Trage laptop & hoog processorgebruik.

[kemicky]

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes : Free anti-malware download

Databaseversie: v2013.06.21.01

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16618

ArMi :: ARMI-PC [administrator]

22-6-2013 15:26:24

mbam-log-2013-06-22 (15-26-24).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 232192

Verstreken tijd: 5 minuut/minuten, 59 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

- - - Updated - - -

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Databaseversie: v2013.06.21.01

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16618

ArMi :: ARMI-PC [administrator]

22-6-2013 15:26:24

mbam-log-2013-06-22 (15-26-24).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 232192

Verstreken tijd: 5 minuut/minuten, 59 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

- - - Updated - - -

# AdwCleaner v2.303 - Verslag gemaakt op 22/06/2013 om 17:03:58

# Geactualiseerd op 08/06/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)

# Gebruiker : ArMi - ARMI-PC

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\ArMi\Downloads\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

***** [Register] *****

Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll

Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll

Data Verwijderd : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261123~1.78\{16cdf~1\browse~1.dll

Sleutel Verwijderd : HKCU\Software\APN DTX

Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\DefaultTab

Sleutel Verwijderd : HKCU\Software\DataMngr

Sleutel Verwijderd : HKCU\Software\DataMngr_Toolbar

Sleutel Verwijderd : HKCU\Software\Default Tab

Sleutel Verwijderd : HKCU\Software\DefaultTab

Sleutel Verwijderd : HKCU\Software\ilivid

Sleutel Verwijderd : HKCU\Software\IM

Sleutel Verwijderd : HKCU\Software\ImInstaller

Sleutel Verwijderd : HKCU\Software\MediaFinder

Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Verwijderd : HKCU\Software\Softonic

Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\MF

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Sleutel Verwijderd : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Sleutel Verwijderd : HKLM\Software\DataMngr

Sleutel Verwijderd : HKLM\Software\Default Tab

Sleutel Verwijderd : HKLM\Software\DefaultTab

Sleutel Verwijderd : HKLM\Software\iLividSRTB

Sleutel Verwijderd : HKLM\Software\ImInstaller

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings-InternalInstaller_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775

Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907

Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024

Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011

Sleutel Verwijderd : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Sleutel Verwijderd : HKLM\Software\Tarma Installer

Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Verwijderd [l.45] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid[...]

*************************

AdwCleaner[R1].txt - [26572 octets] - [08/02/2013 12:18:18]

AdwCleaner[R2].txt - [26633 octets] - [08/02/2013 12:19:12]

AdwCleaner[s1].txt - [25964 octets] - [08/02/2013 12:21:15]

AdwCleaner[s2].txt - [8649 octets] - [22/06/2013 17:03:58]

########## EOF - C:\AdwCleaner[s2].txt - [8709 octets] ##########

[Mako]

Prima, plaats je ook nog even de logjes van OTL aub?

[kemicky]

OTL logfile created on: 6/22/2013 5:08:26 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArMi\Downloads

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3.18 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 56.22% Memory free

6.35 Gb Paging File | 4.27 Gb Available in Paging File | 67.20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 294.58 Gb Total Space | 237.78 Gb Free Space | 80.72% Space Free | Partition Type: NTFS

Drive D: | 270.48 Gb Total Space | 237.82 Gb Free Space | 87.93% Space Free | Partition Type: NTFS

Drive F: | 30.00 Gb Total Space | 9.58 Gb Free Space | 31.93% Space Free | Partition Type: NTFS

Computer Name: ARMI-PC | User Name: ArMi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/22 17:08:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArMi\Downloads\OTL (1).exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/16 22:50:07 | 006,527,128 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup

PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe

PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/10/31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012/06/08 04:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

PRC - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/03/02 00:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe

PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe

PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe

PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe

PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe

PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/11/02 04:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe

PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/22 08:59:09 | 000,115,137 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

MOD - [2013/06/15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

MOD - [2013/06/15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll

MOD - [2013/06/15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll

MOD - [2013/06/15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll

MOD - [2013/06/15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll

MOD - [2013/05/15 08:47:54 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll

MOD - [2013/05/15 08:47:40 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll

MOD - [2013/05/15 08:47:36 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll

MOD - [2013/05/15 08:47:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll

MOD - [2013/05/15 08:47:27 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll

MOD - [2013/01/12 08:22:48 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll

MOD - [2013/01/12 08:22:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll

MOD - [2013/01/12 08:21:38 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll

MOD - [2013/01/12 00:56:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll

MOD - [2013/01/12 00:56:29 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll

MOD - [2013/01/12 00:56:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll

MOD - [2013/01/12 00:56:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll

MOD - [2013/01/12 00:56:13 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll

MOD - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

MOD - [2011/03/10 19:03:24 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/03/02 00:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2011/03/02 00:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2011/03/02 00:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2011/03/02 00:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2011/03/02 00:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2011/01/13 03:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll

MOD - [2011/01/13 03:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll

MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll

MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll

MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll

MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll

MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll

MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll

MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll

MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll

MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll

MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll

MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011/01/25 23:23:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/10/31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/10/31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/10/15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)

DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)

DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2011/03/04 03:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2011/03/04 03:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2011/03/04 03:27:20 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)

DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/12/02 12:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)

DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS -- (SAS***IL)

DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2010/04/01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)

DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

DRV - [2006/12/05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [2004/05/04 06:49:00 | 000,091,241 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1131Vid.sys -- (P1131VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediMail.com

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{88EAB4FF-0C04-4773-B0BB-661AA49BB50D}: "URL" = http://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}

IE - HKCU\..\SearchScopes\{CB62A195-5D27-4833-8F3F-0730AEEB9589}: "URL" = http://go.web.de/br/ie8_search_ebay/?q={searchTerms}

IE - HKCU\..\SearchScopes\{E8A0F93B-C792-415F-BF1F-90EF126373C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ArMi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/02/16 22:51:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/02/16 09:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Extensions

[2012/12/08 22:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions

[2012/12/08 23:50:53 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

[2013/06/22 08:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\Profiles\aw36llwo.default\extensions

[2012/11/14 20:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3434555513224486&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - homepage: nu.nl | Het laatste nieuws het eerst op nu.nl

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: WeatherBug = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.5_0\

CHR - Extension: Skype Click to Call = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE File not found

O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)

O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found

O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found

O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD7403F-E36C-4313-85BD-AEE823F8A4D3}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/22 15:26:13 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/06/22 08:59:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp

[2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\ArMi\AppData\Local\Temp

[2013/06/21 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/06/21 13:02:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/06/21 13:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/06/12 22:44:26 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/06/12 22:44:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/06/12 22:41:16 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/06/12 22:41:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/06/12 22:41:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/06/12 22:41:13 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/06/12 22:41:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/06/12 22:41:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/06/12 22:41:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/06/12 22:41:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/06/12 16:51:51 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2013/06/12 16:51:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll

[2013/06/12 16:51:31 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe

[2013/06/12 16:51:30 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll

[2013/06/12 16:51:25 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013/06/12 16:51:25 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013/05/25 13:59:31 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/05/25 13:59:31 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/05/25 13:59:31 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/05/25 13:59:31 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/05/25 13:59:31 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/05/25 13:59:31 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/05/25 13:59:31 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/05/25 13:59:31 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/05/25 13:59:31 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/05/25 13:59:31 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/05/25 13:59:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/05/25 13:59:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/05/25 13:59:31 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/05/25 13:59:31 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/05/25 13:59:31 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/05/25 13:59:31 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/05/25 13:59:31 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/05/25 13:59:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/05/25 13:59:31 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/05/25 13:59:31 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/05/25 13:59:31 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/05/25 13:59:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/05/25 13:59:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/05/25 13:59:31 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/05/25 13:59:31 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/05/25 13:59:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2013/06/22 17:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/22 17:05:02 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/22 16:32:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job

[2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/06/22 14:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job

[2013/06/22 11:37:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job

[2013/06/22 11:05:45 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/22 11:05:45 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/22 08:29:59 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip

[2013/06/22 08:29:09 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe

[2013/06/21 18:49:49 | 000,036,226 | ---- | M] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg

[2013/06/21 18:48:51 | 000,084,358 | ---- | M] () -- C:\Users\ArMi\Desktop\RunScript.jpg

[2013/06/21 18:32:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job

[2013/06/21 13:02:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/21 12:36:35 | 000,484,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/06/21 09:29:21 | 000,000,017 | ---- | M] () -- C:\Windows\STARTYPE.INI

[2013/06/21 09:27:59 | 000,052,528 | ---- | M] () -- C:\Windows\System\TT0865M_.TTF

[2013/06/21 09:27:59 | 000,052,304 | ---- | M] () -- C:\Windows\System\TT0863M_.TTF

[2013/06/21 09:27:59 | 000,051,648 | ---- | M] () -- C:\Windows\System\TT0866M_.TTF

[2013/06/21 09:27:59 | 000,051,488 | ---- | M] () -- C:\Windows\System\TT0864M_.TTF

[2013/06/21 09:27:59 | 000,038,244 | ---- | M] () -- C:\Windows\System\TT0543M_.TTF

[2013/06/21 09:27:59 | 000,036,108 | ---- | M] () -- C:\Windows\System\TT0532M_.TTF

[2013/06/21 09:27:59 | 000,035,936 | ---- | M] () -- C:\Windows\System\TT0414M_.TTF

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0866m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0865m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0864m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0863m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0543m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0532m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0414m_.FOT

[2013/06/21 09:27:57 | 000,038,392 | ---- | M] () -- C:\Windows\System\TT0533M_.TTF

[2013/06/21 09:27:57 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0533m_.FOT

[2013/06/21 09:27:19 | 000,701,798 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2013/06/21 09:27:19 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/06/21 09:27:19 | 000,133,798 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2013/06/21 09:27:19 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/06/21 09:24:49 | 000,061,428 | ---- | M] () -- C:\Windows\System\TT0725M_.TTF

[2013/06/21 09:24:49 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0725m_.FOT

[2013/06/20 21:13:20 | 001,271,997 | ---- | M] () -- C:\Users\ArMi\Desktop\zoek.exe

[2013/06/20 19:26:18 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk

[2013/06/20 19:22:46 | 000,002,959 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk

[2013/06/20 19:20:33 | 001,402,880 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.msi

[2013/06/15 14:39:50 | 000,187,272 | ---- | M] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg

[2013/06/08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/06/08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/06/08 12:04:07 | 000,157,898 | ---- | M] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg

[2013/05/25 13:59:31 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/05/25 13:59:31 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013/05/25 13:59:31 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2013/05/25 13:59:31 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2013/05/25 13:59:31 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013/05/25 13:59:31 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/05/25 13:59:31 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2013/05/25 13:59:31 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/05/25 13:59:31 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/05/25 13:59:31 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2013/05/25 13:59:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2013/05/25 13:59:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2013/05/25 13:59:31 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2013/05/25 13:59:31 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2013/05/25 13:59:31 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2013/05/25 13:59:31 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/05/25 13:59:31 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/05/25 13:59:31 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2013/05/25 13:59:31 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2013/05/25 13:59:31 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2013/05/25 13:59:31 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2013/05/25 13:59:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2013/05/25 13:59:31 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/05/25 13:59:31 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2013/05/25 13:59:31 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2013/05/25 13:59:31 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/05/25 13:59:31 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files Created - No Company Name ==========

[2013/06/22 08:35:53 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe

[2013/06/22 08:29:59 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip

[2013/06/21 18:49:49 | 000,036,226 | ---- | C] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg

[2013/06/21 18:48:51 | 000,084,358 | ---- | C] () -- C:\Users\ArMi\Desktop\RunScript.jpg

[2013/06/21 13:02:22 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/21 13:01:23 | 001,271,997 | ---- | C] () -- C:\Users\ArMi\Desktop\zoek.exe

[2013/06/21 09:29:21 | 000,000,017 | ---- | C] () -- C:\Windows\STARTYPE.INI

[2013/06/21 09:27:59 | 000,052,528 | ---- | C] () -- C:\Windows\System\TT0865M_.TTF

[2013/06/21 09:27:59 | 000,052,304 | ---- | C] () -- C:\Windows\System\TT0863M_.TTF

[2013/06/21 09:27:59 | 000,051,648 | ---- | C] () -- C:\Windows\System\TT0866M_.TTF

[2013/06/21 09:27:59 | 000,051,488 | ---- | C] () -- C:\Windows\System\TT0864M_.TTF

[2013/06/21 09:27:59 | 000,038,244 | ---- | C] () -- C:\Windows\System\TT0543M_.TTF

[2013/06/21 09:27:59 | 000,036,108 | ---- | C] () -- C:\Windows\System\TT0532M_.TTF

[2013/06/21 09:27:59 | 000,035,936 | ---- | C] () -- C:\Windows\System\TT0414M_.TTF

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0866m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0865m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0864m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0863m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0543m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0532m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0414m_.FOT

[2013/06/21 09:27:57 | 000,038,392 | ---- | C] () -- C:\Windows\System\TT0533M_.TTF

[2013/06/21 09:27:57 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0533m_.FOT

[2013/06/21 09:24:49 | 000,061,428 | ---- | C] () -- C:\Windows\System\TT0725M_.TTF

[2013/06/21 09:24:49 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0725m_.FOT

[2013/06/20 19:26:18 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk

[2013/06/20 19:22:46 | 000,002,959 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk

[2013/06/20 19:22:17 | 001,402,880 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.msi

[2013/06/15 14:39:49 | 000,187,272 | ---- | C] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg

[2013/06/08 12:04:06 | 000,157,898 | ---- | C] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg

[2013/05/25 13:59:31 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/02/16 09:57:25 | 000,000,262 | RHS- | C] () -- C:\Users\ArMi\ntuser.pol

[2013/02/04 19:59:59 | 000,007,605 | ---- | C] () -- C:\Users\ArMi\AppData\Local\Resmon.ResmonCfg

[2013/01/27 10:04:03 | 000,000,618 | ---- | C] () -- C:\Windows\MyHeritage.INI

[2012/05/29 09:12:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2012/03/03 17:56:24 | 000,004,096 | -H-- | C] () -- C:\Users\ArMi\AppData\Local\keyfile3.drm

[2011/01/27 17:22:53 | 000,062,976 | ---- | C] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

< End of report >

[kemicky]

OTL Extras logfile created on: 6/22/2013 5:08:26 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArMi\Downloads

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3.18 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 56.22% Memory free

6.35 Gb Paging File | 4.27 Gb Available in Paging File | 67.20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 294.58 Gb Total Space | 237.78 Gb Free Space | 80.72% Space Free | Partition Type: NTFS

Drive D: | 270.48 Gb Total Space | 237.82 Gb Free Space | 87.93% Space Free | Partition Type: NTFS

Drive F: | 30.00 Gb Total Space | 9.58 Gb Free Space | 31.93% Space Free | Partition Type: NTFS

Computer Name: ARMI-PC | User Name: ArMi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{135564C1-9F4D-4540-8195-CD945D19E6A8}" = lport=10243 | protocol=6 | dir=in | app=system |

"{13E1EB36-B1A0-4B0F-BD63-E50EB86A0D93}" = rport=138 | protocol=17 | dir=out | app=system |

"{14E34BC6-C554-4C9B-A645-20F3B10F981B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{1E5064E2-9D95-4C2B-946B-8723D17FE83E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{223D1B08-E11E-4B95-A2A7-1C44D759BC06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2638D199-E3AE-4374-8862-1B78773B8CEF}" = rport=137 | protocol=17 | dir=out | app=system |

"{27169042-D582-474C-A8B0-A2E8EF890BB8}" = rport=10243 | protocol=6 | dir=out | app=system |

"{336D2662-58F5-4064-9D7F-D2ABFB0D1532}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{35250961-47EB-4453-8FD7-1DBE35C10782}" = rport=139 | protocol=6 | dir=out | app=system |

