie: 6.2.9.5203, tijdstempel: 0x4fa2b29a Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000 Uitzonderingscode: 0xc0000005 Foutoffset: 0x02c20de7 Id van proces met fout: 0xca4 Starttijd van toepassing met fout: 0x01cd73e3508ffafb Pad naar toepassing met fout: C:\Program Files\IncrediMail\Bin\ImNotfy.exe Pad naar module met fout: unknown Rapport-id: 9394eafe-dfd6-11e1-a4c2-00262dc1feb1 Error - 8/6/2012 11:04:19 AM | Computer Name = ArMi-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: ImNotfy.exe, versie: 6.2.9.5203, tijdstempel: 0x4fa2b29a Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00000000 Id van proces met fout: 0x17c8 Starttijd van toepassing met fout: 0x01cd73e4bb399827 Pad naar toepassing met fout: C:\Program Files\IncrediMail\Bin\ImNotfy.exe Pad naar module met fout: unknown Rapport-id: ff0c627d-dfd7-11e1-a4c2-00262dc1feb1 Error - 8/8/2012 4:56:15 AM | Computer Name = ArMi-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: spoolsv.exe, versie: 6.1.7601.17514, tijdstempel: 0x4ce7aa85 Naam van module met fout: ntdll.dll, versie: 6.1.7601.17725, tijdstempel: 0x4ec49b60 Uitzonderingscode: 0xc0000374 Foutoffset: 0x000c380b Id van proces met fout: 0x66c Starttijd van toepassing met fout: 0x01cd7520e4610991 Pad naar toepassing met fout: C:\Windows\System32\spoolsv.exe Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll Rapport-id: e86e2368-e136-11e1-8a98-00262dc1feb1 Error - 8/10/2012 1:10:02 AM | Computer Name = ArMi-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: WINWORD.EXE, versie: 11.0.8345.0, tijdstempel: 0x4f3c32b8 Naam van module met fout: WINWORD.EXE, versie: 11.0.8345.0, tijdstempel: 0x4f3c32b8 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00805639 Id van proces met fout: 0x1478 Starttijd van toepassing met fout: 0x01cd76b65a25cdfd Pad naar toepassing met fout: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Pad naar module met fout: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Rapport-id: a349598f-e2a9-11e1-b19a-00262dc1feb1 [ System Events ] Error - 6/21/2013 1:32:33 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 6/21/2013 1:32:34 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 6/21/2013 1:32:34 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 6/21/2013 1:32:34 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 6/21/2013 1:32:35 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 6/21/2013 1:32:35 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 6/21/2013 1:32:36 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 6/21/2013 1:32:36 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 6/21/2013 1:32:36 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030 Description = De PEVSystemStart-service staat aangeduid als een interactieve service. Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn toegestaan. Deze service werkt mogelijk niet juist. Error - 6/21/2013 1:52:12 PM | Computer Name = ArMi-PC | Source = DCOM | ID = 10010 Description = < End of report >
  10. kemicky
    OTL logfile created on: 6/22/2013 5:08:26 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArMi\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 3.18 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 56.22% Memory free 6.35 Gb Paging File | 4.27 Gb Available in Paging File | 67.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 294.58 Gb Total Space | 237.78 Gb Free Space | 80.72% Space Free | Partition Type: NTFS Drive D: | 270.48 Gb Total Space | 237.82 Gb Free Space | 87.93% Space Free | Partition Type: NTFS Drive F: | 30.00 Gb Total Space | 9.58 Gb Free Space | 31.93% Space Free | Partition Type: NTFS Computer Name: ARMI-PC | User Name: ArMi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/22 17:08:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArMi\Downloads\OTL (1).exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/02/16 22:50:07 | 006,527,128 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/10/31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/06/08 04:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011/03/02 00:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/11/02 04:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2013/06/22 08:59:09 | 000,115,137 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll MOD - [2013/06/15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll MOD - [2013/06/15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013/06/15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013/06/15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013/06/15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll MOD - [2013/05/15 08:47:54 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013/05/15 08:47:40 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013/05/15 08:47:36 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll MOD - [2013/05/15 08:47:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013/05/15 08:47:27 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013/01/12 08:22:48 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll MOD - [2013/01/12 08:22:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll MOD - [2013/01/12 08:21:38 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013/01/12 00:56:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll MOD - [2013/01/12 00:56:29 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013/01/12 00:56:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013/01/12 00:56:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013/01/12 00:56:13 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [2011/03/10 19:03:24 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011/03/02 00:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/03/02 00:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/03/02 00:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/03/02 00:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/03/02 00:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011/01/13 03:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll MOD - [2011/01/13 03:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll ========== Services (SafeList) ========== SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/01/25 23:23:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/10/31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012/10/31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012/10/31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012/10/31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/10/31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/10/15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/03/04 03:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2011/03/04 03:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011/03/04 03:27:20 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter) DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/12/02 12:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS -- (SAS***IL) DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010/04/01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006/12/05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2004/05/04 06:49:00 | 000,091,241 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1131Vid.sys -- (P1131VID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediMail.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{88EAB4FF-0C04-4773-B0BB-661AA49BB50D}: "URL" = http://go.web.de/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{CB62A195-5D27-4833-8F3F-0730AEEB9589}: "URL" = http://go.web.de/br/ie8_search_ebay/?q={searchTerms} IE - HKCU\..\SearchScopes\{E8A0F93B-C792-415F-BF1F-90EF126373C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ArMi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/02/16 22:51:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/16 09:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Extensions [2012/12/08 22:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions [2012/12/08 23:50:53 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013/06/22 08:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\Profiles\aw36llwo.default\extensions [2012/11/14 20:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3434555513224486&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: nu.nl | Het laatste nieuws het eerst op nu.nl CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Unity Player (Enabled) = C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: WeatherBug = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.5_0\ CHR - Extension: Skype Click to Call = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE File not found O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [Facebook Update] C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD7403F-E36C-4313-85BD-AEE823F8A4D3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/22 15:26:13 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/06/22 08:59:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp [2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\ArMi\AppData\Local\Temp [2013/06/21 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/21 13:02:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/06/21 13:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/06/12 22:44:26 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/06/12 22:44:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/06/12 22:41:16 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/06/12 22:41:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/06/12 22:41:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/06/12 22:41:13 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/06/12 22:41:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/06/12 22:41:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/06/12 22:41:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/06/12 22:41:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/06/12 16:51:51 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013/06/12 16:51:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll [2013/06/12 16:51:31 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013/06/12 16:51:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013/06/12 16:51:25 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/06/12 16:51:25 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/05/25 13:59:31 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/05/25 13:59:31 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013/05/25 13:59:31 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013/05/25 13:59:31 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013/05/25 13:59:31 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/05/25 13:59:31 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/05/25 13:59:31 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013/05/25 13:59:31 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/05/25 13:59:31 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/05/25 13:59:31 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013/05/25 13:59:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013/05/25 13:59:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013/05/25 13:59:31 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013/05/25 13:59:31 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013/05/25 13:59:31 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013/05/25 13:59:31 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/05/25 13:59:31 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/05/25 13:59:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013/05/25 13:59:31 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013/05/25 13:59:31 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013/05/25 13:59:31 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013/05/25 13:59:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013/05/25 13:59:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/05/25 13:59:31 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013/05/25 13:59:31 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/05/25 13:59:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe ========== Files - Modified Within 30 Days ========== [2013/06/22 17:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/22 17:05:02 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys [2013/06/22 16:32:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job [2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/06/22 14:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job [2013/06/22 11:37:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job [2013/06/22 11:05:45 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/22 11:05:45 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/22 08:29:59 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip [2013/06/22 08:29:09 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe [2013/06/21 18:49:49 | 000,036,226 | ---- | M] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg [2013/06/21 18:48:51 | 000,084,358 | ---- | M] () -- C:\Users\ArMi\Desktop\RunScript.jpg [2013/06/21 18:32:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job [2013/06/21 13:02:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/21 12:36:35 | 000,484,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/06/21 09:29:21 | 000,000,017 | ---- | M] () -- C:\Windows\STARTYPE.INI [2013/06/21 09:27:59 | 000,052,528 | ---- | M] () -- C:\Windows\System\TT0865M_.TTF [2013/06/21 09:27:59 | 000,052,304 | ---- | M] () -- C:\Windows\System\TT0863M_.TTF [2013/06/21 09:27:59 | 000,051,648 | ---- | M] () -- C:\Windows\System\TT0866M_.TTF [2013/06/21 09:27:59 | 000,051,488 | ---- | M] () -- C:\Windows\System\TT0864M_.TTF [2013/06/21 09:27:59 | 000,038,244 | ---- | M] () -- C:\Windows\System\TT0543M_.TTF [2013/06/21 09:27:59 | 000,036,108 | ---- | M] () -- C:\Windows\System\TT0532M_.TTF [2013/06/21 09:27:59 | 000,035,936 | ---- | M] () -- C:\Windows\System\TT0414M_.TTF [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0866m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0865m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0864m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0863m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0543m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0532m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0414m_.FOT [2013/06/21 09:27:57 | 000,038,392 | ---- | M] () -- C:\Windows\System\TT0533M_.TTF [2013/06/21 09:27:57 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0533m_.FOT [2013/06/21 09:27:19 | 000,701,798 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2013/06/21 09:27:19 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/06/21 09:27:19 | 000,133,798 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2013/06/21 09:27:19 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/06/21 09:24:49 | 000,061,428 | ---- | M] () -- C:\Windows\System\TT0725M_.TTF [2013/06/21 09:24:49 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0725m_.FOT [2013/06/20 21:13:20 | 001,271,997 | ---- | M] () -- C:\Users\ArMi\Desktop\zoek.exe [2013/06/20 19:26:18 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk [2013/06/20 19:22:46 | 000,002,959 