Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

pop up adds yieldmanager

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: pop up adds yieldmanager

Unread postby Gary R » October 19th, 2012, 12:19 pm

Part of that can be due to items being removed that were scheduled for removal by the removal tools.

Boot your computer a few times, and let me know if it's still booting slowly after a couple of boots.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 20th, 2012, 7:56 am

After a couple of reboots, it still reboots quiet slow, from the moment I enter my password, and displays 'welcome', it takes a while before being able to work on it. Also after the 'welcome'-display I get a black screen for like 5 seconds before getting my normal screen. Could it be slowed down because of 'spyhunter 4' which starts initializing once I start up?

Another thing I noticed this morning, I had 3 word-files on my desktop, now there filename has changed slightly, so I tried to open them, but I get a reply 'problems with content, file is damaged and could not be opened'.

Their original names were:
20km door brussel.doc changed to ~$km door brussel.doc
hurghada.doc changed to ~$rghada.docx
portugal.doc changed to ~$rtugal.docx

Is there anyway to safe the content?

Additionally I also have 2 new files on my desktop named 'desktop.ini' is this a result of the runfix we did yesterday? What should I do with these files? If you want the content of these 2 files, just tell me and I'll post them.

Best regards,
RunningVirus
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby Gary R » October 20th, 2012, 9:13 am

Click Start > Control Panel > Appearance and Personalization > Folder Options > Show hidden files and folders
Ensure the following ...
  • Don't show hidden files, folders, or drives is checked.
  • Hide extensions for known file types is unchecked.
  • Hide protected operating system file (Recommended) is checked.
  • Click OK.

Does that make the Desktop.ini files disappear ?

Next

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Under Custom Scans/Fixes copy/paste the contents of the code box below.
Code: Select all
dir "%userprofile%\desktop" /c

  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 20th, 2012, 3:17 pm

Hi Gary,

Thanks to your instructions, the desktop.ini files dissappeared & my word files are as good as new again & accesible.

Now running OTL, logs will follow.

Best regards
RunningVirus
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 20th, 2012, 3:25 pm

otl log,

OTL logfile created on: 10/20/2012 9:13:57 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3.98 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.08% Memory free
7.96 Gb Paging File | 6.30 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1831.92 Gb Total Space | 1730.31 Gb Free Space | 94.45% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.24 Gb Free Space | 34.13% Space Free | Partition Type: NTFS
Drive E: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 15:42:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
PRC - [2012/10/11 17:51:15 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/20 11:24:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/05/13 13:34:06 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/17 19:53:00 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 09:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 18:17:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/26 22:30:28 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d59182e98ef565ae60ca79643f38c798\IAStorUtil.ni.dll
MOD - [2012/05/26 22:30:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1308b3b2c033226ddd613752a37e3272\IAStorCommon.ni.dll
MOD - [2012/05/26 22:11:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/26 22:11:14 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/26 22:11:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/26 22:10:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/26 22:10:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/26 22:10:44 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/26 22:10:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2010/05/12 11:03:32 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/12 11:03:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 15:33:16 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/04/24 00:25:03 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2010/10/25 18:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/20 11:24:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/24 00:25:03 | 002,715,824 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:64bit: - [2011/04/02 20:39:39 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010/12/17 11:57:03 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/17 11:55:56 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2010/12/17 11:55:55 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2010/12/17 11:55:50 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
DRV:64bit: - [2010/12/17 11:55:50 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
DRV:64bit: - [2010/11/25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/19 20:34:00 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 20:34:00 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/07 22:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/05/31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/04/09 11:37:18 | 012,342,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/09 11:38:06 | 012,039,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{3CEE1BB4-457A-4348-A4F6-B13E9DAB4674}: "URL" =
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{9ACBE53E-8ACC-4F25-BAB2-5513E6A54357}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christoph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/11 17:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/18 10:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/18 10:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2012/10/18 16:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions
[2012/10/16 16:47:55 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2012/10/16 17:07:25 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\firefox@ghostery.com
[2012/08/18 11:17:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\tc45o6yv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/18 10:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\CHRISTOPH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TC45O6YV.DEFAULT\EXTENSIONS\ALONE-LIVE@YA.RU
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:37:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:37:45 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/07/14 02:37:45 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/07/14 02:37:45 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