"{3A23B924-74DF-49F3-A60C-81A5E24DF89F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{3BEFD5D9-1763-47B6-9093-344249D9B483}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3C95A0FB-EA39-4969-A307-1DDF3E0C5CBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3D38275C-53ED-4F94-BA3B-43BC922CEAA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{423746D7-1F31-46E9-BB26-A21AE0302A8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{42E0D9A1-D3F3-446F-9524-068FE292D087}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{42FF50B1-6048-49DC-ACA5-189EA9CC83E5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{7393F40D-5D16-4E2D-A0AE-CB02ECB3E378}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{764826A9-47C1-41C3-8BDA-6EB15FBF27CB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7713967C-E9C4-49FB-96F5-D48303080C1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7FD8233D-FAD3-411F-8DDD-8AED4EF113BC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{83DFE877-D6D0-4E32-839C-F28DD9EF9F90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{86FF87E2-88C2-4F6B-97C1-77CE8B9BF083}" = rport=445 | protocol=6 | dir=out | app=system |

"{89EE83A4-D36B-440C-A54C-2EF2EC4D6337}" = lport=139 | protocol=6 | dir=in | app=system |

"{8B9CC829-7C51-4EA5-8113-8D2A6DB15783}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8C9F70C2-CB83-49FF-8136-56326779E558}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9AC70EE7-CE80-4656-B1AD-E25A38C3065D}" = lport=138 | protocol=17 | dir=in | app=system |

"{B86550EF-5679-4622-B0AB-141C79AA4F1C}" = lport=137 | protocol=17 | dir=in | app=system |

"{C024ACC8-031F-44D6-871B-586D0CAC87FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C5B1E57E-77C5-4A61-B686-A344BD3C8EC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C7C18009-53AA-406D-89AE-9B511BB36F27}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D1B860E2-58EE-4093-A160-2F4F7202E549}" = lport=445 | protocol=6 | dir=in | app=system |

"{E85465D7-333B-4898-A9BF-D62A1699AB0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{EA571973-FA8D-43BD-9076-E754E7814752}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01917116-3C3D-457C-9E33-C85BD0D138A1}" = protocol=17 | dir=in | app=c:\program files\tango\tango.exe |

"{05B1C421-4ADA-4DBD-B826-3003EF4D0B9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{06AAADCF-1CA8-4861-9645-9F99D2C38399}" = protocol=6 | dir=out | app=system |

"{101694CC-978D-4204-AF2E-84C24C6CE28B}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |

"{129D9DAB-E02A-4997-83DA-A48D2505633C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{2484B887-0A28-4157-8858-86F83BAE8448}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{2780225B-AF1B-4DAF-B36A-C2382B314C33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{36981AC8-3C9A-425E-B735-C8A77D3ADC53}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{3A872703-D1A9-497C-BA34-600537A437C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{51D9E062-BC3E-460A-9DA1-EC00C0E61AFB}" = protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |

"{545F946E-5F93-428A-8A37-1E0F76CF4E5D}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |

"{54CA4A67-7FA3-44C2-84D6-03F4831ACE01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5B260734-3553-4050-B205-7955C0DBB8E7}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |

"{5D856524-03FA-44B3-9AC4-2EAA410D421D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5FC3E787-1A06-4AE7-A76B-73A39AEED6C5}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |

"{625C91B8-0342-4013-A059-BC58F5ECF94B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{722F9E7E-D99F-499B-9B68-C5184BD724AE}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"{723B0637-366C-4656-A5FD-0C7A6C8C38EF}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |

"{733114A6-8B28-4460-BF3A-43D479E09B28}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |

"{79ED595D-15E1-4C4A-B23F-D66C60CBB8D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{7D932DB8-C37F-4D91-80B9-18D39A9EDE0A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{81FE92FD-4AAD-4E52-BDE1-5029F9BCA2BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{87A77029-BAF0-4E39-96E2-8345F2DE842B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{967BB4E1-1EEF-40B2-BBD8-BCA977DF6D74}" = protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvidia updatus\daemonu.exe |

"{AE1B2635-C143-442D-BC2E-C572A8E1123F}" = protocol=6 | dir=in | app=c:\program files\tango\tango.exe |

"{B7B490AE-DB50-4440-9AA6-98BB573DF399}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |

"{BAD3B513-541A-4B35-B4D2-9C981DC97F63}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"{C027F0B5-8721-4F83-8765-9E5DF55AF8BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{CAA6C41A-51EC-43B0-8C49-B26F8E08A834}" = dir=in | app=c:\users\armi\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{CD02A8AE-1EA3-4154-A4D9-4140D0E5FFAD}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |

"{D1341151-ED86-4B43-B86A-48D7C37C2C64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{DA5A987C-5B04-4CD3-A77B-E46D84D062FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DCA22027-DCEA-4E6E-BB9C-1948A4AB3678}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |

"{DD75EEEB-432A-436F-9F85-2E421915E1FB}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"{EB0A4723-A06D-4878-8607-8CECF9335364}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{ECEB6AC5-E8C0-4CAB-8A63-B41AC1C60E89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EDBD0972-1810-4CB6-8E07-8814B26D533D}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"{F2D9C634-D880-4D49-8742-7BFD6B3BE445}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{F2E61FC4-A35D-4A3D-BBB1-33101E94B57C}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |

"{FB6AD178-0851-4E93-847F-D54C4D80E9DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{FE28BF49-F1E9-4407-BECF-D050BF49183C}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |

"TCP Query User{205E8EF8-06CF-4459-9E38-13A0625AF335}C:\program files\tango\tango.exe" = protocol=6 | dir=in | app=c:\program files\tango\tango.exe |

"TCP Query User{91F2B978-8D56-4052-A9B3-4F593E33D8EE}C:\users\armi\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\armi\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{B9902C3C-F3AE-467F-B49D-C0779863EB94}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |

"TCP Query User{DA5C75F8-7345-48C2-8026-46B44E4125FC}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe |

"UDP Query User{576C78D5-29D5-4437-B960-0A25FFA9A85C}C:\program files\tango\tango.exe" = protocol=17 | dir=in | app=c:\program files\tango\tango.exe |

"UDP Query User{5AE6E890-90C1-46E5-9B41-B329247FC038}C:\users\armi\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\armi\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{A1CF7663-3C16-4093-9ABA-552FA6822BAB}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

"UDP Query User{D92D37F7-50A8-41CB-8A4C-1305D1FB5A0A}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4

"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F976B1D-7CFD-44F6-B016-1D3B0FFA937A}" = TuneUp Utilities Language Pack (nl-NL)

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN

"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D853998-1055-4E45-B99E-F5039C502831}" = Photo Notifier and Animation Creator

"{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003

"{90120000-0020-0413-0000-0000000FF1CE}" = Compatibiliteitspakket voor het 2007 Microsoft Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR

"{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI - Nederlands

"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw

"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA

"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech-webcamsoftware

"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"{FB9D2112-0419-E366-290B-9D4807DC34D4}" = MyFonts Order M3976557

"{FDFE5E63-116A-4655-9B4D-29F4AFE441B3}" = IncrediMail

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector

"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer

"Aangifte inkomstenbelasting 2010" = Aangifte inkomstenbelasting 2010

"Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011

"Aangifte inkomstenbelasting 2012" = Aangifte inkomstenbelasting 2012

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Ahnenblatt_is1" = Ahnenblatt 2.70

"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio

"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander

"Ashampoo Snap_is1" = Ashampoo Snap

"avast" = avast! Free Antivirus

"Canon CanoScan Toolbox 4.0" = Canon CanoScan Toolbox 4.0

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"Creative PD1131" = Creative WebCam NX Pro Driver (1.03.03.0326)

"Digital Editions" = Adobe Digital Editions

"Druckschriften Nord_is1" = Pelikan Schulschriften

"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows-stuurprogrammapakket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"Family Tree Builder" = MyHeritage Family Tree Builder

"Gebruikersregistratie voor Canon iP2700 series" = Gebruikersregistratie voor Canon iP2700 series

"HaaliMkx" = Haali Media Splitter

"ilividtoolbargaw" = Search-Results Toolbar

"IncrediMail" = IncrediMail 2.0

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso

"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"Logitech Vid" = Logitech Vid HD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA.Updatus" = NVIDIA Updatus