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk [2013/06/20 19:20:33 | 001,402,880 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.msi [2013/06/15 14:39:50 | 000,187,272 | ---- | M] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg [2013/06/08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/06/08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/06/08 12:04:07 | 000,157,898 | ---- | M] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg [2013/05/25 13:59:31 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/05/25 13:59:31 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013/05/25 13:59:31 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013/05/25 13:59:31 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013/05/25 13:59:31 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/05/25 13:59:31 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/05/25 13:59:31 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013/05/25 13:59:31 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/05/25 13:59:31 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/05/25 13:59:31 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013/05/25 13:59:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013/05/25 13:59:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013/05/25 13:59:31 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013/05/25 13:59:31 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013/05/25 13:59:31 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013/05/25 13:59:31 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/05/25 13:59:31 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/05/25 13:59:31 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013/05/25 13:59:31 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013/05/25 13:59:31 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013/05/25 13:59:31 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013/05/25 13:59:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013/05/25 13:59:31 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/05/25 13:59:31 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013/05/25 13:59:31 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013/05/25 13:59:31 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/05/25 13:59:31 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe ========== Files Created - No Company Name ========== [2013/06/22 08:35:53 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe [2013/06/22 08:29:59 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip [2013/06/21 18:49:49 | 000,036,226 | ---- | C] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg [2013/06/21 18:48:51 | 000,084,358 | ---- | C] () -- C:\Users\ArMi\Desktop\RunScript.jpg [2013/06/21 13:02:22 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/21 13:01:23 | 001,271,997 | ---- | C] () -- C:\Users\ArMi\Desktop\zoek.exe [2013/06/21 09:29:21 | 000,000,017 | ---- | C] () -- C:\Windows\STARTYPE.INI [2013/06/21 09:27:59 | 000,052,528 | ---- | C] () -- C:\Windows\System\TT0865M_.TTF [2013/06/21 09:27:59 | 000,052,304 | ---- | C] () -- C:\Windows\System\TT0863M_.TTF [2013/06/21 09:27:59 | 000,051,648 | ---- | C] () -- C:\Windows\System\TT0866M_.TTF [2013/06/21 09:27:59 | 000,051,488 | ---- | C] () -- C:\Windows\System\TT0864M_.TTF [2013/06/21 09:27:59 | 000,038,244 | ---- | C] () -- C:\Windows\System\TT0543M_.TTF [2013/06/21 09:27:59 | 000,036,108 | ---- | C] () -- C:\Windows\System\TT0532M_.TTF [2013/06/21 09:27:59 | 000,035,936 | ---- | C] () -- C:\Windows\System\TT0414M_.TTF [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0866m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0865m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0864m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0863m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0543m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0532m_.FOT [2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0414m_.FOT [2013/06/21 09:27:57 | 000,038,392 | ---- | C] () -- C:\Windows\System\TT0533M_.TTF [2013/06/21 09:27:57 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0533m_.FOT [2013/06/21 09:24:49 | 000,061,428 | ---- | C] () -- C:\Windows\System\TT0725M_.TTF [2013/06/21 09:24:49 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0725m_.FOT [2013/06/20 19:26:18 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk [2013/06/20 19:22:46 | 000,002,959 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk [2013/06/20 19:22:17 | 001,402,880 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.msi [2013/06/15 14:39:49 | 000,187,272 | ---- | C] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg [2013/06/08 12:04:06 | 000,157,898 | ---- | C] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg [2013/05/25 13:59:31 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013/02/16 09:57:25 | 000,000,262 | RHS- | C] () -- C:\Users\ArMi\ntuser.pol [2013/02/04 19:59:59 | 000,007,605 | ---- | C] () -- C:\Users\ArMi\AppData\Local\Resmon.ResmonCfg [2013/01/27 10:04:03 | 000,000,618 | ---- | C] () -- C:\Windows\MyHeritage.INI [2012/05/29 09:12:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012/03/03 17:56:24 | 000,004,096 | -H-- | C] () -- C:\Users\ArMi\AppData\Local\keyfile3.drm [2011/01/27 17:22:53 | 000,062,976 | ---- | C] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  11. kemicky
    Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2013.06.21.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16618 ArMi :: ARMI-PC [administrator] 22-6-2013 15:26:24 mbam-log-2013-06-22 (15-26-24).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 232192 Verstreken tijd: 5 minuut/minuten, 59 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) - - - Updated - - - Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.06.21.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16618 ArMi :: ARMI-PC [administrator] 22-6-2013 15:26:24 mbam-log-2013-06-22 (15-26-24).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 232192 Verstreken tijd: 5 minuut/minuten, 59 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) - - - Updated - - - # AdwCleaner v2.303 - Verslag gemaakt op 22/06/2013 om 17:03:58 # Geactualiseerd op 08/06/2013 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits) # Gebruiker : ArMi - ARMI-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\ArMi\Downloads\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** ***** [Register] ***** Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261123~1.78\{16cdf~1\browse~1.dll Sleutel Verwijderd : HKCU\Software\APN DTX Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\DefaultTab Sleutel Verwijderd : HKCU\Software\DataMngr Sleutel Verwijderd : HKCU\Software\DataMngr_Toolbar Sleutel Verwijderd : HKCU\Software\Default Tab Sleutel Verwijderd : HKCU\Software\DefaultTab Sleutel Verwijderd : HKCU\Software\ilivid Sleutel Verwijderd : HKCU\Software\IM Sleutel Verwijderd : HKCU\Software\ImInstaller Sleutel Verwijderd : HKCU\Software\MediaFinder Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Sleutel Verwijderd : HKCU\Software\Softonic Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MF Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Api Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Sleutel Verwijderd : HKLM\Software\DataMngr Sleutel Verwijderd : HKLM\Software\Default Tab Sleutel Verwijderd : HKLM\Software\DefaultTab Sleutel Verwijderd : HKLM\Software\iLividSRTB Sleutel Verwijderd : HKLM\Software\ImInstaller Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar Sleutel Verwijderd : HKLM\Software\Tarma Installer Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v27.0.1453.116 File : C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Preferences Verwijderd [l.45] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid[...] ************************* AdwCleaner[R1].txt - [26572 octets] - [08/02/2013 12:18:18] AdwCleaner[R2].txt - [26633 octets] - [08/02/2013 12:19:12] AdwCleaner[s1].txt - [25964 octets] - [08/02/2013 12:21:15] AdwCleaner[s2].txt - [8649 octets] - [22/06/2013 17:03:58] ########## EOF - C:\AdwCleaner[s2].txt - [8709 octets] ##########
  12. kemicky
    Uw bestand, sample_22-06-2013_0829.zip, is succesvol geupload
  13. kemicky
    Goedemorgen! Zoek.exe Version 4.0.0.2 Updated 21-June-2013 Tool run by ArMi on za 22-06-2013 at 8:29:17,25. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results20-06-2013-2115.log 280 bytes C:\zoek-results20-06-2013-2122.log 370 bytes C:\zoek-results21-06-2013-1259.log 462 bytes C:\zoek-results21-06-2013-1301.log 462 bytes C:\zoek-results21-06-2013-1325.log 508 bytes C:\zoek-results21-06-2013-1926.log 554 bytes C:\zoek-results21-06-2013-1927.log 600 bytes C:\zoek-results21-06-2013-1953.log 28878 bytes ==== Creating Sample_22-06-2013_0829.zip ====================== Process chrome.exe killed Copied file C:\Windows\STARTYPE.INI to sample\STARTYPE.INI sample\STARTYPE.INI renamed to DCB7F77357A34BE73CB47788165E769A C:\Users\Public\Desktop\sample_22-06-2013_0829.zip created successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F3CED0B-0F7E-4CDA-A345-CD93F32E506D} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{5F3CED0B-0F7E-4CDA-A345-CD93F32E506D} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"=- [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"=- [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Inetreg"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"=- ==== Deleting Files \ Folders ====================== "C:\Users\ArMi\AppData\Roaming\Mozilla\Firefox\Profiles\aw36llwo.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-06-21 07:29:21 DCB7F77357A34BE73CB47788165E769A 17 ----a-w- C:\Windows\STARTYPE.INI ====== C:\Users\ArMi\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-06-12 20:44:26 F67B1B348CBBCB60DAEC276712582E8C 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-12 20:44:25 B3DC4D1658093C1E486CA9F22180BECF 1141248 ----a-w- C:\Windows\System32\urlmon.dll 2013-06-12 20:44:25 5E2D9C88284AA3BECF15BEA0920A1903 391168 ----a-w- C:\Windows\System32\ieui.dll 2013-06-12 20:44:23 FCA0837B2739C044EEC00AF0DDD73FFC 13760512 ----a-w- C:\Windows\System32\ieframe.dll 2013-06-12 20:44:21 F383B1AD5D7FDC1ACB0D900B50572F8D 2046976 ----a-w- C:\Windows\System32\iertutil.dll 2013-06-12 20:44:21 05920BD009621D06722A1CD339DA6481 14327808 ----a-w- C:\Windows\System32\mshtml.dll 2013-06-12 20:41:18 091C7153A1292F19BE34FAC07FFF12EC 690688 ----a-w- C:\Windows\System32\jscript.dll 2013-06-12 20:41:16 97FA62873FF759574B20DF39FF22CC27 2877440 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-12 20:41:16 4395AC0BC02009AFAAB01368BA38AF30 39424 ----a-w- C:\Windows\System32\jsproxy.dll 2013-06-12 20:41:15 A10E7B582DEA86572510CB73CCCECA34 61440 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-12 20:41:13 DD09C65E52F3D5574F9774EE0D4DAA57 33280 ----a-w- C:\Windows\System32\iernonce.dll 2013-06-12 20:41:13 64DF9B793072A53F245515E08D8F5E37 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-06-12 20:41:13 0FEED965B909BA2D210CE78C21626A69 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2013-06-12 20:41:12 CE3EC9D85ED88ED4AD948B90BB9ED31D 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 20:41:12 9593EA1AE5F39C1174B532213D47664B 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-12 20:41:09 2473CA6595A2659D7039A4A89FECA269 1767936 ----a-w- C:\Windows\System32\wininet.dll 2013-06-12 14:51:51 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\System32\d3d11.dll 2013-06-12 14:51:43 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-06-12 14:51:33 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\System32\win32spl.dll 2013-06-12 14:51:31 92245C959E5BC378809D2CC5E9F6E9C7 1160192 ----a-w- C:\Windows\System32\crypt32.dll 2013-06-12 14:51:31 8A8B277067C22F4BF6AA9A31692FC4D3 103936 ----a-w- C:\Windows\System32\cryptnet.dll 2013-06-12 14:51:31 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\System32\certutil.exe 2013-06-12 14:51:30 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\System32\certenc.dll 2013-06-12 14:51:30 3897DFF247D9ED0006190349DE264E14 140288 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-06-12 14:51:27 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-06-12 14:51:25 575DDD83B40880E1DEB48758673BDA71 3913576 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-06-12 14:51:25 3F63CF7DF313428CA9C5D1F410DF4645 3968872 ----a-w- C:\Windows\System32\ntkrnlpa.exe ====== C:\Windows\system32\drivers ===== 2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-12 14:51:22 D32FDAC73FCD76B85389C39BC1087F2A 1293672 ----a-w- C:\Windows\System32\drivers\tcpip.sys ====== C:\Windows\Tasks ====== 2013-06-20 19:15:17 49509E5A965A94760609D96C3413BE38 3120 ----a-w- C:\Windows\system32\Tasks\{2C483F32-378A-4E30-A7CD-592650256511} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Users\ArMi\AppData\Roaming ====== 2013-06-21 17:40:17 -------- d-----w- C:\users\ArMi\AppData\Local\Temp ====== C:\Users\ArMi ====== 2013-06-21 11:01:47 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\ArMi\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-21 10:46:44 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\ArMi\Downloads\TFC.exe 2013-06-20 17:25:41 8AEB5D7CF5182094977760A765FA5B01 5126104 ----a-w- C:\Users\ArMi\Downloads\spsetup122.exe ====== C: exe-files == 2013-06-19 12:32:24 80633916458CC8041D0F483B7633E9F6 1582944 ----a-w- C:\Users\ArMi\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_27.0.1453.110_chrome_updater.exe 2013-06-19 10:38:44 FC89629363054D6EE349BE6D372FB8A8 129896 ----a-w- C:\Program Files\Speccy\uninst.exe 2013-06-19 10:38:04 185804AC50A546738B466B5CF04AC793 5926168 ----a-w- C:\Program Files\Speccy\Speccy.exe === C: other files == 2013-06-22 06:29:59 5F564D422FECD62C2FB3BDF9734664F5 756 ----a-w- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip 2013-06-22 04:37:43 59971CC6BF628653C45FBA2FC81F7B3B 144 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys 2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys ==== Empty IE Cache ====================== C:\Users\ArMi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ArMi\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 22-06-2013 at 8:59:06,41 ======================
  14. kemicky