O1 HOSTS File: ([2012/10/18 16:26:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: avast! EasyPass Werkbalk - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Formulieren Invullen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Formulieren opslaan - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Menu aanpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: avast! EasyPass Werkbalk - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Formulieren Invullen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Formulieren opslaan - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Menu aanpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9:64bit: - Extra Button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9:64bit: - Extra Button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:64bit: - Extra 'Tools' menuitem : avast! EasyPass Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9 - Extra Button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9 - Extra Button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : avast! EasyPass Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://photoservice.fujicolor.eu/ips-op ... jordan.cab (JordanUploader Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static ... .134.0.cab (Battlefield Heroes Updater)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/stati ... 0.80.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297A5260-0356-4169-BDAD-15B4B094A063}: DhcpNameServer = 195.130.130.5 195.130.131.5
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/30 12:46:43 | 000,000,059 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/20 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{6209C8C5-07D5-40A1-ABC2-FFCA3010DA22}
[2012/10/20 12:05:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{4F322F77-7D85-4B9F-A9EE-37780AF751B5}
[2012/10/19 06:37:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{15F1D550-4CCC-4A17-B978-A80EB1B9A425}
[2012/10/18 17:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/18 16:13:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/18 15:59:07 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{D5C5935D-EC77-4543-B13D-BD1F234664A1}
[2012/10/17 16:11:07 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\tdsskiller
[2012/10/17 15:42:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012/10/16 14:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/16 14:47:11 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/10/16 14:47:11 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/16 14:46:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/16 14:46:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/16 14:46:55 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/15 18:14:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Macromedia
[2012/10/15 18:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/15 18:13:10 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/15 18:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/10/15 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\logs
[2012/10/15 11:41:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\Reizen
[2012/10/13 13:26:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2012/10/13 13:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/13 13:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/13 13:25:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/13 13:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/11 18:20:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/10/11 18:20:20 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/10/11 18:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/10/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/10/11 17:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/11 17:51:04 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/11 17:51:04 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/11 17:51:01 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/11 17:51:01 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/11 17:51:00 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/11 17:50:58 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/11 17:50:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/11 17:50:27 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

========== Files - Modified Within 30 Days ==========

[2012/10/20 21:07:34 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 21:07:34 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 21:06:11 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/20 21:01:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/20 20:59:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/20 20:59:11 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/20 12:30:42 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/20 12:30:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/20 12:28:48 | 324,410,814 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/18 16:26:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/17 16:08:25 | 002,194,704 | ---- | M] () -- C:\Users\Christoph\Desktop\tdsskiller.zip
[2012/10/17 15:42:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012/10/16 16:42:38 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/10/16 14:46:50 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/16 14:46:47 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/10/16 14:46:47 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/16 14:46:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/16 14:46:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/16 14:46:46 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/10/15 18:13:10 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/15 18:13:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/13 13:36:11 | 006,278,228 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/13 13:36:11 | 000,702,000 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/10/13 13:36:11 | 000,694,906 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/10/13 13:36:11 | 000,693,930 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/10/13 13:36:11 | 000,690,202 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012/10/13 13:36:11 | 000,689,584 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/10/13 13:36:11 | 000,632,656 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012/10/13 13:36:11 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/13 13:36:11 | 000,552,246 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/10/13 13:36:11 | 000,148,528 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012/10/13 13:36:11 | 000,137,280 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/10/13 13:36:11 | 000,135,058 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012/10/13 13:36:11 | 000,133,774 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/10/13 13:36:11 | 000,130,358 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/10/13 13:36:11 | 000,127,362 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/10/13 13:36:11 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/13 13:36:11 | 000,089,654 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/10/13 13:36:11 | 000,008,922 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012/10/13 13:36:11 | 000,008,652 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012/10/13 13:36:11 | 000,006,500 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012/10/13 13:36:11 | 000,006,494 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012/10/13 13:25:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 18:20:21 | 000,002,266 | ---- | M] () -- C:\Users\Christoph\Desktop\SpyHunter.lnk