"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator

"Searchqu MediaBar" = Windows Searchqu Toolbar

"Speccy" = Speccy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"X10Hardware" = X10 Hardware

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{B7961CCE-CF36-4858-BC1A-D06D3D25ECE5}_is1" = Albelli Fotoboeken

"Google Chrome" = Google Chrome

"Tango" = Tango

"UnityWebPlayer" = Unity Web Player

"Video Converter" = Video Converter

"Video Converter Packages" = Video Converter Packages

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/1/2012 9:13:39 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1

Description =

Error - 8/1/2012 9:17:09 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1

Description =

Error - 8/1/2012 9:17:16 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1

Description =

Error - 8/2/2012 10:19:21 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1

Description =

Error - 8/2/2012 10:19:26 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1

Description =

Error - 8/2/2012 10:19:34 AM | Computer Name = ArMi-PC | Source = Chrome | ID = 1

Description =

Error - 8/6/2012 10:54:09 AM | Computer Name = ArMi-PC | Source = Application Error | ID = 1000

Description = Naam van toepassing met fout: ImNotfy.exe, versie: 6.2.9.5203, tijdstempel:

0x4fa2b29a Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000

Uitzonderingscode:

0xc0000005 Foutoffset: 0x02c20de7 Id van proces met fout: 0xca4 Starttijd van toepassing

met fout: 0x01cd73e3508ffafb Pad naar toepassing met fout: C:\Program Files\IncrediMail\Bin\ImNotfy.exe

Pad

naar module met fout: unknown Rapport-id: 9394eafe-dfd6-11e1-a4c2-00262dc1feb1

Error - 8/6/2012 11:04:19 AM | Computer Name = ArMi-PC | Source = Application Error | ID = 1000

Description = Naam van toepassing met fout: ImNotfy.exe, versie: 6.2.9.5203, tijdstempel:

0x4fa2b29a Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000

Uitzonderingscode:

0xc0000005 Foutoffset: 0x00000000 Id van proces met fout: 0x17c8 Starttijd van toepassing

met fout: 0x01cd73e4bb399827 Pad naar toepassing met fout: C:\Program Files\IncrediMail\Bin\ImNotfy.exe

Pad

naar module met fout: unknown Rapport-id: ff0c627d-dfd7-11e1-a4c2-00262dc1feb1

Error - 8/8/2012 4:56:15 AM | Computer Name = ArMi-PC | Source = Application Error | ID = 1000

Description = Naam van toepassing met fout: spoolsv.exe, versie: 6.1.7601.17514,

tijdstempel: 0x4ce7aa85 Naam van module met fout: ntdll.dll, versie: 6.1.7601.17725,

tijdstempel: 0x4ec49b60 Uitzonderingscode: 0xc0000374 Foutoffset: 0x000c380b Id van

proces met fout: 0x66c Starttijd van toepassing met fout: 0x01cd7520e4610991 Pad

naar toepassing met fout: C:\Windows\System32\spoolsv.exe Pad naar module met fout:

C:\Windows\SYSTEM32\ntdll.dll Rapport-id: e86e2368-e136-11e1-8a98-00262dc1feb1

Error - 8/10/2012 1:10:02 AM | Computer Name = ArMi-PC | Source = Application Error | ID = 1000

Description = Naam van toepassing met fout: WINWORD.EXE, versie: 11.0.8345.0, tijdstempel:

0x4f3c32b8 Naam van module met fout: WINWORD.EXE, versie: 11.0.8345.0, tijdstempel:

0x4f3c32b8 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00805639 Id van proces met

fout: 0x1478 Starttijd van toepassing met fout: 0x01cd76b65a25cdfd Pad naar toepassing

met fout: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Pad naar module

met fout: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Rapport-id: a349598f-e2a9-11e1-b19a-00262dc1feb1

[ System Events ]

Error - 6/21/2013 1:32:33 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030

Description = De PEVSystemStart-service staat aangeduid als een interactieve service.

Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn

toegestaan. Deze service werkt mogelijk niet juist.

Error - 6/21/2013 1:32:34 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030

Description = De PEVSystemStart-service staat aangeduid als een interactieve service.

Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn

toegestaan. Deze service werkt mogelijk niet juist.

Error - 6/21/2013 1:32:34 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030

Description = De PEVSystemStart-service staat aangeduid als een interactieve service.

Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn

toegestaan. Deze service werkt mogelijk niet juist.

Error - 6/21/2013 1:32:34 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030

Description = De PEVSystemStart-service staat aangeduid als een interactieve service.

Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn

toegestaan. Deze service werkt mogelijk niet juist.

Error - 6/21/2013 1:32:35 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030

Description = De PEVSystemStart-service staat aangeduid als een interactieve service.

Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn

toegestaan. Deze service werkt mogelijk niet juist.

Error - 6/21/2013 1:32:35 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030

Description = De PEVSystemStart-service staat aangeduid als een interactieve service.

Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn

toegestaan. Deze service werkt mogelijk niet juist.

Error - 6/21/2013 1:32:36 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030

Description = De PEVSystemStart-service staat aangeduid als een interactieve service.

Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn

toegestaan. Deze service werkt mogelijk niet juist.

Error - 6/21/2013 1:32:36 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030

Description = De PEVSystemStart-service staat aangeduid als een interactieve service.

Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn

toegestaan. Deze service werkt mogelijk niet juist.

Error - 6/21/2013 1:32:36 PM | Computer Name = ArMi-PC | Source = Service Control Manager | ID = 7030

Description = De PEVSystemStart-service staat aangeduid als een interactieve service.

Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn

toegestaan. Deze service werkt mogelijk niet juist.

Error - 6/21/2013 1:52:12 PM | Computer Name = ArMi-PC | Source = DCOM | ID = 10010

Description =

< End of report >

[Mako]

Hallo,

We zijn er bijna

1. Start OTL opnieuw.
   
   • Kopieer en plak In het Custom Scans/Fixes veld de onderstaande code.
     

     :Commands
     [CREATERESTOREPOINT]
     
     :OTL
     IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediMail.com
     CHR - default_search_provider: Search Results (Enabled)
     CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3434555513 224486&q={searchTerms}
     O4 - HKLM..\Run: [] File not found
     O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - File not found
     
     :Files
     C:\Windows\STARTYPE.INI
     C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
     :Commands
     [PURITY]
     [emptyjava]
     [EMPTYFLASH]
     [reboot]
     

     
     

   • Klik op Run Fix bovenaan.
     
   • Laat het programma ongehinderd werken, herstart de computer als het klaar is en sla de log op die verschijnt.
     
   • Open OTL weer en klik op Quick Scan bovenaan.
     
   • Plaats de log van de "Quick Scan" en van de "Fix" beide als bijlage in het volgende bericht.

[*]

• 
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

  startupall;
  filesrcm;
  {FDFE5E63-116A-4655-9B4D-29F4AFE441B3};c
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

[kemicky]

Waar kan ik de log halen? Die is door het opnieuw opstarten verdwenen.