    Zoek.exe Version 4.0.0.2 Updated 21-June-2013 Tool run by ArMi on vr 21-06-2013 at 19:28:06,25. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results20-06-2013-2115.log 280 bytes C:\zoek-results20-06-2013-2122.log 370 bytes C:\zoek-results21-06-2013-1259.log 462 bytes C:\zoek-results21-06-2013-1301.log 462 bytes C:\zoek-results21-06-2013-1325.log 508 bytes C:\zoek-results21-06-2013-1926.log 554 bytes C:\zoek-results21-06-2013-1927.log 600 bytes ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1AB61EFD-9B15-4EC4-AEFE-520192E12C09} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7344BBFD-2AEF-41FA-BE8A-8C0C6FE6154C} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7344BBFD-2AEF-41FA-BE8A-8C0C6FE6154C} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully HKEY_CLASSES_ROOT\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{377e5d4d-77e5-476a-8716-7e70a9272da0} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DefaultTabSearch deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DefaultTabSearch deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DefaultTabUpdate deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\ArMi\AppData\Roaming\Mozilla\Firefox\Profiles\aw36llwo.default ---- Lines mystart removed from prefs.js ---- user_pref("browser.startup.homepage", "http://mystart.incredimail.com"); ---- Lines mystart modified from prefs.js ---- ---- Lines mystart removed from user.js ---- ---- Lines yontoo removed from prefs.js ---- ---- Lines yontoo modified from prefs.js ---- ---- Lines yontoo removed from user.js ---- user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers"); ---- FireFox user.js and prefs.js backups ---- user_21-06-2013_1932_.backup prefs_21-06-2013_1932_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DATAMNGR"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Media Finder"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~2\Wincert\WIN32C~1.DLL" ==== Deleting Files \ Folders ====================== "C:\Program Files\Media Finder" not found "C:\Users\ArMi\Downloads\SoftonicDownloader_voor_ilivid-download-manager.exe" deleted "C:\Users\ArMi\Downloads\SoftonicDownloader_voor_ilivid-download-manager.exe" deleted "C:\Windows\System32\Tasks\Browser Manager" deleted "C:\Users\Public\sdelevURL.tmp" deleted "C:\Users\ArMi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk" deleted "C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences" deleted "C:\Windows\system32\sasnative32.exe" deleted "C:\Windows\system32\roboot.exe" deleted "C:\Users\ArMi\Desktop\Ongebruikt\rcpsetup_softonic_sd_new.exe" deleted "C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe" deleted "C:\Program Files\Advanced System Protector\aspsys.dll" deleted "C:\Program Files\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL" deleted "C:\Program Files\Advanced System Protector\System.Data.SQLite.dll" deleted "C:\Program Files\Advanced System Protector\unrar.dll" deleted "C:\Program Files\Advanced System Protector\Xceed.Compression.dll" deleted "C:\Program Files\Advanced System Protector\Xceed.FileSystem.dll" deleted "C:\Program Files\Advanced System Protector\Xceed.Zip.dll" deleted "C:\ProgramData\Wincert\win32cert.dll" deleted "C:\ProgramData\Wincert\win32prop.dll" deleted "C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe" deleted "C:\Users\ArMi\AppData\Roaming\Canon" deleted "C:\Users\ArMi\AppData\Roaming\DefaultTab" deleted "C:\Program Files\Yontoo" deleted "C:\Program Files\uTorrentControl_v2" deleted "C:\Program Files\uTorrentControl_v2" deleted "C:\Program Files\Search Results Toolbar" not deleted "C:\Program Files\DefaultTab" deleted "C:\Program Files\Advanced System Protector" not deleted "C:\Program Files\Yontoo" deleted "C:\Users\ArMi\AppData\Roaming\DefaultTab" deleted "C:\Users\ArMi\AppData\Roaming\Systweak" deleted "C:\Users\ArMi\AppData\Roaming\Media Finder" deleted "C:\Users\ArMi\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com" deleted "C:\ProgramData\Browser Manager" deleted "C:\ProgramData\Systweak" deleted "C:\ProgramData\boost_interprocess" deleted "C:\ProgramData\Wincert" not deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector" deleted "C:\Users\ArMi\AppData\Local\iLivid" deleted "C:\Users\ArMi\AppData\Local\CRE" deleted "C:\Users\ArMi\AppData\Local\SwvUpdater" deleted "C:\Users\ArMi\AppData\LocalLow\searchresultstb" deleted "C:\Users\ArMi\AppData\LocalLow\ilividtoolbargaw" deleted "C:\Users\ArMi\AppData\LocalLow\DataMngr" deleted "C:\Windows\System32\searchplugins" deleted "C:\Windows\System32\Extensions" deleted "C:\Users\ArMi\AppData\Roaming\Mozilla\Firefox\Profiles\aw36llwo.default\extensions\plugin@yontoo.com" deleted "C:\Program Files\Search Results Toolbar\Datamngr" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-06-21 07:29:21 DCB7F77357A34BE73CB47788165E769A 17 ----a-w- C:\Windows\STARTYPE.INI ====== C:\Users\ArMi\AppData\Local\Temp ==== ====== C:\Windows\system32 ===== 2013-06-12 20:44:26 F67B1B348CBBCB60DAEC276712582E8C 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-12 20:44:25 B3DC4D1658093C1E486CA9F22180BECF 1141248 ----a-w- C:\Windows\System32\urlmon.dll 2013-06-12 20:44:25 5E2D9C88284AA3BECF15BEA0920A1903 391168 ----a-w- C:\Windows\System32\ieui.dll 2013-06-12 20:44:23 FCA0837B2739C044EEC00AF0DDD73FFC 13760512 ----a-w- C:\Windows\System32\ieframe.dll 2013-06-12 20:44:21 F383B1AD5D7FDC1ACB0D900B50572F8D 2046976 ----a-w- C:\Windows\System32\iertutil.dll 2013-06-12 20:44:21 05920BD009621D06722A1CD339DA6481 14327808 ----a-w- C:\Windows\System32\mshtml.dll 2013-06-12 20:41:18 091C7153A1292F19BE34FAC07FFF12EC 690688 ----a-w- C:\Windows\System32\jscript.dll 2013-06-12 20:41:16 97FA62873FF759574B20DF39FF22CC27 2877440 ----a-w- C:\Windows\System32\jscript9.dll 2013-06-12 20:41:16 4395AC0BC02009AFAAB01368BA38AF30 39424 ----a-w- C:\Windows\System32\jsproxy.dll 2013-06-12 20:41:15 A10E7B582DEA86572510CB73CCCECA34 61440 ----a-w- C:\Windows\System32\iesetup.dll 2013-06-12 20:41:13 DD09C65E52F3D5574F9774EE0D4DAA57 33280 ----a-w- C:\Windows\System32\iernonce.dll 2013-06-12 20:41:13 64DF9B793072A53F245515E08D8F5E37 42496 ----a-w- C:\Windows\System32\ie4uinit.exe 2013-06-12 20:41:13 0FEED965B909BA2D210CE78C21626A69 493056 ----a-w- C:\Windows\System32\msfeeds.dll 2013-06-12 20:41:12 CE3EC9D85ED88ED4AD948B90BB9ED31D 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 20:41:12 9593EA1AE5F39C1174B532213D47664B 109056 ----a-w- C:\Windows\System32\iesysprep.dll 2013-06-12 20:41:09 2473CA6595A2659D7039A4A89FECA269 1767936 ----a-w- C:\Windows\System32\wininet.dll 2013-06-12 14:51:51 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\System32\d3d11.dll 2013-06-12 14:51:43 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-06-12 14:51:33 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\System32\win32spl.dll 2013-06-12 14:51:31 92245C959E5BC378809D2CC5E9F6E9C7 1160192 ----a-w- C:\Windows\System32\crypt32.dll 2013-06-12 14:51:31 8A8B277067C22F4BF6AA9A31692FC4D3 103936 ----a-w- C:\Windows\System32\cryptnet.dll 2013-06-12 14:51:31 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\System32\certutil.exe 2013-06-12 14:51:30 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\System32\certenc.dll 2013-06-12 14:51:30 3897DFF247D9ED0006190349DE264E14 140288 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-06-12 14:51:27 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-06-12 14:51:25 575DDD83B40880E1DEB48758673BDA71 3913576 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-06-12 14:51:25 3F63CF7DF313428CA9C5D1F410DF4645 3968872 ----a-w- C:\Windows\System32\ntkrnlpa.exe ====== C:\Windows\system32\drivers ===== 2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-12 14:51:22 D32FDAC73FCD76B85389C39BC1087F2A 1293672 ----a-w- C:\Windows\System32\drivers\tcpip.sys ====== C:\Windows\Tasks ====== 2013-06-20 19:15:17 49509E5A965A94760609D96C3413BE38 3120 ----a-w- C:\Windows\system32\Tasks\{2C483F32-378A-4E30-A7CD-592650256511} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Users\ArMi\AppData\Roaming ====== ====== C:\Users\ArMi ====== 2013-06-21 11:01:47 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\ArMi\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-21 10:46:44 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\ArMi\Downloads\TFC.exe 2013-06-20 17:25:41 8AEB5D7CF5182094977760A765FA5B01 5126104 ----a-w- C:\Users\ArMi\Downloads\spsetup122.exe ====== C: exe-files == 2013-06-21 17:25:05 6DBA0910EE06D90BBA58D1C94F3A5124 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IDPK8IA.exe 2013-06-21 17:25:05 3FAD3B84854A26F4C83B185AAB8469DC 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IDL2SBE.exe 2013-06-21 16:46:49 63CF267FD22CC27CD72F7473E240EA15 1272128 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$RDPK8IA.exe 2013-06-20 19:13:34 76FE155CDBD3BA74860B8389BB8EECDF 1271997 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$RDL2SBE.exe 2013-06-19 10:38:44 FC89629363054D6EE349BE6D372FB8A8 129896 ----a-w- C:\Program Files\Speccy\uninst.exe 2013-06-19 10:38:04 185804AC50A546738B466B5CF04AC793 5926168 ----a-w- C:\Program Files\Speccy\Speccy.exe === C: other files == 2013-06-21 17:25:08 F60AF75461A3489B8B8D1CC3A925298D 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IEWO4U7.zip 2013-06-21 17:25:05 EABAF33610D7AA4CD3A953FA767440AB 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IOJHG4E.zip 2013-06-21 17:25:05 A6C57531A243A5C043AF38EF25716108 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$IJJ8YNB.zip 2013-06-21 17:25:05 7CB4A0A661CB49B870663BB2DB75FA24 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$I4B49GY.zip 2013-06-21 17:25:05 733716C1FE71658E7D2E670189DCF15A 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$INRQ3FC.zip 2013-06-21 17:25:05 578AE4FACD66E95D75BB9B671602D702 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$I39ZLZ0.zip 2013-06-21 17:25:05 12367075BE452E89316D04BFDDA6B9E5 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$I5CIK41.zip 2013-06-21 16:49:51 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$REWO4U7.zip 2013-06-21 16:47:40 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$RJJ8YNB.zip 2013-06-21 16:47:28 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$RNRQ3FC.zip 2013-06-21 16:47:24 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$R4B49GY.zip 2013-06-21 16:47:24 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$R39ZLZ0.zip 2013-06-21 16:47:20 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$R5CIK41.zip 2013-06-21 16:47:03 5EC9447282E88B091ED6BC85DF99DD79 1267677 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-933684324-2697931749-3995688759-1001\$ROJHG4E.zip 2013-06-21 11:22:29 59971CC6BF628653C45FBA2FC81F7B3B 144 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys 2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Facebook Update"="C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "Inetreg"="C:\Program Files\InstallShield Installation Information\{E2D27B84-6365-11D6-9BAF-0090271AF8A4}\Setup.exe /i_again -s" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 " "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" "LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" "NUSB3MON"="C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" "Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" "KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" "avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui" "LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "PDFPrint"="C:\Program Files\PDF24\pdf24.exe" "Family Tree Builder Update"="C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe /c" "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c" "KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s" "KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup" "KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "Facebook Update"="C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver" "Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job --a------ C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe [31-10-2012 12:32] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job --a------ C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe [31-10-2012 12:32] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job --a------ C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe [24-01-2011 20:51] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job --a------ C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe [24-01-2011 20:51] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ArMi\AppData\Roaming\Mozilla\Firefox\Profiles\aw36llwo.default - Undetermined - %ProfilePath%\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} ==== Firefox Plugins ====================== ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaanijiojpcccpkjdjjmjghddcgcbfj - C:\Users\ArMi\AppData\Local\APN\GoogleCRXs\aaaanijiojpcccpkjdjjmjghddcgcbfj_7.17.0.0.crx[] bllaobobdmgmnafkbkdjnkebbaopjofd - C:\Users\ArMi\AppData\Local\CRE\bllaobobdmgmnafkbkdjnkebbaopjofd.crx[] ccbgjfdieajmokelnlapbedknchgenne - C:\Users\ArMi\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx[] dednnpigldgdbpgcdpfppmlcnnbjciel - C:\Users\ArMi\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx[] icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[31-10-2012 00:48] kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files\DefaultTab\DefaultTab.crx[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02-10-2012 13:14] lpmkgpnbiojfaoklbkpfneikocaobfai - C:\Users\ArMi\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx[] niapdbllcanepiiimjjndipklodoedlc - C:\Program Files\Yontoo\YontooLayers.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions ccbgjfdieajmokelnlapbedknchgenne - C:\Users\ArMi\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx[] nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[] General Crawler - ArMi - Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel WeatherBug - ArMi - Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak Skype Click to Call - ArMi - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chrome Fix ====================== C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_find.conduit.com_0.localstorage-journal deleted successfully C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage deleted successfully C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nl.softonic.com_0.localstorage-journal deleted successfully C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.de_0.localstorage-journal deleted successfully C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://mystart.incredimail.com?a=6R8TMMCqBW" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found" {5F3CED0B-0F7E-4CDA-A345-CD93F32E506D} WEB.DE Suche Url="http://go.web.de/br/ie8_search_web/?su={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {88EAB4FF-0C04-4773-B0BB-661AA49BB50D} Amazon Url="http://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}" {CB62A195-5D27-4833-8F3F-0730AEEB9589} eBay Url="http://go.web.de/br/ie8_search_ebay/?q={searchTerms}" {E8A0F93B-C792-415F-BF1F-90EF126373C9} Bing Url="http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully HKEY_CLASSES_ROOT\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bllaobobdmgmnafkbkdjnkebbaopjofd deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ccbgjfdieajmokelnlapbedknchgenne deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\ccbgjfdieajmokelnlapbedknchgenne deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully ==== Empty IE Cache ====================== C:\Users\ArMi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ArMi\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\Search Results Toolbar" not found "C:\Program Files\Advanced System Protector" not found "C:\ProgramData\Wincert" not found ==== EOF on vr 21-06-2013 at 19:53:30,72 ====================== - - - Updated - - - Ik hoop dat het nu de juiste is!
  15. kemicky
    Hallo, ik heb #8 gedaan maar krijg volgende meldingen (zie bijlage run script) en vervolgens als ik erop heb geklikt komt nieuwe download (zie bijlage zoek exe).
  16. kemicky