========== Files Created - No Company Name ==========

[2012/10/17 16:08:15 | 002,194,704 | ---- | C] () -- C:\Users\Christoph\Desktop\tdsskiller.zip
[2012/10/16 16:42:38 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/10/16 16:42:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/10/13 13:25:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 18:20:21 | 000,002,266 | ---- | C] () -- C:\Users\Christoph\Desktop\SpyHunter.lnk
[2012/10/11 17:51:05 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/07 16:18:50 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2012/08/07 16:18:49 | 012,039,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2012/08/07 16:18:49 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2012/08/07 16:18:41 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[2012/05/31 13:16:37 | 000,007,609 | ---- | C] () -- C:\Users\Christoph\AppData\Local\Resmon.ResmonCfg
[2012/01/28 15:24:41 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/28 15:24:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/24 21:25:47 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/04/09 13:45:12 | 006,368,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 18:14:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/12/03 21:07:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/03 20:59:01 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 11:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/24 13:12:18 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Asumut
[2011/12/08 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Audacity
[2011/04/02 20:39:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite
[2011/03/31 14:45:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Pro
[2011/09/10 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Leadertech
[2012/03/22 13:33:42 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Pro Cycling Manager 2010
[2011/10/14 15:56:36 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Research In Motion
[2011/11/12 12:19:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Reviversoft
[2012/08/23 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\RoboForm
[2012/10/20 16:07:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\SoftGrid Client
[2011/03/31 20:28:59 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Software Inspection Library
[2011/11/01 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Sports Interactive
[2012/07/30 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TP
[2011/12/10 11:51:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Ubisoft
[2011/05/23 12:56:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< dir "%userprofile%\desktop" /c >
De volumenaam van station C is Boot
Het volumenummer is CA8F-A289
Map van C:\Users\Christoph\DESKTOP
20/10/2012 21:21 <DIR> .
20/10/2012 21:21 <DIR> ..
26/05/2012 16:24 12.168.082 15007_04.exe
20/10/2012 21:21 68 cmd.bat
20/10/2012 21:21 0 cmd.txt
28/12/2011 13:07 <DIR> Films
14/01/2012 23:15 355.706.986 Flash Mob solo.AVI
15/10/2012 11:42 <DIR> Fotos
19/05/2011 22:33 1.459 Internet Explorer.lnk
17/10/2012 15:55 <DIR> logs
16/10/2012 20:13 <DIR> Loopschoenen
17/07/2011 21:20 <DIR> LP
02/10/2012 09:49 <DIR> Muziek
17/10/2012 15:42 602.112 OTL.exe
20/10/2012 16:04 <DIR> Reizen
11/10/2012 18:20 2.266 SpyHunter.lnk
17/10/2012 16:11 <DIR> tdsskiller
17/10/2012 16:08 2.194.704 tdsskiller.zip
18/10/2012 21:20 <DIR> Werk
8 bestand(en) 370.675.677 bytes
11 map(pen) 1.857.899.208.704 bytes beschikbaar

< End of report >
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 20th, 2012, 3:27 pm