- - - Updated - - -

Hier Log van Fix:

OTL logfile created on: 6/22/2013 10:07:17 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArMi\Downloads

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3.18 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 56.46% Memory free

6.35 Gb Paging File | 4.16 Gb Available in Paging File | 65.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 294.58 Gb Total Space | 237.59 Gb Free Space | 80.65% Space Free | Partition Type: NTFS

Drive D: | 270.48 Gb Total Space | 237.82 Gb Free Space | 87.93% Space Free | Partition Type: NTFS

Drive F: | 30.00 Gb Total Space | 9.58 Gb Free Space | 31.93% Space Free | Partition Type: NTFS

Computer Name: ARMI-PC | User Name: ArMi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/22 17:08:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArMi\Downloads\OTL.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe

PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/10/31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012/06/08 04:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

PRC - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/03/02 00:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe

PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe

PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

PRC - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe

PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe

PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe

PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/11/02 04:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe

PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/22 08:59:09 | 000,115,137 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

MOD - [2013/06/15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

MOD - [2013/06/15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll

MOD - [2013/06/15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll

MOD - [2013/06/15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll

MOD - [2013/06/15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll

MOD - [2013/06/15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll

MOD - [2013/05/15 08:47:54 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll

MOD - [2013/05/15 08:47:40 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll

MOD - [2013/05/15 08:47:36 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll

MOD - [2013/05/15 08:47:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll

MOD - [2013/05/15 08:47:27 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll

MOD - [2013/01/12 08:22:48 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll

MOD - [2013/01/12 08:22:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll

MOD - [2013/01/12 08:21:38 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll

MOD - [2013/01/12 00:56:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll

MOD - [2013/01/12 00:56:29 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll

MOD - [2013/01/12 00:56:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll

MOD - [2013/01/12 00:56:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll

MOD - [2013/01/12 00:56:13 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll

MOD - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

MOD - [2011/03/10 19:03:24 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/03/02 00:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2011/03/02 00:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2011/03/02 00:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2011/03/02 00:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2011/03/02 00:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2011/01/13 03:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll

MOD - [2011/01/13 03:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll

MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll

MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll

MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll

MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll

MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll

MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll

MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll

MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll

MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll

MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll

MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011/01/25 23:23:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/10/31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/10/31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/10/15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)

DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)

DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2011/03/04 03:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2011/03/04 03:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2011/03/04 03:27:20 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)

DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/12/02 12:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)

DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS -- (SAS***IL)

DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2010/04/01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)

DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

DRV - [2006/12/05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [2004/05/04 06:49:00 | 000,091,241 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1131Vid.sys -- (P1131VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{88EAB4FF-0C04-4773-B0BB-661AA49BB50D}: "URL" = http://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}

IE - HKCU\..\SearchScopes\{CB62A195-5D27-4833-8F3F-0730AEEB9589}: "URL" = http://go.web.de/br/ie8_search_ebay/?q={searchTerms}

IE - HKCU\..\SearchScopes\{E8A0F93B-C792-415F-BF1F-90EF126373C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ArMi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/02/16 22:51:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/02/16 09:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Extensions

[2012/12/08 22:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions

[2012/12/08 23:50:53 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

[2013/06/22 08:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\Profiles\aw36llwo.default\extensions

[2012/11/14 20:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3434555513224486&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.nu.nl/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: WeatherBug = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.5_0\

CHR - Extension: Skype Click to Call = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE File not found

O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)

O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found

O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found

O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD7403F-E36C-4313-85BD-AEE823F8A4D3}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/22 21:20:18 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/06/22 15:26:13 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/06/22 08:59:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp

[2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\ArMi\AppData\Local\Temp

[2013/06/21 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/06/21 13:02:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/06/21 13:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2013/06/22 21:42:01 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/22 21:42:01 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/22 21:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/22 21:34:36 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/22 21:32:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job

[2013/06/22 21:24:09 | 000,006,656 | ---- | M] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/06/22 20:40:25 | 000,046,973 | ---- | M] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0002.jpg

[2013/06/22 20:39:48 | 000,051,126 | ---- | M] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0001.jpg

[2013/06/22 20:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job

[2013/06/22 18:32:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job

[2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/06/22 11:37:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job

[2013/06/22 08:29:59 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip

[2013/06/22 08:29:09 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe

[2013/06/21 18:49:49 | 000,036,226 | ---- | M] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg

[2013/06/21 18:48:51 | 000,084,358 | ---- | M] () -- C:\Users\ArMi\Desktop\RunScript.jpg

[2013/06/21 13:02:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/21 12:36:35 | 000,484,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/06/21 09:27:59 | 000,052,528 | ---- | M] () -- C:\Windows\System\TT0865M_.TTF

[2013/06/21 09:27:59 | 000,052,304 | ---- | M] () -- C:\Windows\System\TT0863M_.TTF

[2013/06/21 09:27:59 | 000,051,648 | ---- | M] () -- C:\Windows\System\TT0866M_.TTF

[2013/06/21 09:27:59 | 000,051,488 | ---- | M] () -- C:\Windows\System\TT0864M_.TTF

[2013/06/21 09:27:59 | 000,038,244 | ---- | M] () -- C:\Windows\System\TT0543M_.TTF

[2013/06/21 09:27:59 | 000,036,108 | ---- | M] () -- C:\Windows\System\TT0532M_.TTF

[2013/06/21 09:27:59 | 000,035,936 | ---- | M] () -- C:\Windows\System\TT0414M_.TTF

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0866m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0865m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0864m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0863m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0543m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0532m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0414m_.FOT

[2013/06/21 09:27:57 | 000,038,392 | ---- | M] () -- C:\Windows\System\TT0533M_.TTF

[2013/06/21 09:27:57 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0533m_.FOT

[2013/06/21 09:27:19 | 000,701,798 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2013/06/21 09:27:19 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/06/21 09:27:19 | 000,133,798 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2013/06/21 09:27:19 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/06/21 09:24:49 | 000,061,428 | ---- | M] () -- C:\Windows\System\TT0725M_.TTF

[2013/06/21 09:24:49 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0725m_.FOT

[2013/06/20 21:13:20 | 001,271,997 | ---- | M] () -- C:\Users\ArMi\Desktop\zoek.exe

[2013/06/20 19:26:18 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk

[2013/06/20 19:22:46 | 000,002,959 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk

[2013/06/20 19:20:33 | 001,402,880 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.msi

[2013/06/15 14:39:50 | 000,187,272 | ---- | M] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg

[2013/06/08 12:04:07 | 000,157,898 | ---- | M] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg

[2013/05/25 13:59:31 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2013/06/22 21:24:07 | 000,006,656 | ---- | C] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/06/22 20:41:21 | 000,051,126 | ---- | C] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0001.jpg

[2013/06/22 20:41:12 | 000,046,973 | ---- | C] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0002.jpg

[2013/06/22 08:35:53 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe

[2013/06/22 08:29:59 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip

[2013/06/21 18:49:49 | 000,036,226 | ---- | C] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg

[2013/06/21 18:48:51 | 000,084,358 | ---- | C] () -- C:\Users\ArMi\Desktop\RunScript.jpg

[2013/06/21 13:02:22 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/21 13:01:23 | 001,271,997 | ---- | C] () -- C:\Users\ArMi\Desktop\zoek.exe

[2013/06/21 09:27:59 | 000,052,528 | ---- | C] () -- C:\Windows\System\TT0865M_.TTF

[2013/06/21 09:27:59 | 000,052,304 | ---- | C] () -- C:\Windows\System\TT0863M_.TTF

[2013/06/21 09:27:59 | 000,051,648 | ---- | C] () -- C:\Windows\System\TT0866M_.TTF

[2013/06/21 09:27:59 | 000,051,488 | ---- | C] () -- C:\Windows\System\TT0864M_.TTF

[2013/06/21 09:27:59 | 000,038,244 | ---- | C] () -- C:\Windows\System\TT0543M_.TTF

[2013/06/21 09:27:59 | 000,036,108 | ---- | C] () -- C:\Windows\System\TT0532M_.TTF

[2013/06/21 09:27:59 | 000,035,936 | ---- | C] () -- C:\Windows\System\TT0414M_.TTF

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0866m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0865m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0864m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0863m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0543m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0532m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0414m_.FOT

[2013/06/21 09:27:57 | 000,038,392 | ---- | C] () -- C:\Windows\System\TT0533M_.TTF

[2013/06/21 09:27:57 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0533m_.FOT

[2013/06/21 09:24:49 | 000,061,428 | ---- | C] () -- C:\Windows\System\TT0725M_.TTF

[2013/06/21 09:24:49 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0725m_.FOT

[2013/06/20 19:26:18 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk

[2013/06/20 19:22:46 | 000,002,959 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk

[2013/06/20 19:22:17 | 001,402,880 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.msi

[2013/06/15 14:39:49 | 000,187,272 | ---- | C] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg

[2013/06/08 12:04:06 | 000,157,898 | ---- | C] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg

[2013/05/25 13:59:31 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/02/16 09:57:25 | 000,000,262 | RHS- | C] () -- C:\Users\ArMi\ntuser.pol