    Zoek.exe Version 4.0.0.2 Updated 21-June-2013 Tool run by ArMi on vr 21-06-2013 at 13:25:31,54. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected ==== Older Logs ====================== C:\zoek-results20-06-2013-2115.log 280 bytes C:\zoek-results20-06-2013-2122.log 370 bytes C:\zoek-results21-06-2013-1259.log 462 bytes C:\zoek-results21-06-2013-1301.log 462 bytes ==== EOF on vr 21-06-2013 at 13:25:32,72 ======================
  17. kemicky
    krijg problemen met zoek.exe zie ---------------------------wget.exe - Ongeldige installatiekopie --------------------------- C:\Users\ArMi\AppData\Local\Temp\PROPSYS.dll is niet geschikt voor Windows of het bevat een fout. Probeer het programma opnieuw te installeren met behulp van de oorspronkelijke installatiemedia of neem contact op met de systeembeheerder of softwareleverancier voor ondersteuning. --------------------------- OK --------------------------- - - - Updated - - - --------------------------- wget.exe - Ongeldige installatiekopie --------------------------- C:\Users\ArMi\AppData\Local\Temp\PROPSYS.dll is niet geschikt voor Windows of het bevat een fout. Probeer het programma opnieuw te installeren met behulp van de oorspronkelijke installatiemedia of neem contact op met de systeembeheerder of softwareleverancier voor ondersteuning. --------------------------- OK ---------------------------
  18. kemicky
    Hallo, Oh sorry! Nu de link: http://speccy.piriform.com/results/QxaDn5eVchwzuXOqSbmFXTz Vriendelijke groet Kemicky
  19. kemicky
    PC Helpforum moderator bericht: speccy logje verwijderd wegens onoverzichtelijk en niet goed leesbaar
  20. kemicky
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:23:52, on 20-6-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16611) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\PDF24\pdf24.exe C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\Logitech\Vid HD\Vid.exe C:\Program Files\IncrediMail\Bin\ImApp.exe C:\Users\ArMi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ArMi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\IncrediMail\Bin\IncMail.exe C:\Users\ArMi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ArMi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ArMi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ArMi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediMail.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\ArMi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: DataMngr - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [Facebook Update] "C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKCU\..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-933684324-2697931749-3995688759-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-933684324-2697931749-3995688759-1000\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-21-933684324-2697931749-3995688759-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll c:\progra~2\browse~1\261123~1.78\{16cdf~1\browse~1.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files\DefaultTab\DefaultTabSearch.exe O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\ArMi\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 12315 bytes
  21. kemicky
    Beste vrienden, Ik ondervind nu weer een probleem met de laptop die erg lang nodig heeft om op te starten. Soms doet ie ook vreemd genoeg lang om een website op te laden. Kunnen jullie mij helpen? Alvast bedankt Groet Kemicky
  22. kemicky
    Hallo, je laatste bericht van 26 maart 2013, 23:12 uur, heb ik niet ontvangen en zie pas nu. Inmiddels laadt de websites weer sneller en normaal op! Bedankt voor je moeite! Vriendelijke groeten Kemicky
  23. kemicky
    Zoek.exe Version 4.0.0.2 Updated 23-03-2013 Tool run by Michael Kempen on di 26-03-2013 at 9:33:37,09. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\viakaraokesrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\StickyPad\StickyPad.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\pdf24\pdf24.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wuauclt.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\taskhost.exe C:\Windows\splwow64.exe C:\Users\Michael Kempen\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.02) - Nederlands AMD VISION Engine Control Center Ashampoo Burning Studio Elements 10.0.9 avast Free Antivirus BrowserProtect Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish D3DX10 Delta Chrome Toolbar Delta toolbar Google Chrome Google Update Helper Java 7 Update 17 Java Auto Updater Junk Mail filter update LibreOffice 4.0.1.2 MAGIX Speed burnR (MSI) MAGIX USB-Videowandler 2 MAGIX Video easy Red uw video's 6 Malwarebytes Anti-Malware versie 1.70.0.1100 Microsoft Office File Validation Add-In Microsoft Office FrontPage 2003 Microsoft Office Professional Editie 2003 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSXML 4.0 SP3 Parser PDF24 Creator 5.3.0 Photo Common Photo Gallery Platform Realtek Ethernet Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) simplitec simplicheck SkypeT 6.1 SpywareBlaster 5.0 StickyPad Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VIA Platform apparaatbeheer Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== FireFox Fix ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- - - - Updated - - - Vorige was te vroeg ... hier correct:!!! Zoek.exe Version 4.0.0.2 Updated 23-03-2013 Tool run by Michael Kempen on di 26-03-2013 at 9:33:37,09. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\viakaraokesrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\StickyPad\StickyPad.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\pdf24\pdf24.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wuauclt.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\taskhost.exe C:\Windows\splwow64.exe C:\Users\Michael Kempen\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.02) - Nederlands AMD VISION Engine Control Center Ashampoo Burning Studio Elements 10.0.9 avast Free Antivirus BrowserProtect Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish D3DX10 Delta Chrome Toolbar Delta toolbar Google Chrome Google Update Helper Java 7 Update 17 Java Auto Updater Junk Mail filter update LibreOffice 4.0.1.2 MAGIX Speed burnR (MSI) MAGIX USB-Videowandler 2 MAGIX Video easy Red uw video's 6 Malwarebytes Anti-Malware versie 1.70.0.1100 Microsoft Office File Validation Add-In Microsoft Office FrontPage 2003 Microsoft Office Professional Editie 2003 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSXML 4.0 SP3 Parser PDF24 Creator 5.3.0 Photo Common Photo Gallery Platform Realtek Ethernet Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) simplitec simplicheck SkypeT 6.1 SpywareBlaster 5.0 StickyPad Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VIA Platform apparaatbeheer Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources ==== FireFox Fix ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Deleting Files \ Folders ====================== "C:\Users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences" deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not deleted "C:\Program Files (x86)\Delta" deleted "C:\Users\Michael Kempen\AppData\Roaming\BabSolution" deleted "C:\Users\Michael Kempen\AppData\Roaming\Babylon" deleted "C:\Users\Michael Kempen\AppData\Roaming\Delta" deleted "C:\Windows\SysWow64\searchplugins" deleted "C:\Windows\SysWow64\Extensions" deleted "C:\ProgramData\BrowserProtect" not deleted "C:\ProgramData\Babylon" deleted "C:\Users\Michael Kempen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect" deleted "C:\ProgramData\BrowserProtect\2.6.1095.52" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components" not deleted "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content" not deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-03-20 15:03:21 09D070447459C9832398ADD83F356201 573870671 ----a-w- C:\Windows\MEMORY.DMP 2013-03-20 14:44:09 2945E52CDE2CCD7E320C317FA3B17AA9 392 ----a-w- C:\Windows\ODBC.INI 2013-03-13 16:22:18 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ativpsrm.bin 2013-03-13 16:15:42 F9F4905664C5B42B49E78EFA12D1A6B6 20 ----a-w- C:\Windows\øôp 2013-03-13 13:45:51 332FEAB1435662FC6C672E25BEB37BE3 2871808 ----a-w- C:\Windows\explorer.exe 2013-03-13 13:45:23 127AA81343A7C6F665C22CB1293B0A90 67072 ----a-w- C:\Windows\splwow64.exe 2013-03-13 13:09:09 8C0E100191448D5C997C1D39F98EF4E9 41664 ----a-w- C:\Windows\avastSS.scr 2013-03-13 13:02:35 0E21133A8CD4C1220961DD9ABD3CDF91 414632 ------w- C:\Windows\difxapi.dll 2013-03-13 12:59:37 718FECF22BF4BD4FC05B79AA4BEC75D0 1769 ----a-w- C:\Windows\Language_trs.ini 2013-03-13 12:59:30 3CEB53149E92C642296DD609231DFED1 37967 ----a-w- C:\Windows\Ascd_tmp.ini ====== C:\Users\MICHAE~1\AppData\Local\Temp ==== 2013-03-14 19:57:32 9A630C8A9A35C1CC3258706368918F42 16820088 ----atw- C:\Users\MICHAE~1\AppData\Local\Temp\pdf24-creator-update.exe 2013-03-14 19:16:45 9ADE7A15BF99B343354E1FAEB47FAB67 775664 ----a-w- C:\Users\MICHAE~1\AppData\Local\Temp\DeltaTB.exe 2013-03-14 19:16:45 95CF4D943307589F6E895759A2869308 27870624 ----a-w- C:\Users\MICHAE~1\AppData\Local\Temp\TuneUpUtilities2013_nl-NL.exe ====== C:\Windows\SysWOW64 ===== 2013-03-18 09:09:05 F003B6C8BFD5F675A4DD398D2A8AEB63 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-03-13 16:12:54 8A4CEBF34370D689E198E6673C1F2C40 74072 ----a-w- C:\Windows\SysWOW64\XAPOFX1_5.dll 2013-03-13 16:12:54 81DFDDFB401D663BA7E6AD1C80364216 527192 ----a-w- C:\Windows\SysWOW64\XAudio2_7.dll 2013-03-13 16:12:54 1C9B45E87528B8BB8CFA884EA0099A85 2106216 ----a-w- C:\Windows\SysWOW64\D3DCompiler_43.dll 2013-03-13 16:12:48 8E0BB968FF41D80E5F2C747C04DB79AE 248672 ----a-w- C:\Windows\SysWOW64\d3dx11_43.dll 2013-03-13 16:11:48 501AC862517C5445742BEE8A2B88414E 453456 ----a-w- C:\Windows\SysWOW64\d3dx10_42.dll 2013-03-13 16:10:21 26AF232140C88B42D92A88F2198EDF6A 3426072 ----a-w- C:\Windows\SysWOW64\d3dx9_32.dll 2013-03-13 15:03:40 B4834F08230A2EB7F498DE4E5B6AB814 74240 ----a-w- C:\Windows\SysWOW64\fsutil.exe 2013-03-13 15:03:40 5C3F9DBA818CD93379D1A0F215270374 1699328 ----a-w- C:\Windows\SysWOW64\esent.dll 2013-03-13 14:09:22 F0D4AE074D9BC0741DC6E91C741F2F8C 23040 ----a-w- C:\Windows\SysWOW64\licmgr10.dll 2013-03-13 14:09:22 EC68C565EFEE1AAE6174C17F826C9384 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-03-13 14:09:22 E3FA8AEAA2F40EC1BB00FEFB2C4F3AD9 14317568 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-03-13 14:09:22 E14A07B768EC49D382CABCE2F078D576 232960 ----a-w- C:\Windows\SysWOW64\url.dll 2013-03-13 14:09:22 DEFB55D4FF094673DF31FA89A8A8A2F0 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2013-03-13 14:09:22 C68FBBF01E86CB6CF0B797748FBD6C1A 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2013-03-13 14:09:22 C28A634CF127DA67D566B5E14D0A0170 719360 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2013-03-13 14:09:22 C225E5307D8D4982A1687F2702C37C78 158720 ----a-w- C:\Windows\SysWOW64\msls31.dll 2013-03-13 14:09:22 BA15504FA59A8DC304F1CBAEBA6252A1 1766912 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-03-13 14:09:22 B96C13B5C85AC4240FE95DE115945D59 38400 ----a-w- C:\Windows\SysWOW64\imgutil.dll 2013-03-13 14:09:22 B3D105459BBA576A763E8C061E49F5C5 1129984 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-03-13 14:09:22 AFE08AAD4D0D54FE2EF44739255AAA0F 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-03-13 14:09:22 AF0332E09DDBE0172237D1958A7DADB8 79872 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2013-03-13 14:09:22 A7E8E3A9F92D9B0D495F636A1D282883 48640 ----a-w- C:\Windows\SysWOW64\mshtmler.dll 2013-03-13 14:09:22 A3DA36A9E63FD0F9B45781E326AC6501 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-03-13 14:09:22 9DF7A7C74D8632CB5EBD37E3A374825E 204800 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2013-03-13 14:09:22 9D9AC6CE9A9D951AC40DE91CD6F0A620 1441280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2013-03-13 14:09:22 96E0F0BED5D9EBABB899D8CA83C36A7E 523264 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2013-03-13 14:09:22 932571EFF79B93F94E84ADF4989A277F 69120 ----a-w- C:\Windows\SysWOW64\icardie.dll 2013-03-13 14:09:22 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\SysWOW64\ieapfltr.dat 2013-03-13 14:09:22 8A45166CD9874463AB76B552C9C2D3AD 110592 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll 2013-03-13 14:09:22 87E71F2A83681F41B796CA685818EF2D 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll 2013-03-13 14:09:22 87513A002B7B0F9C259F2431DFD008DC 137216 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2013-03-13 14:09:22 84AC80FCD61D389948B8C0E47623B79B 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-03-13 14:09:22 828B4A41BE891A7AEC07E693422B4A3A 117248 ----a-w- C:\Windows\SysWOW64\iepeers.dll 2013-03-13 14:09:22 826D75A36336858B004774792DC4CF4F 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2013-03-13 14:09:22 81C4D657D37C3A5418B54BFECE821B84 57344 ----a-w- C:\Windows\SysWOW64\pngfilt.dll 2013-03-13 14:09:22 80B47F0F45C3EBF41C30E0BA367D25D3 125440 ----a-w- C:\Windows\SysWOW64\occache.dll 2013-03-13 14:09:22 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-03-13 14:09:22 66D8CDC28A0AADDA34133AE733934658 2046464 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-03-13 14:09:22 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe 2013-03-13 14:09:22 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\SysWOW64\wextract.exe 2013-03-13 14:09:22 50EE6790FBBCE920FFABAD5D747F2788 391680 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-03-13 14:09:22 4BF21D1946E8119D9C23F6F925D43F01 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-03-13 14:09:22 4A47CAEA8D3B82DE439A79771ECED4B1 361984 ----a-w- C:\Windows\SysWOW64\html.iec 2013-03-13 14:09:22 49C9634AD2516448A0250812B7F5325C 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-03-13 14:09:22 414A3D9AAE072CDEFE0B64C2EBEE18D2 61952 ----a-w- C:\Windows\SysWOW64\tdc.ocx 2013-03-13 14:09:22 404FAD93ABFBD86D1AAAB47D5DFA6505 242200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2013-03-13 14:09:22 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\SysWOW64\mshta.exe 2013-03-13 14:09:22 338520304B99471BD0ED121954FE7863 82432 ----a-w- C:\Windows\SysWOW64\inseng.dll 2013-03-13 14:09:22 2D7A29C35D0894481A69FA3AC45F18F0 41984 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll 2013-03-13 14:09:22 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\SysWOW64\ieuinit.inf 2013-03-13 14:09:22 1DACF9167B6544536B6E9813EC026703 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2013-03-13 14:09:22 0F44172A5B34E8F208CD0F209EDD4A73 629248 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2013-03-13 14:09:22 06A2617B25C920887D80E8A79B7E48EA 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2013-03-13 14:09:22 059F9C59DAEDE8AF2C8C55BE278A99B0 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll 2013-03-13 14:09:22 0402BFC25AB49E02256BC24E32829773 185344 ----a-w- C:\Windows\SysWOW64\elshyph.dll 2013-03-13 14:09:22 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\SysWOW64\iexpress.exe 2013-03-13 14:04:06 E6446AB7A7E602CAFF51ACA3C68C1526 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll 2013-03-13 14:04:06 D3F64318307CEC05CBDE533D99976532 16896 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll 2013-03-13 14:04:06 A9D4140B8B843D5719F7C3EED8C0F9FD 37376 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2013-03-13 14:04:06 8999F18D38D55E34D356796507FFD639 192000 ----a-w- C:\Windows\SysWOW64\rdpendp_winip.dll 2013-03-13 14:04:06 40FF6C636380A87DE3A99F4E348BFDCB 1048064 ----a-w- C:\Windows\SysWOW64\mstsc.exe 2013-03-13 14:04:06 3F853160DEE5B71B9AD2F1BAF2B1E55B 46592 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll 2013-03-13 14:04:05 EF1689081813A60D4610FF429530BA36 4916224 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2013-03-13 13:53:50 E32230F4135D507E79509C998F4D8C92 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll 2013-03-13 13:53:50 83EDF12A090F0B66CDC9F7390A701521 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll 2013-03-13 13:53:49 5DAF8A6B7F127C4E70A5C1F707347859 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll 2013-03-13 13:50:45 8B285BDAB7735FDFB18E6F7122923B77 187392 ----a-w- C:\Windows\SysWOW64\UIAnimation.dll 2013-03-13 13:50:45 600A65F922CCDCBB2D11467914241556 2284544 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-03-13 13:50:43 545F1BAAADD0BF1F4FE4586293FCA07D 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll 2013-03-13 13:50:41 D4F264FE23F8953D840904418220C15E 293376 ----a-w- C:\Windows\SysWOW64\dxgi.dll 2013-03-13 13:50:41 C7A730AFB80B11F93EFC81B1D6F920D7 364544 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-03-13 13:50:41 B3170CCC779B682C3341873EA60CF084 1988096 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll 2013-03-13 13:50:41 6A13B4F3B3F575F1E24B877B9359AABA 10752 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-03-13 13:50:41 6951562DC4625EEFC6EACD52AD165866 9728 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-13 13:50:41 60F4AEFA103D421EA4A40E31409B4756 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-13 13:50:41 589CBC4989F750E1DA35625AB481CF43 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-13 13:50:41 49ACA548B2423F1C67898E6AC719A9A6 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-13 13:50:41 3C1936A12C62254F914A01BBC6A8DC69 161792 ----a-w- C:\Windows\SysWOW64\d3d10_1.dll 2013-03-13 13:50:41 3BE0D923AA45A4DBE091C2D84F0B4FE7 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-13 13:50:41 2E33DFD10F28F86C3FC40EE123CC3904 2560 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-03-13 13:50:41 1C60E09CA1C3A045BC4D367F67C915B7 5632 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-13 13:50:41 007863E45F25AA47A4C30D0930BBFD85 5632 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-13 13:50:40 FB3F036EF6A467F7AF46C821FF5D198D 220160 ----a-w- C:\Windows\SysWOW64\d3d10core.dll 2013-03-13 13:50:40 D4212AB475A3B25EC4DF574536C3EDC5 249856 ----a-w- C:\Windows\SysWOW64\d3d10_1core.dll 2013-03-13 13:50:40 8504944851DF6175CC489A8F3328459E 1080832 ----a-w- C:\Windows\SysWOW64\d3d10.dll 2013-03-13 13:50:40 7ACDFB4CC67F4993DF0E0731576309B2 1504768 ----a-w- C:\Windows\SysWOW64\d3d11.dll 2013-03-13 13:50:40 6A7B5A3EFCCDB53DA41CF6838056990F 1158144 ----a-w- C:\Windows\SysWOW64\XpsPrint.dll 2013-03-13 13:50:40 62A6EB5771580CAE445804389F3F7432 207872 ----a-w- C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-03-13 13:50:40 4FF3EC04CD47DD62181894B71B004E40 604160 ----a-w- C:\Windows\SysWOW64\d3d10level9.dll 2013-03-13 13:50:40 4277F5164DE9B7C665BB928B9145BEE0 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2013-03-13 13:50:39 9FF8F684BACF326082E5562F7C104A79 3419136 ----a-w- C:\Windows\SysWOW64\d2d1.dll 2013-03-13 13:50:39 3BCECD87AB4E6743BFB45B352AD1A529 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2013-03-13 13:50:26 B2DB6ABA2E292235749B80A9C3DFA867 159232 ----a-w- C:\Windows\SysWOW64\imagehlp.dll 2013-03-13 13:50:26 907281ED4AD35D41B29FFDC211EBAD80 5120 ----a-w- C:\Windows\SysWOW64\wmi.dll 2013-03-13 13:47:51 E954A79D6A754A5475582CACED1565E6 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2013-03-13 13:47:51 AC0B6F41882FC6ED186962D770EBF1D2 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2013-03-13 13:47:51 1153AC6E133AA849853DFD407B086B80 420064 ----a-w- C:\Windows\SysWOW64\locale.nls 2013-03-13 13:47:32 ED59143843560B5EDB543C2A48CB9E4B 45568 ----a-w- C:\Windows\SysWOW64\oflc-nz.rs 2013-03-13 13:47:32 A704E750245D5D4EE4A23E99A00F27D5 46592 ----a-w- C:\Windows\SysWOW64\fpb.rs 2013-03-13 13:47:32 6EC618588447B82EA8D88719EE46F725 43520 ----a-w- C:\Windows\SysWOW64\csrr.rs 2013-03-13 13:47:31 DDD1C4AB9A9DAE6D4092C4C95E714650 51712 ----a-w- C:\Windows\SysWOW64\esrb.rs 2013-03-13 13:47:31 A067A19A91C2AA0198F9BD01A5CEF5C6 21504 ----a-w- C:\Windows\SysWOW64\grb.rs 2013-03-13 13:47:31 9EDCFA23CC081E38C86CA309D0F7E3DC 30720 ----a-w- C:\Windows\SysWOW64\usk.rs 2013-03-13 13:47:31 9B7D7F4D1F79E8B7D727BE94B1630D59 44544 ----a-w- C:\Windows\SysWOW64\pegibbfc.rs 2013-03-13 13:47:31 64E211E0FDFCE4D186DF58BB7D0503BC 2576384 ----a-w- C:\Windows\SysWOW64\gameux.dll 2013-03-13 13:47:31 5109C45498BC709C8A7E016D5FFCCAC2 20480 ----a-w- C:\Windows\SysWOW64\pegi.rs 2013-03-13 13:47:31 4F5C56DBF076D5BBB1D22B37BF281396 20480 ----a-w- C:\Windows\SysWOW64\pegi-pt.rs 2013-03-13 13:47:31 43C9CF6825CEA58F1815B7C3DBBB385C 308736 ----a-w- C:\Windows\SysWOW64\Wpc.dll 2013-03-13 13:47:31 41CE7975CAD7BCF92538D2C452239523 40960 ----a-w- C:\Windows\SysWOW64\cob-au.rs 2013-03-13 13:47:31 27828AAA24AA46F11036954ADE355C1C 15360 ----a-w- C:\Windows\SysWOW64\djctq.rs 2013-03-13 13:47:30 CBC69A055EF410CBD65593E4808B6DB4 23552 ----a-w- C:\Windows\SysWOW64\oflc.rs 2013-03-13 13:47:30 7752619457598CF057C4CC02A0867029 55296 ----a-w- C:\Windows\SysWOW64\cero.rs 2013-03-13 13:47:30 72035C97983745E742D71E9A8EF70BBB 20480 ----a-w- C:\Windows\SysWOW64\pegi-fi.rs 2013-03-13 13:47:24 5078492B9CAC9CB721698DB51F039035 175104 ----a-w- C:\Windows\SysWOW64\netcorehc.dll 2013-03-13 13:47:24 23FC8068953C9BE2D63AE4EF1129112A 18944 ----a-w- C:\Windows\SysWOW64\netevent.dll 2013-03-13 13:47:24 140D9F911182357626165EA0BEB98C4F 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll 2013-03-13 13:47:24 0BA65122FFA7E37564EE86422DBF7AE8 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll 2013-03-13 13:47:14 52CCA2E9FFD0653CACED1E808AADE4B6 492032 ----a-w- C:\Windows\SysWOW64\win32spl.dll 2013-03-13 13:47:12 29E9794708DF51DB5DC89FB2E903A0F6 12873728 ----a-w- C:\Windows\SysWOW64\shell32.dll 2013-03-13 13:47:08 82FF919E9236B0137B5C7455B0E1418A 3913064 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2013-03-13 13:47:08 660100CB90F344040EF57F52FC0681C3 3967848 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2013-03-13 13:47:04 B39B8CC163C41B12FE83E777199F3378 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2013-03-13 13:46:58 3B7C1A53047FF6ACEFD9BA6E281DEBB7 805376 ----a-w- C:\Windows\SysWOW64\cdosys.dll 2013-03-13 13:46:55 EAADD6E47ED2A7003ACE1793B98CF63F 1389568 ----a-w- C:\Windows\SysWOW64\msxml6.dll 2013-03-13 13:46:55 A45CB10FC8C4DCA23F96FE4D334F64FE 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2013-03-13 13:46:55 21D3A18769EC2C4E56756D04E989A221 1236992 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2013-03-13 13:46:53 92FB57D9D865019D26346EB13E15CD75 642048 ----a-w- C:\Windows\SysWOW64\CPFilters.dll 2013-03-13 13:46:53 4D05D7A79E970398D8C687712E65A9B0 850944 ----a-w- C:\Windows\SysWOW64\sbe.dll 2013-03-13 13:46:53 246560C5B7995489F25BF9175F2B6380 199680 ----a-w- C:\Windows\SysWOW64\mpg2splt.ax 2013-03-13 13:46:52 FB19FC5951A88F3C523E35C2C98D23C0 314880 ----a-w- C:\Windows\SysWOW64\webio.dll 2013-03-13 13:46:50 03F3B770DFBED6131653CEDA8CA780F0 442880 ----a-w- C:\Windows\SysWOW64\ntshrui.dll 2013-03-13 13:46:36 ED27D1D75BF5E683AD3EDD9E3123520A 741376 ----a-w- C:\Windows\SysWOW64\inetcomm.dll 2013-03-13 13:46:35 0241CB16136B9A4939CA0395768AE286 1401344 ----a-w- C:\Windows\SysWOW64\mssrch.dll 2013-03-13 13:46:34 E1AC89F6C5252057E6062843E36A6701 164352 ----a-w- C:\Windows\SysWOW64\SearchProtocolHost.exe 2013-03-13 13:46:34 DB67C7C62038BDE813CB6486581A7611 337408 ----a-w- C:\Windows\SysWOW64\mssph.dll 2013-03-13 13:46:34 A6CD6B3F71E13E2E45B727FB8A47EA87 86528 ----a-w- C:\Windows\SysWOW64\SearchFilterHost.exe 2013-03-13 13:46:34 987323F0247D023AD1AE52195540ECE0 666624 ----a-w- C:\Windows\SysWOW64\mssvp.dll 2013-03-13 13:46:34 5BDF8B0B9A3EADE3A2A6F2ED8D44E36D 197120 ----a-w- C:\Windows\SysWOW64\mssphtb.dll 2013-03-13 13:46:34 465DBF63A5049E4DB4BC5C12FFE781CB 1549312 ----a-w- C:\Windows\SysWOW64\tquery.dll 2013-03-13 13:46:34 2DC6285EC4F902BE08E7C5FA6D3FD017 59392 ----a-w- C:\Windows\SysWOW64\msscntrs.dll 2013-03-13 13:46:34 236F286E103FD44BD85FDD93097FD5DD 427520 ----a-w- C:\Windows\SysWOW64\SearchIndexer.exe 2013-03-13 13:46:32 E7A4DE9232E097829F62755BC0ABE0F2 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2013-03-13 13:46:32 79FCCC6662CA3DB6E6D2F1FCF3060FB5 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2013-03-13 13:46:32 61386FEAEFAD1AF971578602130A22B6 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2013-03-13 13:46:32 4F0C624E8E2BE4A8DB0820337B15395D 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2013-03-13 13:46:31 990702DB35E3698AFB298D8743DACF53 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2013-03-13 13:46:26 20104EA66332D24D7C65BBB087C56737 123904 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2013-03-13 13:46:25 DC6612A9EE015A36BA2A27BC9CC12537 1137664 ----a-w- C:\Windows\SysWOW64\mfc42.dll 2013-03-13 13:46:25 24CAEDCD73B5B0E22226283B7B2468C7 1164288 ----a-w- C:\Windows\SysWOW64\mfc42u.dll 2013-03-13 13:46:22 BFB26890612FB8AE8B0463EBEBE84B7E 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2013-03-13 13:46:22 AF78F66116814FDD6677CEBD73035CDD 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll 2013-03-13 13:46:22 A113AFEED3159A1ED52D78CB0226006D 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2013-03-13 13:46:16 EF71BA5DF59034962B0C62314A71351A 193536 ----a-w- C:\Windows\SysWOW64\dhcpcore6.dll 2013-03-13 13:46:16 81F6C1AE23B1C493D9E996C3103915D7 44032 ----a-w- C:\Windows\SysWOW64\dhcpcsvc6.dll 2013-03-13 13:46:15 8E01332CC4B68BC6B5B7EFFE374442AA 233472 ----a-w- C:\Windows\SysWOW64\oleacc.dll 2013-03-13 13:46:15 6C765E82B57F2E66CE9C54AC238471D9 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll 2013-03-13 13:46:08 B40420876B9288E0A1C8CCA8A84E5DC9 270336 ----a-w- C:\Windows\SysWOW64\dnsapi.dll 2013-03-13 13:46:08 ACBC1FB1950AC0C41944A6C8917032EF 28672 ----a-w- C:\Windows\SysWOW64\dnscacheugc.exe 2013-03-13 13:46:03 68DCA1777D7224A79A9DC3D47BED6D32 75776 ----a-w- C:\Windows\SysWOW64\psisrndr.ax 2013-03-13 13:46:03 00ADF21DE55AA97297FAC65E4F3A0256 465408 ----a-w- C:\Windows\SysWOW64\psisdecd.dll 2013-03-13 13:46:01 EF37EDC20412A01DDD9A42E8D939A5A3 163840 ----a-w- C:\Windows\SysWOW64\odbctrac.dll 2013-03-13 13:46:01 E2D83DAA6A229CFDAF129189A9245889 86016 ----a-w- C:\Windows\SysWOW64\odbccu32.dll 2013-03-13 13:46:01 66ABBF38123D3113BB55EBAFCF37AB92 122880 ----a-w- C:\Windows\SysWOW64\odbccp32.dll 2013-03-13 13:46:01 534BF06B2DEE965A1389A9312545AE03 81920 ----a-w- C:\Windows\SysWOW64\odbccr32.dll 2013-03-13 13:46:01 3FDB77D0BBEEB36AE35077ABC0BF80EC 319488 ----a-w- C:\Windows\SysWOW64\odbcjt32.dll 2013-03-13 13:45:59 0AE0C4955E1DE29CCDC9DA1B816FE5EE 1328128 ----a-w- C:\Windows\SysWOW64\quartz.dll 2013-03-13 13:45:58 BDA0B954A30498B5A7EDC6204CBA07ED 542208 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2013-03-13 13:45:57 7E9917D5309A90E7576653BFE39F80D8 478720 ----a-w- C:\Windows\SysWOW64\timedate.cpl 2013-03-13 13:45:53 BF6D6ED5FADCEEE885BD0144ECF1BA27 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2013-03-13 13:45:53 813845D5C5D8325CA5E8B1F547016378 534528 ----a-w- C:\Windows\SysWOW64\EncDec.dll 2013-03-13 13:45:51 8B88EBBB05A0E56B7DCC708498C02B3E 2616320 ----a-w- C:\Windows\SysWOW64\explorer.exe 2013-03-13 13:45:50 310F6F492A3B4B1020ED9BF9CCBBE6B6 376832 ----a-w- C:\Windows\SysWOW64\dpnet.dll 2013-03-13 13:45:49 B7230010D97787AF3D25E4C82F2B06B9 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll 2013-03-13 13:45:49 17448AF0BBA9E7AB5EC955AF93F271BD 172544 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2013-03-13 13:45:47 E73B0F1819602CB6EF176FB78D76A47B 1292080 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2013-03-13 13:45:45 EDF2A5E96BEC469DA3F64E9BDD386111 180224 ----a-w- C:\Windows\SysWOW64\xmllite.dll 2013-03-13 13:45:43 A6C29DB53ECA94FA8591C5388D604B82 2342400 ----a-w- C:\Windows\SysWOW64\msi.dll 2013-03-13 13:45:43 33B26FA5DBEB69FFAB703EDCB4E6DE4A 514560 ----a-w- C:\Windows\SysWOW64\qdvd.dll 2013-03-13 13:45:42 A81331D7EB6C5D1F7B1E4E4FC15F3EC0 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2013-03-13 13:45:40 72910F1DEB838E6E08A9017BFB7D4F0B 41984 ----a-w- C:\Windows\SysWOW64\browcli.dll 2013-03-13 13:45:40 2FCA0D2C59A855C54BAFA22AA329DF0F 57344 ----a-w- C:\Windows\SysWOW64\netapi32.dll 2013-03-13 13:45:39 F436E847FA799ECD75AD8C313673F450 145920 ----a-w- C:\Windows\SysWOW64\cfgmgr32.dll 2013-03-13 13:45:39 B28BD86791468F427321458985F6A0E3 252928 ----a-w- C:\Windows\SysWOW64\drvinst.exe 2013-03-13 13:45:39 2EEFF4502F5E13B1BED4A04CCAD64C08 64512 ----a-w- C:\Windows\SysWOW64\devobj.dll 2013-03-13 13:45:39 162D247E995EAEBF3EF4289069E1111C 44544 ----a-w- C:\Windows\SysWOW64\devrtl.dll 2013-03-13 13:45:38 5D1BFF0FCE80F9E2E539F436710D4A79 31232 ----a-w- C:\Windows\SysWOW64\prevhost.exe 2013-03-13 13:45:37 9DC80A8AAAAAC397BDAB3C67165A824E 690688 ----a-w- C:\Windows\SysWOW64\msvcrt.dll 2013-03-13 13:45:33 D23E615E0969AECC1134E372B0B295D1 78336 ----a-w- C:\Windows\SysWOW64\synceng.dll 2013-03-13 13:36:07 CA79539D3D4C0BA66F0F051A5EE5E923 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2013-03-13 13:36:07 96C0E38905CFD788313BE8E11DAE3F2F 140288 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2013-03-13 13:36:07 60D21799A4AF4EDCE65FB98830E4B0C8 1159680 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2013-03-13 13:35:28 7B90C5F0A510852036822EE860CABF26 67072 ----a-w- C:\Windows\SysWOW64\packager.dll 2013-03-13 13:16:40 1FBCCC1C540ACC4EB3F718B659ED63CA 693976 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-03-13 13:16:40 19718827ED5CA9E0D82AF2F0C5791A6E 73432 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-03-13 13:13:03 3E62CF18441A03A440B280182E4B6935 129872 ----a-w- C:\Windows\SysWOW64\MSSTDFMT.DLL 2013-03-13 13:09:41 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\SysWOW64\config.nt 2013-03-13 13:07:37 86F34E7288DA428E38E2D8C7E806A871 826880 ----a-w- C:\Windows\SysWOW64\rdpcore.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-03-15 07:39:00 93B9E4D0B7BD601372C5B50FE0381533 385024 ----a-w- C:\Windows\Sysnative\CNMLMA4.DLL 2013-03-13 16:12:54 E9739AE8B2FA28DCD6F2EF5525DA8827 77656 ----a-w- C:\Windows\Sysnative\XAPOFX1_5.dll 2013-03-13 16:12:54 ADA0C39D4EACDC81FD84163A95D62079 2526056 ----a-w- C:\Windows\Sysnative\D3DCompiler_43.dll 2013-03-13 16:12:54 4F7513FF4DE6303088DB28DCBCEF372C 518488 ----a-w- C:\Windows\Sysnative\XAudio2_7.dll 2013-03-13 16:12:48 9D6429F410597750B2DC2579B2347303 276832 ----a-w- C:\Windows\Sysnative\d3dx11_43.dll 2013-03-13 16:11:48 B739C423276AE62D7AC91773226EC13B 523088 ----a-w- C:\Windows\Sysnative\d3dx10_42.dll 2013-03-13 16:10:21 A4DDFE5DC4E73D1FED9B1B3A3D885612 4398360 ----a-w- C:\Windows\Sysnative\d3dx9_32.dll 2013-03-13 15:03:41 6804A0B4AAF1F65277FB8A58DE40EABC 96768 ----a-w- C:\Windows\Sysnative\fsutil.exe 2013-03-13 15:03:41 522B0466ED967A0762E9AF5B37D8F40A 2565632 ----a-w- C:\Windows\Sysnative\esent.dll 2013-03-13 14:37:41 6DE40F1C3E02C6E302F912208FFF08C2 72013344 ----a-w- C:\Windows\Sysnative\MRT.exe 2013-03-13 14:17:35 51DFBD18A435BAEC1F71A692373ECE4F 9728 ----a-w- C:\Windows\Sysnative\Wdfres.dll 2013-03-13 14:09:22 FC6B4D5450871A4D5CB344AFF6C090EF 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2013-03-13 14:09:22 F651D95B5043EFC20A6108A853553984 92160 ----a-w- C:\Windows\Sysnative\SetIEInstalledDate.exe 2013-03-13 14:09:22 EC08E38751854C5B8899139B7DD29FF9 197120 ----a-w- C:\Windows\Sysnative\msrating.dll 2013-03-13 14:09:22 EBA7F74ACC7FF61FF92C2072C92CEF14 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-03-13 14:09:22 E965529C43D25F2BDA77D705098BF777 135680 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll 2013-03-13 14:09:22 E1055A7FAD39F1F7C44F6152044056EA 905728 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2013-03-13 14:09:22 D9C10A4A0B3411146E6FC8936B079934 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe 2013-03-13 14:09:22 D8DD5CBB9668EEE98915EA49C72F78FA 441856 ----a-w- C:\Windows\Sysnative\html.iec 2013-03-13 14:09:22 D8076F8A3C34064582035AE6696DC34A 27648 ----a-w- C:\Windows\Sysnative\licmgr10.dll 2013-03-13 14:09:22 D6FCE28376454CDED6E9B144B6EF309A 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-03-13 14:09:22 D2685013EEF64BB5DCD252BAB5C5FAD0 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe 2013-03-13 14:09:22 D0F66CFAED5B85543216EF526D380B8B 270848 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2013-03-13 14:09:22 D0D4CE6C6CE87269A34A184356475D17 149504 ----a-w- C:\Windows\Sysnative\occache.dll 2013-03-13 14:09:22 CF1387441D1096DBD4A23E155F1EE958 173568 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2013-03-13 14:09:22 C6EEC6399077E12FA902BD31F009699E 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll 2013-03-13 14:09:22 C2F21E3059AFF5E616F3E361D9FA10CD 62976 ----a-w- C:\Windows\Sysnative\pngfilt.dll 2013-03-13 14:09:22 C28A152C8F971B209C685F1B34B0CBF4 855552 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-03-13 14:09:22 BC0D4AFBE94D8E1F81C8926D805C3366 247296 ----a-w- C:\Windows\Sysnative\webcheck.dll 2013-03-13 14:09:22 B3B0F58C489048D8DC1927164402EA31 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-03-13 14:09:22 ADE73A865A5F136E84F49BB6B1627C6E 1509376 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2013-03-13 14:09:22 A4DC3CD413A4D0E7CE805CAEC39CE724 15407616 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-03-13 14:09:22 9D8B838E173E6C69A735ADEF3C55D31D 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-03-13 14:09:22 96938C3BA9C09CEF29A7B909E3881538 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-03-13 14:09:22 942E110384668EEFF44751A02EDDF5E4 48640 ----a-w- C:\Windows\Sysnative\mshtmler.dll 2013-03-13 14:09:22 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\Sysnative\ieapfltr.dat 2013-03-13 14:09:22 82D602EBBBA6D08E4691F32269FD3494 12800 ----a-w- C:\Windows\Sysnative\msfeedssync.exe 2013-03-13 14:09:22 7EC25F7ABF7CE6B0FE93787524EE537B 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2013-03-13 14:09:22 7539E5B4A9763C22CE5CACE3E9A6246F 19221504 ----a-w- C:\Windows\Sysnative\mshtml.dll 2013-03-13 14:09:22 69F1D418B4C4EC23033D598E4CBC6B73 2240512 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-03-13 14:09:22 658E8FEC79A4AB5BFDE032627B5C9667 13824 ----a-w- C:\Windows\Sysnative\mshta.exe 2013-03-13 14:09:22 63CAE56FE4215F98FEB0188748A99378 52224 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll 2013-03-13 14:09:22 62077020B3106089469922A93EF3ECE1 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll 2013-03-13 14:09:22 5B64B732BD620A873A2FD74862CC9018 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2013-03-13 14:09:22 5B15164486C66B76699E1CD2CD2F3A2A 51200 ----a-w- C:\Windows\Sysnative\imgutil.dll 2013-03-13 14:09:22 5051BB40FFB2BA4870C0A059CA03294F 1054720 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2013-03-13 14:09:22 4E426A67C46379B75A5E671B46FC07F6 102912 ----a-w- C:\Windows\Sysnative\inseng.dll 2013-03-13 14:09:22 4CFBEC37E4FAD530E623E1541E1EA958 599552 ----a-w- C:\Windows\Sysnative\vbscript.dll 2013-03-13 14:09:22 440104AEB9DAF8AC9842080AE59740FA 77312 ----a-w- C:\Windows\Sysnative\tdc.ocx 2013-03-13 14:09:22 40738329209CBE2C9B48F7E30F7C1414 144896 ----a-w- C:\Windows\Sysnative\wextract.exe 2013-03-13 14:09:22 402D797A7905DC3C6FE11E75CD5252EB 235008 ----a-w- C:\Windows\Sysnative\url.dll 2013-03-13 14:09:22 364D3FB12030D214433E794A67CD4C41 526848 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-03-13 14:09:22 3531FA12A76A32ECECD972196775DF7C 226304 ----a-w- C:\Windows\Sysnative\elshyph.dll 2013-03-13 14:09:22 2AAE2B8FED8390879C2369FC63F7001F 97280 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2013-03-13 14:09:22 23C80181B93AA17DACB08A7474A8558B 2647552 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-03-13 14:09:22 23556D116D5FB93395B2A648EEB24251 81408 ----a-w- C:\Windows\Sysnative\icardie.dll 2013-03-13 14:09:22 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\Sysnative\ieuinit.inf 2013-03-13 14:09:22 18A94D6E9D27D169D38DAB91F6A97518 136192 ----a-w- C:\Windows\Sysnative\iepeers.dll 2013-03-13 14:09:22 1456EECCB5CF6B91513200F95D61706E 762368 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2013-03-13 14:09:22 112183DF91C9BAECB498E4A86ECDE598 216064 ----a-w- C:\Windows\Sysnative\msls31.dll 2013-03-13 14:09:22 0524F299A1C79CBB537AA03376C552B7 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll 2013-03-13 14:04:09 E9A0777DCA9148157E0EF9B71D7DE353 15360 ----a-w- C:\Windows\Sysnative\RdpGroupPolicyExtension.dll 2013-03-13 14:04:09 7B619C36F84720CB6AB77031B6F4FA60 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll 2013-03-13 14:04:09 0E894692EB8579703FB1EC8AB6908571 13312 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe 2013-03-13 14:04:07 09112DADA82F4700F833C2E40DFB59FC 18432 ----a-w- C:\Windows\Sysnative\wksprtPS.dll 2013-03-13 14:04:06 F059D17612BF074443C01FCCC8D5C905 54272 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll 2013-03-13 14:04:06 E98E2152251EB2576714B2CCE01555DC 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2013-03-13 14:04:06 D346E07D62E3D4BEAB040939744EC31B 228864 ----a-w- C:\Windows\Sysnative\rdpendp_winip.dll 2013-03-13 14:04:06 AE8535663AA64318D174CD7CA44ED947 62976 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe 2013-03-13 14:04:06 AD4D0AEDB5993EDA31EB80A54EDBC344 243200 ----a-w- C:\Windows\Sysnative\rdpudd.dll 2013-03-13 14:04:06 9EB297848DAACF111C36B6048EFF5AEA 43520 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll 2013-03-13 14:04:06 98C04A60A10777D99B569636C55FE91C 1123840 ----a-w- C:\Windows\Sysnative\mstsc.exe 2013-03-13 14:04:06 8F69EE5E0EB0779DC3E90DFD8D8E8683 3174912 ----a-w- C:\Windows\Sysnative\rdpcorets.dll 2013-03-13 14:04:06 87E8244DCB33A7A0836C66389B8874B6 322560 ----a-w- C:\Windows\Sysnative\aaclient.dll 2013-03-13 14:04:06 6846ECABF7034DD97EE1DE38F1DA16B4 384000 ----a-w- C:\Windows\Sysnative\wksprt.exe 2013-03-13 14:04:05 FF16B21E5C0C46A70B2CD4F65B87D9F1 5773824 ----a-w- C:\Windows\Sysnative\mstscax.dll 2013-03-13 13:59:58 85D6E8F735865B502D65D1D91A79E3F3 294912 ----a-w- C:\Windows\Sysnative\browserchoice.exe 2013-03-13 13:53:50 CB2ABB2DA1E9C977302A78D86D4AE3B0 367616 ----a-w- C:\Windows\Sysnative\atmfd.dll 2013-03-13 13:53:50 2ED72B3F76C9368ABC01464DA64DB7AE 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll 2013-03-13 13:53:50 0333ED5E203B6DBE909AC06EA52757D0 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll 2013-03-13 13:53:11 B20F051B03A966392364C83F009F7D17 84992 ----a-w- C:\Windows\Sysnative\WUDFSvc.dll 2013-03-13 13:53:11 B1DF2D87DC8BF6072699AC8301B37796 194048 ----a-w- C:\Windows\Sysnative\WUDFPlatform.dll 2013-03-13 13:53:10 F1617F1014D51987D517A4C37A7C733B 45056 ----a-w- C:\Windows\Sysnative\WUDFCoinstaller.dll 2013-03-13 13:53:10 8ABFE00F213F2571498F1B8FD7939A98 229888 ----a-w- C:\Windows\Sysnative\WUDFHost.exe 2013-03-13 13:53:10 25AE683DCB4AE7E6F1B193A0CB9DB35F 744448 ----a-w- C:\Windows\Sysnative\WUDFx.dll 2013-03-13 13:50:45 E8EEA503870CB6A6DC4E09A2433DF33E 2776576 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll 2013-03-13 13:50:45 04CB7C8FDC6D9640DD82A527208F72C4 221184 ----a-w- C:\Windows\Sysnative\UIAnimation.dll 2013-03-13 13:50:43 893E8C1E4A1263EDDB1A6922D0E32201 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll 2013-03-13 13:50:41 FB4045578F5180BDB1963AB352B78548 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-03-13 13:50:41 F5CEF064C7E6D95DA86B9D064A56A969 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-03-13 13:50:41 F49E92B50CED5C9F1725D3C0329FD933 10752 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-03-13 13:50:41 C498EF41B93986BCBD483597573EB96D 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll 2013-03-13 13:50:41 AFC3DB5C6EB8CA8017DDB81D6C0AD02A 9728 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-03-13 13:50:41 9AE80F6A66B30E3ED8CDF858CF28B11B 194560 ----a-w- C:\Windows\Sysnative\d3d10_1.dll 2013-03-13 13:50:41 9108540E866F75C7AF2B91DD921A8091 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-03-13 13:50:41 9094039A00485F71C4DE64BF51F64C46 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-version-l1-1-0.dll 2013-03-13 13:50:41 72723D3E4781BADC62C3180C137E7B23 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-user32-l1-1-0.dll 2013-03-13 13:50:41 6F623BD09CBB4C3F97374F12976E5EA5 522752 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll 2013-03-13 13:50:41 64A4AB126E24FD3F58EBE64852773DB5 2560 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-03-13 13:50:41 0E6FBF19D9DFBB77316C23DF91F8A101 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-03-13 13:50:40 FA428BDBCFAB9DC3D58F0BD2CCD50EA2 1682432 ----a-w- C:\Windows\Sysnative\XpsPrint.dll 2013-03-13 13:50:40 F1C19F0AA151B90A7416FA1D50DDB582 245248 ----a-w- C:\Windows\Sysnative\WindowsCodecsExt.dll 2013-03-13 13:50:40 C4C183E6551084039EC862DA1C945E3D 1175552 ----a-w- C:\Windows\Sysnative\FntCache.dll 2013-03-13 13:50:40 B2CA1AC17E78D986B22FD6C2261CD84F 1238528 ----a-w- C:\Windows\Sysnative\d3d10.dll 2013-03-13 13:50:40 AFB73882AE41E1629A63E6713FE30FB9 296960 ----a-w- C:\Windows\Sysnative\d3d10core.dll 2013-03-13 13:50:40 8DFB5752FCE145A6B295093C0A8BE131 363008 ----a-w- C:\Windows\Sysnative\dxgi.dll 2013-03-13 13:50:40 63F72417CA38D8FC8F53709649B589E3 333312 ----a-w- C:\Windows\Sysnative\d3d10_1core.dll 2013-03-13 13:50:40 63BB89DED1E9104E68D33E54DE4D340D 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll 2013-03-13 13:50:40 448B02AD260EC3E1E892FCE6DFDDEEBD 1887232 ----a-w- C:\Windows\Sysnative\d3d11.dll 2013-03-13 13:50:40 3834316FE8A653227282196525E07DFE 648192 ----a-w- C:\Windows\Sysnative\d3d10level9.dll 2013-03-13 13:50:39 BDDF242A49E7B7DC5CCEC291BCE53ACB 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2013-03-13 13:50:39 7E8A672B7B06A6EB11960C22E0360C59 3928064 ----a-w- C:\Windows\Sysnative\d2d1.dll 2013-03-13 13:50:26 C00DB14550E4BD49737F311C644E45FF 5120 ----a-w- C:\Windows\Sysnative\wmi.dll 2013-03-13 13:50:26 A1BE6A720D02E37F72E9CD89AE9CB3CF 81408 ----a-w- C:\Windows\Sysnative\imagehlp.dll 2013-03-13 13:47:51 BA69FBB4BFC88BA6AA8EB5A285393A72 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2013-03-13 13:47:51 65C113214F7B05820F6D8A65B1485196 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll 2013-03-13 13:47:51 5674E21E82CFBEA36DDAD5DB285D6DBC 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2013-03-13 13:47:51 1F56F209585F350A5666E3CC7931FD67 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2013-03-13 13:47:51 1BCDB508143B517F21BBDAC10F5777BF 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2013-03-13 13:47:51 1153AC6E133AA849853DFD407B086B80 420064 ----a-w- C:\Windows\Sysnative\locale.nls 2013-03-13 13:47:50 3EE3AA76D8AB6D5644C4C8F34471CEB3 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2013-03-13 13:47:50 259EB5F7D95A29842B476C5B3EB6E186 243200 ----a-w- C:\Windows\Sysnative\wow64.dll 2013-03-13 13:47:32 EBB73E4E8CA01089CF74ECE506EB7607 43520 ----a-w- C:\Windows\Sysnative\csrr.rs 2013-03-13 13:47:32 997938D423CE830161CB6059434E3C9F 45568 ----a-w- C:\Windows\Sysnative\oflc-nz.rs 2013-03-13 13:47:32 54B11BB2AFBC3D5EBA9C96F0C1820B9B 46592 ----a-w- C:\Windows\Sysnative\fpb.rs 2013-03-13 13:47:31 C4B0793E4B97AA36A2A8C81A7AA1979A 44544 ----a-w- C:\Windows\Sysnative\pegibbfc.rs 2013-03-13 13:47:31 A2E0F1E01A0983E9C94565BBEC862BF7 40960 ----a-w- C:\Windows\Sysnative\cob-au.rs 2013-03-13 13:47:31 6D540AF9B183FC97DC4CC54369561548 20480 ----a-w- C:\Windows\Sysnative\pegi-pt.rs 2013-03-13 13:47:31 661AE5EAC62C4598DD01795CEB915BAE 20480 ----a-w- C:\Windows\Sysnative\pegi.rs 2013-03-13 13:47:31 65A8302C7551CFE45FAA2BC085C9E7E2 15360 ----a-w- C:\Windows\Sysnative\djctq.rs 2013-03-13 13:47:31 5C48A43FC30FC61ECB1335DC646686BC 30720 ----a-w- C:\Windows\Sysnative\usk.rs 2013-03-13 13:47:31 4489D5D2CB4BA0799F3FB4625DE181CF 21504 ----a-w- C:\Windows\Sysnative\grb.rs 2013-03-13 13:47:31 2BCBA6052374959A30BD7948444DBB79 2746368 ----a-w- C:\Windows\Sysnative\gameux.dll 2013-03-13 13:47:31 027675ED9B34EE1B91505C3B8752649F 441856 ----a-w- C:\Windows\Sysnative\Wpc.dll 2013-03-13 13:47:30 D0C01412FBF59C1C25630C49F0C1B803 55296 ----a-w- C:\Windows\Sysnative\cero.rs 2013-03-13 13:47:30 9BB05674E013C35F4DAED51F5015355D 20480 ----a-w- C:\Windows\Sysnative\pegi-fi.rs 2013-03-13 13:47:30 51D25C805A01A2C4F930F9720CF51FFE 51712 ----a-w- C:\Windows\Sysnative\esrb.rs 2013-03-13 13:47:30 4773EB5962548068547214A620E9ACC3 23552 ----a-w- C:\Windows\Sysnative\oflc.rs 2013-03-13 13:47:24 DC4382E93770B3BF0774DB7FE46C8239 18944 ----a-w- C:\Windows\Sysnative\netevent.dll 2013-03-13 13:47:24 D4FAC263861BAE06971C7F7D0A8EBF15 216576 ----a-w- C:\Windows\Sysnative\ncsi.dll 2013-03-13 13:47:24 8AD77806D336673F270DB31645267293 303104 ----a-w- C:\Windows\Sysnative\nlasvc.dll 2013-03-13 13:47:24 59B3BE37BAFBD40715F45D580783738B 246272 ----a-w- C:\Windows\Sysnative\netcorehc.dll 2013-03-13 13:47:24 46BB91A169B9B31FF44EB04C48EC1D41 70656 ----a-w- C:\Windows\Sysnative\nlaapi.dll 2013-03-13 13:47:24 08C2957BB30058E663720C5606885653 569344 ----a-w- C:\Windows\Sysnative\iphlpsvc.dll 2013-03-13 13:47:14 0353B239C28B0E9EBC7FA3D1F6181661 750592 ----a-w- C:\Windows\Sysnative\win32spl.dll 2013-03-13 13:47:13 C6689007B3A749C49A5438DCF36E0CE4 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll 2013-03-13 13:47:09 6B0D9CF92C08D42533C12FC1A0B5403F 5553512 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2013-03-13 13:47:04 3D2D108E14AD21889A2621B94C80A3DD 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2013-03-13 13:46:58 1FEB1694B13247A451B274E114AFAC45 1133568 ----a-w- C:\Windows\Sysnative\cdosys.dll 2013-03-13 13:46:55 D0EC440FA8D306E4CEFC8CC4DEFD2AC4 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2013-03-13 13:46:55 99B91C5D2FCEF218CAD3600ECB62A799 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll 2013-03-13 13:46:55 371948BC5911ABA06168FAC91ED25F06 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll 2013-03-13 13:46:54 5A83C43DE44546370CAC4CD05B304F09 961024 ----a-w- C:\Windows\Sysnative\CPFilters.dll 2013-03-13 13:46:53 A5AE40808B72A25379A5499AD9977743 1118720 ----a-w- C:\Windows\Sysnative\sbe.dll 2013-03-13 13:46:53 1E452D8F44D82BFC256E02D0D6FD9608 259072 ----a-w- C:\Windows\Sysnative\mpg2splt.ax 2013-03-13 13:46:52 603EBD34E216C5654A2D774EAC98D278 395776 ----a-w- C:\Windows\Sysnative\webio.dll 2013-03-13 13:46:50 037A719DAD50603202C978CD802623E4 