[2013/02/04 19:59:59 | 000,007,605 | ---- | C] () -- C:\Users\ArMi\AppData\Local\Resmon.ResmonCfg

[2013/01/27 10:04:03 | 000,000,618 | ---- | C] () -- C:\Windows\MyHeritage.INI

[2012/05/29 09:12:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2012/03/03 17:56:24 | 000,004,096 | -H-- | C] () -- C:\Users\ArMi\AppData\Local\keyfile3.drm

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/21 15:29:58 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Ahnenblatt

[2013/03/07 22:06:18 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Belastingdienst

[2011/01/24 20:41:13 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\BullGuard

[2011/02/24 18:22:12 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\com.oceanbreezegames.cubecrash

[2012/09/21 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\convert

[2013/02/20 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\DVDVideoSoft

[2011/04/27 16:24:56 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\InterTrust

[2012/11/02 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Leadertech

[2013/03/05 12:14:03 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\MyHeritage

[2012/11/06 10:35:37 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\ooVoo Details

[2012/10/15 12:51:16 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Opera

[2012/06/17 16:26:32 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Samsung

[2013/03/14 12:41:55 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Stammbaumdrucker

[2013/01/27 10:01:16 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\The Complete Genealogy Reporter - FTB

[2012/10/30 08:19:09 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\TuneUp Software

[2012/12/08 23:50:51 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\uTorrent

[2012/11/14 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\VideoConverterPackages

========== Purity Check ==========

< End of report >

[Mako]

Hallo,

Er zijn er nog 2 door de mazen van het net geglipt:

Start OTL opnieuw.

• 
  
• Kopieer en plak In het Custom Scans/Fixes veld de onderstaande code.
  

   
  :Commands 
  [CREATERESTOREPOINT] 
  
  :OTL 
  CHR - default_search_provider: Search Results (Enabled)
  CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3434555513 224486&q={searchTerms}
  
  :Commands 
  [PURITY] 
  [emptyjava] 
  [EMPTYFLASH] 
  

  
  

• Klik op Run Fix bovenaan.
  
• Laat het programma ongehinderd werken, herstart de computer als het klaar is en sla de log op die verschijnt.
  
• Plaats de log van "Fix" als bijlage in het volgende bericht.

Plaats je ook nog even het logje van Zoek.exe aub?

[kemicky]

Goedemorgen!

---------------------------

OTL logfile created on: 6/22/2013 10:07:17 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ArMi\Downloads

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3.18 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 56.46% Memory free

6.35 Gb Paging File | 4.16 Gb Available in Paging File | 65.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 294.58 Gb Total Space | 237.59 Gb Free Space | 80.65% Space Free | Partition Type: NTFS

Drive D: | 270.48 Gb Total Space | 237.82 Gb Free Space | 87.93% Space Free | Partition Type: NTFS

Drive F: | 30.00 Gb Total Space | 9.58 Gb Free Space | 31.93% Space Free | Partition Type: NTFS

Computer Name: ARMI-PC | User Name: ArMi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/22 17:08:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ArMi\Downloads\OTL.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe

PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/10/31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012/06/08 04:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

PRC - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/03/02 00:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/01/13 04:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe

PRC - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2010/06/21 22:53:44 | 000,436,264 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe

PRC - [2010/06/02 16:42:18 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

PRC - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe

PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe

PRC - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe

PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/11/02 04:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe

PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/22 08:59:09 | 000,115,137 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

MOD - [2013/06/15 03:28:42 | 000,393,168 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

MOD - [2013/06/15 03:28:41 | 013,140,432 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll

MOD - [2013/06/15 03:28:40 | 004,051,408 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll

MOD - [2013/06/15 03:27:51 | 000,599,504 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libglesv2.dll

MOD - [2013/06/15 03:27:50 | 000,124,368 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\libegl.dll

MOD - [2013/06/15 03:27:48 | 001,597,392 | ---- | M] () -- C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll

MOD - [2013/05/15 08:47:54 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll

MOD - [2013/05/15 08:47:40 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll

MOD - [2013/05/15 08:47:36 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll

MOD - [2013/05/15 08:47:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll

MOD - [2013/05/15 08:47:27 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll

MOD - [2013/01/12 08:22:48 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll

MOD - [2013/01/12 08:22:21 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll

MOD - [2013/01/12 08:21:38 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll

MOD - [2013/01/12 00:56:30 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll

MOD - [2013/01/12 00:56:29 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll

MOD - [2013/01/12 00:56:25 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll

MOD - [2013/01/12 00:56:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll

MOD - [2013/01/12 00:56:13 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll

MOD - [2012/06/08 04:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2011/03/10 19:05:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

MOD - [2011/03/10 19:03:24 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/03/02 00:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2011/03/02 00:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2011/03/02 00:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2011/03/02 00:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2011/03/02 00:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2011/03/02 00:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2011/01/13 03:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll

MOD - [2011/01/13 03:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll

MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll

MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll

MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll

MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll

MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll

MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll

MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll

MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll

MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll

MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll

MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/10/31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011/01/25 23:23:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/07/27 08:05:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/05/10 21:28:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/05/10 21:28:50 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2009/11/07 12:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/09/08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/10/31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/10/31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/10/15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)

DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(DEVGURU :: DEVGURU? ????? ?????.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)

DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2011/03/04 03:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2011/03/04 03:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2011/03/04 03:27:20 | 000,020,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)

DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/12/02 12:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/07/26 16:27:00 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/07/26 16:27:00 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)

DRV - [2010/06/21 09:14:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)

DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2010/05/10 21:28:49 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)

DRV - [2010/05/10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SAS***IL.SYS -- (SAS***IL)

DRV - [2010/04/27 09:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010/04/27 09:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2010/04/01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2010/02/26 23:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/02/17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2009/08/13 08:39:40 | 000,786,400 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)

DRV - [2009/05/13 21:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2009/05/13 21:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

DRV - [2006/12/05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [2004/05/04 06:49:00 | 000,091,241 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1131Vid.sys -- (P1131VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{88EAB4FF-0C04-4773-B0BB-661AA49BB50D}: "URL" = http://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}

IE - HKCU\..\SearchScopes\{CB62A195-5D27-4833-8F3F-0730AEEB9589}: "URL" = http://go.web.de/br/ie8_search_ebay/?q={searchTerms}

IE - HKCU\..\SearchScopes\{E8A0F93B-C792-415F-BF1F-90EF126373C9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ArMi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/02/16 22:51:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/02/16 09:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Extensions

[2012/12/08 22:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions

[2012/12/08 23:50:53 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

[2013/06/22 08:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ArMi\AppData\Roaming\mozilla\Firefox\Profiles\aw36llwo.default\extensions

[2012/11/14 20:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3434555513224486&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - homepage: nu.nl | Het laatste nieuws het eerst op nu.nl

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ArMi\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\ArMi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\ArMi\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\ArMi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: WeatherBug = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.5_0\

CHR - Extension: Skype Click to Call = C:\Users\ArMi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE File not found

O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)

O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found

O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found

O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CD7403F-E36C-4313-85BD-AEE823F8A4D3}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91734A2F-C336-4BE9-8362-AA7479B0E354}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/22 21:20:18 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/06/22 15:26:13 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/06/22 08:59:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Windows\Temp

[2013/06/22 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\ArMi\AppData\Local\Temp

[2013/06/21 13:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/06/21 13:02:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/06/21 13:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2013/06/22 21:42:01 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/22 21:42:01 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/22 21:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/22 21:34:36 | 2558,595,072 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/22 21:32:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job

[2013/06/22 21:24:09 | 000,006,656 | ---- | M] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/06/22 20:40:25 | 000,046,973 | ---- | M] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0002.jpg

[2013/06/22 20:39:48 | 000,051,126 | ---- | M] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0001.jpg

[2013/06/22 20:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job

[2013/06/22 18:32:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job

[2013/06/22 15:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/06/22 11:37:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job

[2013/06/22 08:29:59 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip

[2013/06/22 08:29:09 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe

[2013/06/21 18:49:49 | 000,036,226 | ---- | M] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg

[2013/06/21 18:48:51 | 000,084,358 | ---- | M] () -- C:\Users\ArMi\Desktop\RunScript.jpg

[2013/06/21 13:02:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/21 12:36:35 | 000,484,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/06/21 09:27:59 | 000,052,528 | ---- | M] () -- C:\Windows\System\TT0865M_.TTF

[2013/06/21 09:27:59 | 000,052,304 | ---- | M] () -- C:\Windows\System\TT0863M_.TTF

[2013/06/21 09:27:59 | 000,051,648 | ---- | M] () -- C:\Windows\System\TT0866M_.TTF

[2013/06/21 09:27:59 | 000,051,488 | ---- | M] () -- C:\Windows\System\TT0864M_.TTF

[2013/06/21 09:27:59 | 000,038,244 | ---- | M] () -- C:\Windows\System\TT0543M_.TTF

[2013/06/21 09:27:59 | 000,036,108 | ---- | M] () -- C:\Windows\System\TT0532M_.TTF

[2013/06/21 09:27:59 | 000,035,936 | ---- | M] () -- C:\Windows\System\TT0414M_.TTF

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0866m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0865m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0864m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0863m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0543m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0532m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0414m_.FOT

[2013/06/21 09:27:57 | 000,038,392 | ---- | M] () -- C:\Windows\System\TT0533M_.TTF

[2013/06/21 09:27:57 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0533m_.FOT

[2013/06/21 09:27:19 | 000,701,798 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2013/06/21 09:27:19 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/06/21 09:27:19 | 000,133,798 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2013/06/21 09:27:19 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/06/21 09:24:49 | 000,061,428 | ---- | M] () -- C:\Windows\System\TT0725M_.TTF

[2013/06/21 09:24:49 | 000,001,409 | ---- | M] () -- C:\Windows\System\tt0725m_.FOT

[2013/06/20 21:13:20 | 001,271,997 | ---- | M] () -- C:\Users\ArMi\Desktop\zoek.exe

[2013/06/20 19:26:18 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk

[2013/06/20 19:22:46 | 000,002,959 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk

[2013/06/20 19:20:33 | 001,402,880 | ---- | M] () -- C:\Users\ArMi\Desktop\HiJackThis.msi

[2013/06/15 14:39:50 | 000,187,272 | ---- | M] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg

[2013/06/08 12:04:07 | 000,157,898 | ---- | M] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg

[2013/05/25 13:59:31 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2013/06/22 21:24:07 | 000,006,656 | ---- | C] () -- C:\Users\ArMi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/06/22 20:41:21 | 000,051,126 | ---- | C] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0001.jpg

[2013/06/22 20:41:12 | 000,046,973 | ---- | C] () -- C:\Users\ArMi\Desktop\IMG-20130622-WA0002.jpg

[2013/06/22 08:35:53 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe

[2013/06/22 08:29:59 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip

[2013/06/21 18:49:49 | 000,036,226 | ---- | C] () -- C:\Users\ArMi\Desktop\Zoek exe.jpg

[2013/06/21 18:48:51 | 000,084,358 | ---- | C] () -- C:\Users\ArMi\Desktop\RunScript.jpg

[2013/06/21 13:02:22 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/06/21 13:01:23 | 001,271,997 | ---- | C] () -- C:\Users\ArMi\Desktop\zoek.exe

[2013/06/21 09:27:59 | 000,052,528 | ---- | C] () -- C:\Windows\System\TT0865M_.TTF

[2013/06/21 09:27:59 | 000,052,304 | ---- | C] () -- C:\Windows\System\TT0863M_.TTF

[2013/06/21 09:27:59 | 000,051,648 | ---- | C] () -- C:\Windows\System\TT0866M_.TTF

[2013/06/21 09:27:59 | 000,051,488 | ---- | C] () -- C:\Windows\System\TT0864M_.TTF

[2013/06/21 09:27:59 | 000,038,244 | ---- | C] () -- C:\Windows\System\TT0543M_.TTF

[2013/06/21 09:27:59 | 000,036,108 | ---- | C] () -- C:\Windows\System\TT0532M_.TTF

[2013/06/21 09:27:59 | 000,035,936 | ---- | C] () -- C:\Windows\System\TT0414M_.TTF

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0866m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0865m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0864m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0863m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0543m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0532m_.FOT

[2013/06/21 09:27:59 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0414m_.FOT

[2013/06/21 09:27:57 | 000,038,392 | ---- | C] () -- C:\Windows\System\TT0533M_.TTF

[2013/06/21 09:27:57 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0533m_.FOT

[2013/06/21 09:24:49 | 000,061,428 | ---- | C] () -- C:\Windows\System\TT0725M_.TTF

[2013/06/21 09:24:49 | 000,001,409 | ---- | C] () -- C:\Windows\System\tt0725m_.FOT

[2013/06/20 19:26:18 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk

[2013/06/20 19:22:46 | 000,002,959 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.lnk

[2013/06/20 19:22:17 | 001,402,880 | ---- | C] () -- C:\Users\ArMi\Desktop\HiJackThis.msi

[2013/06/15 14:39:49 | 000,187,272 | ---- | C] () -- C:\Users\ArMi\Desktop\_SHZOSY05.jpg

[2013/06/08 12:04:06 | 000,157,898 | ---- | C] () -- C:\Users\ArMi\Desktop\m1nxg52as0t9_std1024.jpg

[2013/05/25 13:59:31 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/02/16 09:57:25 | 000,000,262 | RHS- | C] () -- C:\Users\ArMi\ntuser.pol

[2013/02/04 19:59:59 | 000,007,605 | ---- | C] () -- C:\Users\ArMi\AppData\Local\Resmon.ResmonCfg

[2013/01/27 10:04:03 | 000,000,618 | ---- | C] () -- C:\Windows\MyHeritage.INI

[2012/05/29 09:12:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2012/05/23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012/05/23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2012/05/23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2012/05/23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2012/05/23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2012/03/03 17:56:24 | 000,004,096 | -H-- | C] () -- C:\Users\ArMi\AppData\Local\keyfile3.drm

========== ZeroAccess Check ==========

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/21 15:29:58 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Ahnenblatt

[2013/03/07 22:06:18 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Belastingdienst

[2011/01/24 20:41:13 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\BullGuard

[2011/02/24 18:22:12 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\com.oceanbreezegames.cubecrash

[2012/09/21 14:16:06 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\convert

[2013/02/20 14:10:46 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\DVDVideoSoft

[2011/04/27 16:24:56 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\InterTrust

[2012/11/02 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Leadertech

[2013/03/05 12:14:03 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\MyHeritage

[2012/11/06 10:35:37 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\ooVoo Details

[2012/10/15 12:51:16 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Opera

[2012/06/17 16:26:32 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Samsung

[2013/03/14 12:41:55 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\Stammbaumdrucker

[2013/01/27 10:01:16 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\The Complete Genealogy Reporter - FTB

[2012/10/30 08:19:09 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\TuneUp Software

[2012/12/08 23:50:51 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\uTorrent

[2012/11/14 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\ArMi\AppData\Roaming\VideoConverterPackages

========== Purity Check ==========

< End of report >

- - - Updated - - -

Ik gebruik Google Chrome en gisteren en zojuist heb ik de log geplaatst. Zodra ik op "snel reageren" heb geklikt, stopt Google Chrome dat ik niet meer kan zien of de log naar je is gestuurd. Nu gebruik ik Internet Explorer en zie dat de log toch is verstuurd! Sorry voor de meerdere keren!

- - - Updated - - -

Ik gebruik Google Chrome en gisteren en zojuist heb ik de log geplaatst. Zodra ik op "snel reageren" heb geklikt, stopt Google Chrome dat ik niet meer kan zien of de log naar je is gestuurd. Nu gebruik ik Internet Explorer en zie dat de log toch is verstuurd! Sorry voor de meerdere keren!