509952 ----a-w- C:\Windows\Sysnative\ntshrui.dll 2013-03-13 13:46:36 142E90CF1A4C5B6E7505810E38B07B9F 976896 ----a-w- C:\Windows\Sysnative\inetcomm.dll 2013-03-13 13:46:35 E0B340996A41C9A75DFA3B99BBA9C500 591872 ----a-w- C:\Windows\Sysnative\SearchIndexer.exe 2013-03-13 13:46:35 7568CC720ACE4D03B84AF97817E745EF 2223616 ----a-w- C:\Windows\Sysnative\mssrch.dll 2013-03-13 13:46:35 589DF683A6C81424A6CECE52ABF98A50 2315776 ----a-w- C:\Windows\Sysnative\tquery.dll 2013-03-13 13:46:34 E503E15C88B4BBDA3F6345E34FED3E92 778752 ----a-w- C:\Windows\Sysnative\mssvp.dll 2013-03-13 13:46:34 D9E21CBF9E6A87847AFFD39EA3FA28EE 249856 ----a-w- C:\Windows\Sysnative\SearchProtocolHost.exe 2013-03-13 13:46:34 4C219239ED8CC35CA41AD26B33A15624 288256 ----a-w- C:\Windows\Sysnative\mssphtb.dll 2013-03-13 13:46:34 49A3AD5CE578CD77F445F3D244AEAB2D 113664 ----a-w- C:\Windows\Sysnative\SearchFilterHost.exe 2013-03-13 13:46:34 48041BAEB60CE5F34F13CC2A1361E49C 491520 ----a-w- C:\Windows\Sysnative\mssph.dll 2013-03-13 13:46:34 093747DAE1C1A7F6DEA8D16E26D4F648 75264 ----a-w- C:\Windows\Sysnative\msscntrs.dll 2013-03-13 13:46:32 0C27239FEA4DB8A2AAC9E502186B7264 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2013-03-13 13:46:29 A236B1646E96AB06BE0F8D592B6D9A0D 245760 ----a-w- C:\Windows\Sysnative\OxpsConverter.exe 2013-03-13 13:46:28 C118A82CD78818C29AB228366EBF81C3 31232 ----a-w- C:\Windows\Sysnative\lsass.exe 2013-03-13 13:46:28 B66BC8B20B7F33975865B1DF99783FD8 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll 2013-03-13 13:46:28 3A0CE5FE781708CD6ABD55313607EC8B 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2013-03-13 13:46:28 0144D8D75A0B12938AEEE859E3310A46 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2013-03-13 13:46:26 F28D6538F76DC6ECFABF6176DBDD2664 142336 ----a-w- C:\Windows\Sysnative\poqexec.exe 2013-03-13 13:46:25 7E1CF52C347D8755E5CA5ED0E99B401E 1395712 ----a-w- C:\Windows\Sysnative\mfc42.dll 2013-03-13 13:46:25 19F9B524A525D202194247E96656CB88 1359872 ----a-w- C:\Windows\Sysnative\mfc42u.dll 2013-03-13 13:46:24 59E21156113E438D1D91AF4FC0C3B19F 3153408 ----a-w- C:\Windows\Sysnative\win32k.sys 2013-03-13 13:46:23 B7D42CB36C08FA017E73FF2433CD7287 340992 ----a-w- C:\Windows\Sysnative\schannel.dll 2013-03-13 13:46:22 685527DA09EBFB681E98C515978BDEE2 1448448 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2013-03-13 13:46:17 3CC16A849E6092E43909F48EF0E60306 226816 ----a-w- C:\Windows\Sysnative\dhcpcore6.dll 2013-03-13 13:46:16 3C06D5A929B798D0B13F6481242A0FD2 55296 ----a-w- C:\Windows\Sysnative\dhcpcsvc6.dll 2013-03-13 13:46:15 CF636C92B762B26F0B39B38E92380A09 331776 ----a-w- C:\Windows\Sysnative\oleacc.dll 2013-03-13 13:46:15 C06B32165E23A72A898B7A89679AD754 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll 2013-03-13 13:46:09 CDD0C92A653CAC881D780003E0C4E813 17792 ----a-w- C:\Windows\Sysnative\kdcom.dll 2013-03-13 13:46:09 8AE1C98D96EF1E63FB00A1BB3D14C959 642944 ----a-w- C:\Windows\Sysnative\winload.efi 2013-03-13 13:46:09 78C918D3612FE5937D32E488F053F10A 605552 ----a-w- C:\Windows\Sysnative\winload.exe 2013-03-13 13:46:09 722258D597A0CC4EEFF3AF338681E5B6 19328 ----a-w- C:\Windows\Sysnative\kd1394.dll 2013-03-13 13:46:09 5EF94FF9210ED73B9488C460D1FE173C 566208 ----a-w- C:\Windows\Sysnative\winresume.efi 2013-03-13 13:46:09 5A76F4B8D9D5D9D4C1153DFF4972C196 518672 ----a-w- C:\Windows\Sysnative\winresume.exe 2013-03-13 13:46:09 539AA23C29FAC72FB29D58F33E6931B1 20352 ----a-w- C:\Windows\Sysnative\kdusb.dll 2013-03-13 13:46:08 C7AC9A4D827774B19221D5FE068BF190 30208 ----a-w- C:\Windows\Sysnative\dnscacheugc.exe 2013-03-13 13:46:08 492D07D79E7024CA310867B526D9636D 357888 ----a-w- C:\Windows\Sysnative\dnsapi.dll 2013-03-13 13:46:08 16835866AAA693C7D7FCEBA8FFF706E4 183296 ----a-w- C:\Windows\Sysnative\dnsrslvr.dll 2013-03-13 13:46:03 78394F2B354BDC28C5C61837872DD132 108032 ----a-w- C:\Windows\Sysnative\psisrndr.ax 2013-03-13 13:46:03 050AF06F8B0463417E4AED9DA5816A65 613888 ----a-w- C:\Windows\Sysnative\psisdecd.dll 2013-03-13 13:46:02 F4F36FEABB4F86ACA6FFD8819D7642C5 106496 ----a-w- C:\Windows\Sysnative\odbccr32.dll 2013-03-13 13:46:02 D10E13E494C5B4437549BE6A4987125E 163840 ----a-w- C:\Windows\Sysnative\odbccp32.dll 2013-03-13 13:46:02 97DC40842B54AD4E961DECC9345F16FC 106496 ----a-w- C:\Windows\Sysnative\odbccu32.dll 2013-03-13 13:46:02 935AE3DFF21465D600185305479A03F7 212992 ----a-w- C:\Windows\Sysnative\odbctrac.dll 2013-03-13 13:45:59 44A8B9185030EA57F7999383643ADFFB 1572864 ----a-w- C:\Windows\Sysnative\quartz.dll 2013-03-13 13:45:58 44E1A196DFCB53B01FE4B855C3B56A15 715776 ----a-w- C:\Windows\Sysnative\kerberos.dll 2013-03-13 13:45:57 FB10715E4099AF9FA389C71873245226 515584 ----a-w- C:\Windows\Sysnative\timedate.cpl 2013-03-13 13:45:56 9E5D9177660A76FC8DECDC37A91A5B0D 9216 ----a-w- C:\Windows\Sysnative\rdrmemptylst.exe 2013-03-13 13:45:56 6D5DCC1579B3961D791ABDE286A1CB5E 77312 ----a-w- C:\Windows\Sysnative\rdpwsx.dll 2013-03-13 13:45:56 5B236296E233CAA6BF86BE0C6501A224 149504 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll 2013-03-13 13:45:54 96F587CA26A6AA894BD8CACE4540CFFC 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2013-03-13 13:45:54 1392A9F9E56A876C616D8A33FE272C78 723456 ----a-w- C:\Windows\Sysnative\EncDec.dll 2013-03-13 13:45:53 5F3307352216618221A17CFEF273EEE2 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2013-03-13 13:45:50 374CE9DAB2F0CB173B8FCF3AB8DB5D1B 478208 ----a-w- C:\Windows\Sysnative\dpnet.dll 2013-03-13 13:45:49 DBF99FD9CAF75CA66D042BD8D050FF71 800768 ----a-w- C:\Windows\Sysnative\usp10.dll 2013-03-13 13:45:49 AA06902362B1422D7A7DA7061E07C624 220160 ----a-w- C:\Windows\Sysnative\wintrust.dll 2013-03-13 13:45:47 CF95B85FF8D128385ABD411C8CA74DED 1731920 ----a-w- C:\Windows\Sysnative\ntdll.dll 2013-03-13 13:45:46 53E83F1F6CF9D62F32801CF66D8352A8 209920 ----a-w- C:\Windows\Sysnative\profsvc.dll 2013-03-13 13:45:46 45CFBFA8EDC3DF4E2B7FB0D0260FE051 956928 ----a-w- C:\Windows\Sysnative\localspl.dll 2013-03-13 13:45:45 6F8B48F3D343E4B186AB6A9E302B7E16 199680 ----a-w- C:\Windows\Sysnative\xmllite.dll 2013-03-13 13:45:43 973131EB99BE1E19DAC502CB724E72A5 366592 ----a-w- C:\Windows\Sysnative\qdvd.dll 2013-03-13 13:45:43 5EB6E9C8BE1ACC5830780E0F9A846255 3216384 ----a-w- C:\Windows\Sysnative\msi.dll 2013-03-13 13:45:42 D5164131D596A070FF9C82BC4A488F1F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2013-03-13 13:45:41 05F5A0D14A2EE1D8255C2AA0E9E8E694 136704 ----a-w- C:\Windows\Sysnative\browser.dll 2013-03-13 13:45:41 012787CEB35505EB78DF82E0A0072888 59392 ----a-w- C:\Windows\Sysnative\browcli.dll 2013-03-13 13:45:40 EEEA40F0EDB0A6E5359E539E15D0BC77 73216 ----a-w- C:\Windows\Sysnative\netapi32.dll 2013-03-13 13:45:39 25FBDEF06C4D92815B353F6E792C8129 404480 ----a-w- C:\Windows\Sysnative\umpnpmgr.dll 2013-03-13 13:45:38 5FAC5F264D61D99EE8961480818B9DEF 31232 ----a-w- C:\Windows\Sysnative\prevhost.exe 2013-03-13 13:45:37 C391FC68282A000CDF953F8B6B55D2EF 634880 ----a-w- C:\Windows\Sysnative\msvcrt.dll 2013-03-13 13:45:34 81A85BA8B536B70E035A9976F9D42873 267776 ----a-w- C:\Windows\Sysnative\FXSCOVER.exe 2013-03-13 13:45:33 8699D17DFCFCD327784034DB6BD3A422 95744 ----a-w- C:\Windows\Sysnative\synceng.dll 2013-03-13 13:45:33 639774C9ACD063F028F6084ABF5593AD 68608 ----a-w- C:\Windows\Sysnative\taskhost.exe 2013-03-13 13:45:23 85DAA09A98C9286D4EA2BA8D0E644377 559104 ----a-w- C:\Windows\Sysnative\spoolsv.exe 2013-03-13 13:36:07 9C01375BE382E834CC26D1B7EAF2C4FE 184320 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2013-03-13 13:36:07 8792BAB371B4B1589E015B6FD1ED3B15 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2013-03-13 13:36:07 12EE6FE9268CEE6D90FDCCBF89236C65 1464320 ----a-w- C:\Windows\Sysnative\crypt32.dll 2013-03-13 13:35:28 BACE7F36D65968FD07757B239B01F4E2 77312 ----a-w- C:\Windows\Sysnative\packager.dll 2013-03-13 13:09:41 DFA65F31129C35DA05767C8755DD183E 287840 ----a-w- C:\Windows\Sysnative\aswBoot.exe 2013-03-13 13:07:37 4474A8AEABD056DF636FD4FBEF49353B 1031680 ----a-w- C:\Windows\Sysnative\rdpcore.dll 2013-03-13 13:04:30 D9EF901DCA379CFE914E9FA13B73B4C4 2428952 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2013-03-13 13:04:30 C1C03EA437EDDA8A7D4D8786E5AE6751 57880 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2013-03-13 13:04:30 7FE0D0C8F53735EA17C9AE93EFE7AD5A 44056 ----a-w- C:\Windows\Sysnative\wups2.dll 2013-03-13 13:04:30 50EBD31C3527366FAFA468BD609F7352 2622464 ----a-w- C:\Windows\Sysnative\wucltux.dll 2013-03-13 13:04:24 E746ED90132C6B6313CE9179F56BD31D 38424 ----a-w- C:\Windows\Sysnative\wups.dll 2013-03-13 13:04:24 C47F35CC6FA4F1BDBEF8F87AC1A46537 701976 ----a-w- C:\Windows\Sysnative\wuapi.dll 2013-03-13 13:04:24 4AA6AA52A16EED6481E83D73EED4C8D5 99840 ----a-w- C:\Windows\Sysnative\wudriver.dll 2013-03-13 13:04:20 FF0729002E081668620A681182D63FE6 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe 2013-03-13 13:04:20 3E38C20AC83B01C45723B63B0F7A8FDC 186752 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2013-03-13 13:04:01 FDAB92C4F7925A5313E14DEAFEA81047 83968 ----a-w- C:\Windows\Sysnative\nQAPO.dll 2013-03-13 13:04:01 CC2BF775F2461FD28389D178634ED5F5 2915440 ----a-w- C:\Windows\Sysnative\VIAPropPageExt.dll 2013-03-13 13:04:01 C0967A8A727548D6878E73CC9C3AFD36 91760 ----a-w- C:\Windows\Sysnative\Dts2PropPageExt.dll 2013-03-13 13:04:01 8BF4D5805E4E10A846AE8BE53308F23B 116848 ----a-w- C:\Windows\Sysnative\ViaKaraokePropPageExt.dll 2013-03-13 13:04:01 6797575F6C78012CB6B18086F2FBDA84 85504 ----a-w- C:\Windows\Sysnative\nQPropPageExt.dll 2013-03-13 13:04:01 621586229713EE97F24766D02F0DD1C3 1161328 ----a-w- C:\Windows\Sysnative\ViaKaraokeApo.dll 2013-03-13 13:04:01 43412F74D9516EF87988F2397A9B8E78 27760 ----a-w- C:\Windows\Sysnative\ViakaraokeSrv.exe 2013-03-13 13:04:01 2059978D4DEA1BED0956AB419967548A 90224 ----a-w- C:\Windows\Sysnative\ViaMicArrayPropPageExt.dll 2013-03-13 13:04:01 0A4469257ECA49B2AD3A72F20633A559 675952 ----a-w- C:\Windows\Sysnative\VIASysFx.dll 2013-03-13 13:04:01 05721687243C9FCC271C90BE147F32C1 202864 ----a-w- C:\Windows\Sysnative\ViaMicArrayAPO.dll 2013-03-13 13:03:14 D500488D4D61B8015057E0AD42A2239F 74344 ----a-w- C:\Windows\Sysnative\RtNicProp64.dll 2013-03-13 13:03:14 49A88E6CD77939F5F7D443628A18A317 107552 ----a-w- C:\Windows\Sysnative\RTNUninst64.dll ====== C:\Windows\Sysnative\drivers ===== 2013-03-24 08:28:14 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2013-03-15 09:14:57 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdFs_01_09_00.Wdf 2013-03-13 16:17:46 504901430B6E03B99EBB6BF26E0868C6 58536 ----a-w- C:\Windows\Sysnative\drivers\usbfilter.sys 2013-03-13 15:04:07 CCA2AB1752A61F29C3C941CD79D78CEA 7936 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys 2013-03-13 15:04:07 C025055FE7B87701EB042095DF1A2D7B 52736 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2013-03-13 15:04:07 AE259C75F9A0B057B6BF9E9695632B09 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys 2013-03-13 15:04:07 9840FC418B4CBD632D3D0A667A725C31 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2013-03-13 15:04:07 6F1A3157A1C89435352CEB543CDB359C 98816 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys 2013-03-13 15:04:07 62069A34518BCF9C1FD9E74B3F6DB7CD 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2013-03-13 15:04:07 287C6C9410B111B68B52CA298F7B8C24 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2013-03-13 15:03:41 540DAF1CEA6094886D72126FD7C33048 27008 ----a-w- C:\Windows\Sysnative\drivers\amdxata.sys 2013-03-13 15:03:40 FED648B01349A3C8395A5169DB5FB7D6 91648 ----a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS 2013-03-13 15:03:40 DAB0E87525C10052BF65F06152F37E4A 166272 ----a-w- C:\Windows\Sysnative\drivers\nvstor.sys 2013-03-13 15:03:40 D4121AE6D0C0E7E13AA221AA57EF2D49 107904 ----a-w- C:\Windows\Sysnative\drivers\amdsata.sys 2013-03-13 15:03:40 AAAF44DB3BD0B9D1FB6969B23ECC8366 410496 ----a-w- C:\Windows\Sysnative\drivers\iaStorV.sys 2013-03-13 15:03:40 19CB37AC38B802BE9C441D094521A29A 189824 ----a-w- C:\Windows\Sysnative\drivers\storport.sys 2013-03-13 15:03:40 0A92CB65770442ED0DC44834632F66AD 148352 ----a-w- C:\Windows\Sysnative\drivers\nvraid.sys 2013-03-13 14:17:36 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2013-03-13 14:17:35 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\Sysnative\drivers\WdfLdr.sys 2013-03-13 14:17:35 442783E2CB0DA19873B7A63833FF4CB4 785512 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys 2013-03-13 14:04:08 AD64450A4ABE076F5CB34CC08EEACB07 30208 ----a-w- C:\Windows\Sysnative\drivers\TsUsbGD.sys 2013-03-13 14:04:08 313F68E1A3E6345A4F47A36B07062F34 19456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys 2013-03-13 14:04:08 17C6B51CBCCDED95B3CC14E22791F85E 57856 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys 2013-03-13 13:53:11 DDA4CAF29D8C0A297F886BFE561E6659 198656 ----a-w- C:\Windows\Sysnative\drivers\WUDFRd.sys 2013-03-13 13:53:11 AB886378EEB55C6C75B4F2D14B6C869F 87040 ----a-w- C:\Windows\Sysnative\drivers\WUDFPf.sys 2013-03-13 13:53:10 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2013-03-13 13:50:26 6BD9295CC032DD3077C671FCCF579A7B 23408 ----a-w- C:\Windows\Sysnative\drivers\fs_rec.sys 2013-03-13 13:47:24 1B16D0BD9841794A6E0CDE0CEF744ABC 45568 ----a-w- C:\Windows\Sysnative\drivers\tcpipreg.sys 2013-03-13 13:46:56 B62A953F2BF3922C8764A29C34A22899 1913192 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys 2013-03-13 13:46:56 7942B7AC3FF598F8A1736D51ADAF04E8 376688 ----a-w- C:\Windows\Sysnative\drivers\netio.sys 2013-03-13 13:46:56 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS 2013-03-13 13:46:28 97A7070AEA4C058B6418519E869A63B4 95600 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2013-03-13 13:46:22 AAFCB52FE0037207FB6FBEA070D25EFE 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2013-03-13 13:46:22 7EFB9333E4ECCE6AE4AE9D777D9E553E 154480 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2013-03-13 13:46:01 6C02A83164F5CC0A262F4199F0871CF5 90624 ----a-w- C:\Windows\Sysnative\drivers\bowser.sys 2013-03-13 13:46:00 E453ACF4E7D44E5530B5D5F2B9CA8563 1659760 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2013-03-13 13:45:55 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys 2013-03-13 13:45:52 B4ADEBBF5E3677CCE9651E0F01F7CC28 410112 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys 2013-03-13 13:45:52 441FBA48BFF01FDB9D5969EBC1838F0B 467456 ----a-w- C:\Windows\Sysnative\drivers\srv.sys 2013-03-13 13:45:52 27E461F0BE5BFF5FC737328F749538C3 168448 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys 2013-03-13 13:45:48 760E38053BF56E501D562B70AD796B88 950128 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys 2013-03-13 13:45:48 0E01641D96889BDEB22DE12D30575B08 41472 ----a-w- C:\Windows\Sysnative\drivers\RNDISMP.sys 2013-03-13 13:45:45 E9766131EEADE40A27DC27D2D68FBA9C 75120 ----a-w- C:\Windows\Sysnative\drivers\partmgr.sys 2013-03-13 13:45:44 E61608AA35E98999AF9AAEEEA6114B0A 210944 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2013-03-13 13:45:40 9BBD8B5855BC6578957F82341F9CDE5A 27520 ----a-w- C:\Windows\Sysnative\drivers\Diskdump.sys 2013-03-13 13:45:37 1C7857B62DE5994A75B054A9FD4C3825 498688 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2013-03-13 13:45:35 D711B3C1D5F42C0C2415687BE09FC163 288768 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2013-03-13 13:45:35 A5D9106A73DC88564C825D317CAC68AC 158208 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2013-03-13 13:45:35 9423E9D355C8D303E76B8CFBD8A5C30C 128000 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2013-03-13 13:09:49 B217378ED9A964E15346A67FEF609A17 33400 ----a-w- C:\Windows\Sysnative\drivers\aswFsBlk.sys 2013-03-13 13:09:48 97D4D725BD32C965119E6C8E252F8C64 377920 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys 2013-03-13 13:09:47 8F90459AFB7FD4557D935CE639EF6110 70992 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys 2013-03-13 13:09:46 D62C10D1829C65115111C160EA956260 68920 ----a-w- C:\Windows\Sysnative\drivers\aswTdi.sys 2013-03-13 13:09:46 AB8B4D3136D18A20777036E0F0CFC5E1 1025808 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys 2013-03-13 13:09:46 7E44C2684A6CA779B9D07CB4BD3F649D 178624 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys 2013-03-13 13:09:45 DE6759B8D8E62BF0FFF2B05F05AFCEE6 65336 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys 2013-03-13 13:09:41 E92635BB235B03ED03B17CBB59F77FA4 80816 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys 2013-03-13 13:07:37 51C5ECEB1CDEE2468A1748BE550CFBC8 23552 ----a-w- C:\Windows\Sysnative\drivers\tdtcp.sys 2013-03-13 13:04:01 EECF5B7210D773F3501CEDA848D53D31 2182768 ----a-w- C:\Windows\Sysnative\drivers\viahduaa.sys 2013-03-13 13:03:15 8181B5E7BFC040E0B26349C73E719335 677480 ----a-w- C:\Windows\Sysnative\drivers\Rt64win7.sys 2013-03-13 13:02:03 C07A040D6B5A42DD41EE386CF90974C8 16440 ----a-w- C:\Windows\Sysnative\drivers\AtiPcie.sys ====== C:\Windows\Tasks ====== 2013-03-13 16:18:03 E40F458515F62603AD94A79702CAE054 1072 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-03-13 16:18:02 D4A60C3DFDECE705486B86D8FC6FB93A 1068 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-03-13 13:16:40 49C51011355D7B46C1A52D6891CA4B43 940 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-03-13 16:33:16 -------- d-----w- C:\Program Files\Microsoft Silverlight 2013-03-13 16:14:42 -------- d-----w- C:\Program Files\Windows Live 2013-03-13 16:07:47 -------- d-----w- C:\Program Files\WinRAR 2013-03-13 13:15:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2013-03-13 13:01:15 -------- d-----w- C:\Program Files\ATI ======= C:\Program Files (x86) ===== 2013-03-25 06:17:11 -------- d-----w- C:\Program Files (x86)\MAGIX 2013-03-25 06:17:11 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services 2013-03-25 06:17:06 -------- d-----w- C:\Program Files (x86)\simplitec 2013-03-25 06:16:07 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2013-03-20 14:43:30 -------- d-----w- C:\Program Files (x86)\Common Files\DESIGNER 2013-03-20 14:43:00 -------- d-----w- C:\Program Files (x86)\Microsoft Office 2013-03-15 15:54:24 -------- d-----w- C:\Program Files (x86)\StickyPad 2013-03-15 09:10:43 -------- d-----w- C:\Program Files (x86)\Stammbaumdrucker 7 Premium 2013-03-14 19:17:06 -------- d-----w- C:\Program Files (x86)\pdf24 2013-03-13 16:33:16 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight 2013-03-13 16:20:17 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-03-13 16:20:15 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-03-13 16:17:59 -------- d-----w- C:\Program Files (x86)\Google 2013-03-13 16:15:42 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-03-13 16:14:11 -------- d-----w- C:\Program Files (x86)\Windows Live 2013-03-13 16:10:49 -------- d-----w- C:\Program Files (x86)\Common Files\Skype 2013-03-13 16:10:49 -------- d-----r- C:\Program Files (x86)\Skype 2013-03-13 16:06:48 -------- d-----w- C:\Program Files (x86)\LibreOffice 4.0 2013-03-13 16:02:10 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2013-03-13 14:54:01 -------- d-----w- C:\Program Files (x86)\Microsoft.NET 2013-03-13 13:13:22 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe 2013-03-13 13:13:22 -------- d-----w- C:\Program Files (x86)\Adobe 2013-03-13 13:13:03 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2013-03-13 13:07:46 -------- d-----w- C:\Program Files (x86)\Ashampoo 2013-03-13 13:03:10 -------- d-----w- C:\Program Files (x86)\Realtek 2013-03-13 13:03:09 -------- d--h--w- C:\Program Files (x86)\InstallShield Installation Information 2013-03-13 13:02:35 -------- d-----w- C:\Program Files (x86)\VIA 2013-03-13 13:02:22 -------- d-----w- C:\Program Files (x86)\Common Files\InstallShield ======= C: ===== 2013-03-13 12:32:26 83C7DD79C3796EECE28D991C6228A519 8192 --sha-r- C:\BOOTSECT.BAK 2013-03-13 12:32:24 259525CFB422E6AC8E87BC9777B1DF73 383786 --sha-r- C:\bootmgr ====== C:\Users\Michael Kempen\AppData\Roaming ====== 2013-03-25 06:39:24 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\simplitec 2013-03-25 06:19:57 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Downloaded Installations 2013-03-25 06:19:51 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\MAGIX 2013-03-18 09:06:31 -------- d-----w- C:\users\Michael Kempen\AppData\Locallow\Sun 2013-03-15 15:55:37 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Green Eclipse 2013-03-15 10:11:43 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Microsoft Games 2013-03-15 09:22:44 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\WinRAR 2013-03-15 09:10:43 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\Stammbaumdrucker 7 Premium 2013-03-15 09:10:30 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Programs 2013-03-14 19:20:24 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\TuneUp Software 2013-03-14 16:17:38 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Diagnostics 2013-03-13 16:24:02 -------- d-----w- C:\users\Michael Kempen\AppData\Local\AMD 2013-03-13 16:23:38 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\ATI 2013-03-13 16:23:38 -------- d-----w- C:\users\Michael Kempen\AppData\Local\ATI 2013-03-13 16:17:57 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Google 2013-03-13 16:17:43 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Apps 2013-03-13 16:17:42 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Deployment 2013-03-13 16:12:41 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\LibreOffice 2013-03-13 16:10:57 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\Skype 2013-03-13 16:08:46 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Windows Live 2013-03-13 13:21:41 -------- d-----w- C:\users\Michael Kempen\AppData\Locallow\Adobe 2013-03-13 13:21:41 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Adobe 2013-03-13 13:21:15 21037F71CDD2F282E7F75DF3775D85F4 208328 ----a-w- C:\users\Michael Kempen\AppData\Local\GDIPFONTCACHEV1.DAT 2013-03-13 13:20:06 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\Adobe 2013-03-13 13:15:59 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\SUPERAntiSpyware.com 2013-03-13 13:08:19 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\Ashampoo 2013-03-13 13:08:11 -------- d-----w- C:\users\Michael Kempen\AppData\Local\ashampoo 2013-03-13 12:58:38 -------- d-----w- C:\users\Michael Kempen\AppData\Locallow\Microsoft 2013-03-13 12:43:06 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\Identities 2013-03-13 12:43:04 -------- d-----w- C:\users\Michael Kempen\AppData\Local\VirtualStore 2013-03-13 12:42:57 -------- d-sh--we C:\users\Michael Kempen\AppData\Local\Temporary Internet Files 2013-03-13 12:42:57 -------- d-sh--we C:\users\Michael Kempen\AppData\Local\Geschiedenis 2013-03-13 12:42:57 -------- d-sh--we C:\users\Michael Kempen\AppData\Local\Application Data 2013-03-13 12:42:57 -------- d-s---w- C:\users\Michael Kempen\AppData\Roaming\Microsoft 2013-03-13 12:42:57 -------- d-----w- C:\users\Michael Kempen\AppData\Roaming\Media Center Programs 2013-03-13 12:42:57 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Temp 2013-03-13 12:42:57 -------- d-----w- C:\users\Michael Kempen\AppData\Local\Microsoft 2013-03-13 12:42:52 -------- d-sh--we C:\users\Default\AppData\Local\Geschiedenis 2013-03-13 12:42:52 -------- d-sh--we C:\users\Default User\AppData\Local\Geschiedenis ====== C:\Users\Michael Kempen ====== 2013-03-25 06:17:11 -------- d-----w- C:\ProgramData\MAGIX 2013-03-25 06:17:07 -------- d-----w- C:\ProgramData\simplitec 2013-03-18 09:09:56 -------- d-----w- C:\ProgramData\Sun 2013-03-15 07:39:11 -------- d--h--w- C:\ProgramData\CanonBJ 2013-03-14 19:20:56 -------- d-----w- C:\ProgramData\BrowserProtect 2013-03-14 19:20:19 -------- d-----w- C:\ProgramData\TuneUp Software 2013-03-14 19:20:17 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-03-14 19:20:17 -------- d--h--w- C:\ProgramData\Common Files 2013-03-13 16:23:38 -------- d-----w- C:\ProgramData\ATI 2013-03-13 16:19:24 -------- d-----w- C:\ProgramData\AMD 2013-03-13 16:10:42 -------- d-----w- C:\ProgramData\Skype 2013-03-13 13:15:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2013-03-13 13:13:07 -------- d-----w- C:\ProgramData\Licenses 2013-03-13 13:13:06 -------- d---a-w- C:\ProgramData\TEMP 2013-03-13 13:12:40 -------- d-----w- C:\ProgramData\Adobe 2013-03-13 13:08:11 -------- d-----w- C:\ProgramData\ashampoo 2013-03-13 12:43:15 -------- d-----r- C:\Users\Michael Kempen\Searches 2013-03-13 12:43:05 -------- d-----r- C:\Users\Michael Kempen\Contacts 2013-03-13 12:42:57 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Michael Kempen\ntuser.ini 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\Sjablonen 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\SendTo 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\Recent 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\Netwerkprinteromgeving 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\NetHood 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\Mijn documenten 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\Menu Start 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\Local Settings 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\Cookies 2013-03-13 12:42:57 -------- d-sh--we C:\Users\Michael Kempen\Application Data 2013-03-13 12:42:57 -------- d--h--w- C:\Users\Michael Kempen\AppData 2013-03-13 12:42:57 -------- d-----r- C:\Users\Michael Kempen\Videos 2013-03-13 12:42:57 -------- d-----r- C:\Users\Michael Kempen\Saved Games 2013-03-13 12:42:57 -------- d-----r- C:\Users\Michael Kempen\Pictures 2013-03-13 12:42:57 -------- d-----r- C:\Users\Michael Kempen\Music 2013-03-13 12:42:57 -------- d-----r- C:\Users\Michael Kempen\Links 2013-03-13 12:42:57 -------- d-----r- C:\Users\Michael Kempen\Favorites 2013-03-13 12:42:57 -------- d-----r- C:\Users\Michael Kempen\Downloads 2013-03-13 12:42:57 -------- d-----r- C:\Users\Michael Kempen\Documents 2013-03-13 12:42:57 -------- d-----r- C:\Users\Michael Kempen\Desktop 2013-03-13 12:42:52 -------- d-sh--we C:\Users\Default\Sjablonen 2013-03-13 12:42:52 -------- d-sh--we C:\Users\Default\Netwerkprinteromgeving 2013-03-13 12:42:52 -------- d-sh--we C:\Users\Default\Mijn documenten 2013-03-13 12:42:52 -------- d-sh--we C:\Users\Default\Menu Start 2013-03-13 12:42:52 -------- d-sh--we C:\ProgramData\Sjablonen 2013-03-13 12:42:52 -------- d-sh--we C:\ProgramData\Menu Start 2013-03-13 12:42:52 -------- d-sh--we C:\ProgramData\Favorieten 2013-03-13 12:42:52 -------- d-sh--we C:\ProgramData\Documenten 2013-03-13 12:42:52 -------- d-sh--we C:\ProgramData\Bureaublad ====== C: exe-files == 2013-03-25 07:49:07 5F7E6B0AA0678BF455AB6A5D0578583C 529600 ----a-w- C:\Users\Michael Kempen\Downloads\syscheck.exe 2013-03-24 08:27:24 0FB6D382FA5FBF72D05FC2A4503B7DF2 10156344 ----a-w- C:\Users\Michael Kempen\Downloads\mbam-setup-1.70.0.1100.exe === C: other files == 2013-03-24 08:28:14 92EB844D90615CB266F84C3202B8786E 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1758146858-1784735532-1013142320-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Sticky Pad"="C:\Program Files (x86)\StickyPad\StickyPad.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r" "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" "PDFPrint"="C:\Program Files (x86)\pdf24\pdf24.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "Sticky Pad"="C:\Program Files (x86)\StickyPad\StickyPad.exe" ==== Startup Folders ====================== 2013-03-25 06:17:07 2051 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undertermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undertermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undertermined Task] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\Michael Kempen\AppData\Roaming\BabSolution\CR\Delta.crx[] icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07-03-2013 00:29] Google Docs - Michael Kempen - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Michael Kempen - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Michael Kempen - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Michael Kempen - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf avast WebRep - Michael Kempen - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda Gmail - Michael Kempen - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{C1374C69-C05C-43BA-9D2A-C99E5BDD545F}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {C1374C69-C05C-43BA-9D2A-C99E5BDD545F} Google Url="http://www.google.nl/search?hl=nl&q={searchTerms}" ==== Reset Google Chrome ====================== C:\users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Michael Kempen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Michael Kempen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\Michael Kempen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\MICHAE~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not found "C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not found "C:\ProgramData\BrowserProtect" not found
  24. kemicky
    Malwarebytes Anti-Malware (-evaluatieversie-) 1.70.0.1100 Malwarebytes : Free anti-malware download Databaseversie: v2013.03.24.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 Michael Kempen :: MICHAELKEMPEN [administrator] Bescherming: Ingeschakeld 24-3-2013 9:29:17 mbam-log-2013-03-24 (09-29-17).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 206175 Verstreken tijd: 1 minuut/minuten, 45 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) xxxxxxxxxxxxxxxxxxxxxxxxx Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:39:47, on 24-3-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16521) Boot mode: Normal Running processes: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Program Files (x86)\StickyPad\StickyPad.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\pdf24\pdf24.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Michael Kempen\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [sticky Pad] C:\Program Files (x86)\StickyPad\StickyPad.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9374 bytes
  25. kemicky
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:10:57, on 23-3-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16521) Boot mode: Normal Running processes: C:\Program Files (x86)\StickyPad\StickyPad.exe C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\pdf24\pdf24.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Michael Kempen\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [sticky Pad] C:\Program Files (x86)\StickyPad\StickyPad.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9393 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.