- - - Updated - - -

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== OTL ==========

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: ArMi

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: ArMi

->Flash cache emptied: 456 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06232013_082820

[kemicky]

Zoek.exe Version 4.0.0.2 Updated 22-June-2013

Tool run by ArMi on zo 23-06-2013 at 8:36:37,26.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results20-06-2013-2115.log 280 bytes

C:\zoek-results20-06-2013-2122.log 370 bytes

C:\zoek-results21-06-2013-1259.log 462 bytes

C:\zoek-results21-06-2013-1301.log 462 bytes

C:\zoek-results21-06-2013-1325.log 508 bytes

C:\zoek-results21-06-2013-1926.log 554 bytes

C:\zoek-results21-06-2013-1927.log 600 bytes

C:\zoek-results21-06-2013-1953.log 28878 bytes

C:\zoek-results22-06-2013-0859.log 8491 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDFE5E63-116A-4655-9B4D-29F4AFE441B3} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\ArMi\AppData\Local\Temp ====

====== C:\Windows\system32 =====

2013-06-12 20:44:26 F67B1B348CBBCB60DAEC276712582E8C 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-12 20:44:25 B3DC4D1658093C1E486CA9F22180BECF 1141248 ----a-w- C:\Windows\System32\urlmon.dll

2013-06-12 20:44:25 5E2D9C88284AA3BECF15BEA0920A1903 391168 ----a-w- C:\Windows\System32\ieui.dll

2013-06-12 20:44:23 FCA0837B2739C044EEC00AF0DDD73FFC 13760512 ----a-w- C:\Windows\System32\ieframe.dll

2013-06-12 20:44:21 F383B1AD5D7FDC1ACB0D900B50572F8D 2046976 ----a-w- C:\Windows\System32\iertutil.dll

2013-06-12 20:44:21 05920BD009621D06722A1CD339DA6481 14327808 ----a-w- C:\Windows\System32\mshtml.dll

2013-06-12 20:41:18 091C7153A1292F19BE34FAC07FFF12EC 690688 ----a-w- C:\Windows\System32\jscript.dll

2013-06-12 20:41:16 97FA62873FF759574B20DF39FF22CC27 2877440 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-12 20:41:16 4395AC0BC02009AFAAB01368BA38AF30 39424 ----a-w- C:\Windows\System32\jsproxy.dll

2013-06-12 20:41:15 A10E7B582DEA86572510CB73CCCECA34 61440 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-12 20:41:13 DD09C65E52F3D5574F9774EE0D4DAA57 33280 ----a-w- C:\Windows\System32\iernonce.dll

2013-06-12 20:41:13 64DF9B793072A53F245515E08D8F5E37 42496 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-06-12 20:41:13 0FEED965B909BA2D210CE78C21626A69 493056 ----a-w- C:\Windows\System32\msfeeds.dll

2013-06-12 20:41:12 CE3EC9D85ED88ED4AD948B90BB9ED31D 71680 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 20:41:12 9593EA1AE5F39C1174B532213D47664B 109056 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-12 20:41:09 2473CA6595A2659D7039A4A89FECA269 1767936 ----a-w- C:\Windows\System32\wininet.dll

2013-06-12 14:51:51 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\System32\d3d11.dll

2013-06-12 14:51:43 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-06-12 14:51:33 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\System32\win32spl.dll

2013-06-12 14:51:31 92245C959E5BC378809D2CC5E9F6E9C7 1160192 ----a-w- C:\Windows\System32\crypt32.dll

2013-06-12 14:51:31 8A8B277067C22F4BF6AA9A31692FC4D3 103936 ----a-w- C:\Windows\System32\cryptnet.dll

2013-06-12 14:51:31 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\System32\certutil.exe

2013-06-12 14:51:30 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\System32\certenc.dll

2013-06-12 14:51:30 3897DFF247D9ED0006190349DE264E14 140288 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-06-12 14:51:27 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-06-12 14:51:25 575DDD83B40880E1DEB48758673BDA71 3913576 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-06-12 14:51:25 3F63CF7DF313428CA9C5D1F410DF4645 3968872 ----a-w- C:\Windows\System32\ntkrnlpa.exe

====== C:\Windows\system32\drivers =====

2013-06-22 13:26:13 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys

2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-12 14:51:22 D32FDAC73FCD76B85389C39BC1087F2A 1293672 ----a-w- C:\Windows\System32\drivers\tcpip.sys

====== C:\Windows\Tasks ======

2013-06-20 19:15:17 49509E5A965A94760609D96C3413BE38 3120 ----a-w- C:\Windows\system32\Tasks\{2C483F32-378A-4E30-A7CD-592650256511}

====== C:\Windows\Temp ======

======= C:\Program Files =====

======= C: =====

2013-06-22 15:03:58 0F4A56B17456C4BBDCAD750429E5C912 8778 ----a-w- C:\AdwCleaner[s2].txt

====== C:\Users\ArMi\AppData\Roaming ======

2013-06-22 06:35:53 -------- d-----w- C:\users\ArMi\AppData\Local\Temp

====== C:\Users\ArMi ======

2013-06-22 15:08:09 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\ArMi\Downloads\OTL (1).exe

2013-06-22 15:07:25 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\ArMi\Downloads\OTL.exe

2013-06-22 15:03:24 4EF33D516F31BEB1C9847D1FDA69375C 648201 ----a-w- C:\Users\ArMi\Downloads\adwcleaner.exe

2013-06-21 11:01:47 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\ArMi\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-21 10:46:44 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\ArMi\Downloads\TFC.exe

2013-06-20 17:25:41 8AEB5D7CF5182094977760A765FA5B01 5126104 ----a-w- C:\Users\ArMi\Downloads\spsetup122.exe

====== C: exe-files ==

2013-06-19 12:32:24 80633916458CC8041D0F483B7633E9F6 1582944 ----a-w- C:\Users\ArMi\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.116\27.0.1453.116_27.0.1453.110_chrome_updater.exe

2013-06-19 10:38:44 FC89629363054D6EE349BE6D372FB8A8 129896 ----a-w- C:\Program Files\Speccy\uninst.exe

2013-06-19 10:38:04 185804AC50A546738B466B5CF04AC793 5926168 ----a-w- C:\Program Files\Speccy\Speccy.exe

=== C: other files ==

2013-06-23 06:06:03 59971CC6BF628653C45FBA2FC81F7B3B 144 ---ha-w- C:\Program Files\Common Files\X10\Common\x10prod.sys

2013-06-22 13:26:13 0DB7527DB188C7D967A37BB51BBF3963 40776 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys

2013-06-22 06:29:59 5F564D422FECD62C2FB3BDF9734664F5 756 ----a-w- C:\Users\Public\Desktop\sample_22-06-2013_0829.zip

2013-06-21 11:02:21 4470E3C1E0C3378E4CAB137893C12C3A 22856 ----a-w- C:\Windows\System32\drivers\mbam.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s"

"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s"

"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Facebook Update"="C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-933684324-2697931749-3995688759-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 "

"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe"

"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe"

"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe"

"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe"

"NUSB3MON"="C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"

"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon"

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE"

"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe"

"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"

"avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui"

"LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"PDFPrint"="C:\Program Files\PDF24\pdf24.exe"

"Family Tree Builder Update"="C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"Google Update"="C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s"

"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Facebook Update"="C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"Logitech Vid"="C:\Program Files\Logitech\Vid HD\Vid.exe -bootmode"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job --a------ C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe [31-10-2012 12:32]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job --a------ C:\Users\ArMi\AppData\Local\Facebook\Update\FacebookUpdate.exe [31-10-2012 12:32]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001Core.job --a------ C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe [24-01-2011 20:51]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-933684324-2697931749-3995688759-1001UA.job --a------ C:\Users\ArMi\AppData\Local\Google\Update\GoogleUpdate.exe [24-01-2011 20:51]

==== EOF on zo 23-06-2013 at 8:42:21,50 ======================

[Mako]

Hallo,

Dat is niet erg hoor

Laatste controle:

• 
  
• Dubbelklik op Zoek.exe om de tool te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Kopieer nu onderstaande code en plak die in het grote invulvenster:
  
• Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
  

   
  chromelook; 
  

  
  

• Klik nu op de knop "Run script".
  
• Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  
• Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  
• Post het geopende logje in het volgende bericht.
  

Zou normaal een kort logje moeten zijn.