extra log,

OTL Extras logfile created on: 10/20/2012 9:13:57 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3.98 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.08% Memory free
7.96 Gb Paging File | 6.30 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1831.92 Gb Total Space | 1730.31 Gb Free Space | 94.45% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.24 Gb Free Space | 34.13% Space Free | Partition Type: NTFS
Drive E: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0945B96D-BAF5-4BAC-99E7-CFB7A32A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{13333799-6E8A-4107-B0AA-AD021A62B539}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2789088D-7842-4B9A-A3C4-65AE7A4310B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A64A4E1-EE62-431D-B3F3-6C63A16BED6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B619D04-5C1F-4DB4-9302-0216D4945162}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3D24C90E-616A-47BF-854F-53B1B08BA094}" = rport=138 | protocol=17 | dir=out | app=system |
"{593631EF-AFA0-4E5F-8F8D-85AECDCA2507}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6D166B27-5327-4C16-B227-B931E2E20CF8}" = lport=139 | protocol=6 | dir=in | app=system |
"{72D976E8-89F4-4AE7-BDEE-63963DE96FCE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{73D9FDDF-73E1-4607-8668-AE6717FF5A5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85E082F5-3AC5-4DFC-B2E6-DFE5C4BBFC6E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96DA72EF-C62E-4921-8B67-67C2538D9038}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BD889F2-931B-4A4C-AE7C-EC06BDBB4C64}" = lport=138 | protocol=17 | dir=in | app=system |
"{A65215C3-7BCE-42AE-911F-76202B722287}" = lport=137 | protocol=17 | dir=in | app=system |
"{A684D37A-9067-4750-B965-2EA7F02DEEE4}" = rport=137 | protocol=17 | dir=out | app=system |
"{B4965AA8-9A86-4A3E-A8B1-F6E780D24056}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B65C0704-0853-4D1D-A487-FDF8CE922713}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7E1C7D1-AFFC-4EFF-870F-5370C3DAE909}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA5C5A8D-D92D-4E32-B900-3293B50E4C0B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D123739B-A428-408D-8043-5D2E2972E284}" = lport=445 | protocol=6 | dir=in | app=system |
"{D3961CC0-A02A-41E0-BD5D-CE508C128D79}" = rport=139 | protocol=6 | dir=out | app=system |
"{E4D3BAC4-798F-4DA9-9E07-09DA5C387C96}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EDC6D0FD-C0F3-4696-A4CC-3FB43E47CEA4}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C93F90-FADF-4F63-810C-A53C072D7961}" = protocol=58 | dir=in | app=system |
"{059B72F6-3353-49C5-A056-F5FAC4F2ADF3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe |
"{06CA521F-9B55-422C-912C-2529FA350B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{1111A996-06AC-49E9-95A7-45137915B576}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12090661-6CF5-44C0-B516-09AB4393A0D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{13149270-227A-4615-A9BC-2EBDBF0A4D43}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1C004E6D-D41D-452C-A941-CC0739922B67}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{1D0963EC-C7AF-4AFD-B400-856B382FB802}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{240B3B90-1E2D-4E9E-A56C-FFE27183227E}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\autorun\exe\autorun.exe |
"{24AD259B-897C-40EF-86EF-87D7DA1D7D66}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{24B526E3-6105-41B1-9941-A0261DC6AA2A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28CDC1BB-49D1-44A3-A155-DBA66F759ED2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{2F293679-D474-4F54-84A7-2DF4B59C1D3E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\initengine.exe |
"{3AD81CD0-9D3C-40EF-945F-515C37961603}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe |
"{3B1186AD-EEDB-43D9-B393-1FBB0A5735ED}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"{3BBFDE76-CBE9-4245-9B50-FA4604E5ADD9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3BC1CECA-5115-4A22-97DE-F236F5B32448}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41E00E81-AF2F-457C-B7A7-595D7A9FE23E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{4423D98C-0F4B-4302-B36F-DF4D762103E7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4D74D01F-E1F6-494A-A700-7485D11AFE44}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{57FF658C-A206-40AD-98E4-0B97A079E923}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{58FFEC58-180E-4CE2-8E76-435282885CE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B2C065F-2079-42CE-AECD-8D49FFA95CB6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{68B6E42B-2B91-415F-A19B-6814E0F985E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{6987DF24-C30B-4EC3-A9D4-291A28C12A1A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{716981DB-10B9-49B4-8FC9-DDE3C94A2998}" = protocol=6 | dir=out | app=system |
"{77819DC7-28E5-421D-8F86-90CC256A357A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7BF6D439-4C74-44E4-8D79-5CE1108C775E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7C22EBDB-02C9-4762-BD52-F6CC2771544C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7FA23AF4-6765-4A71-AE1B-23FFB345C4CB}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe |
"{821ACC17-4031-447B-9611-FA837D137F0A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070 demo\anno5.exe |
"{87572096-CD89-464F-85ED-7B49C521EA03}" = protocol=17 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011 russian\fm.exe |
"{8AEAAD12-0A7F-435E-AE1A-073505B1019F}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\autorun\exe\autorun.exe |
"{8B775321-B7D2-4B2E-A926-9FDD5474056B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{909FC2ED-BC44-4EE8-A48D-EA2549D38229}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{911D464B-3656-45B4-8B4F-9BB22DD06506}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94358C4C-9B0E-4AF8-BD39-AAC2E9AAA028}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{9628B568-7FE9-436F-A783-D87F66642974}" = protocol=6 | dir=in | app=c:\program files (x86)\sports interactive\football manager 2011 russian\fm.exe |
"{992AF406-D25F-45D5-A27D-0BBA97EE0642}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B110035-B6C8-43BE-A8D7-C7FADA6672BB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A5448D27-D1EA-449B-BF6F-CD62A8A564F5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{A8B7114C-EDB5-44F4-AC63-8691EFC4E43F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B374ECBE-DD4C-4B27-919E-EB2DC855F884}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{B55B913C-AE94-427A-8695-C2EF313B75C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BA849309-E9E0-4C19-9165-91F7E31217EC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C0D263A7-0B4D-482D-9A3E-4D0D77796E10}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C4D72445-F6BC-48A6-840C-8C1E13A179D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6B779ED-9575-4930-A5FC-CC250883C197}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA0BD0B1-E0D6-4567-8E15-DC8FCC6AB409}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB0CD4B1-AE13-42F6-B729-43EF71044625}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBE4EF56-BB51-4F87-B7EA-022F7A868F67}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{DC977040-1BC7-4038-859D-D5E5CFB41D63}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD3CDBEC-CA21-491D-9E9B-6B9F2E635FA6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{DECF38C3-D733-486C-8022-1AE4120F8B94}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{E9BC5719-366A-47AD-89CF-06B5EBF91A06}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{EA63862D-702F-4CD1-BD0D-5E0A9C6E9EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EC2EAD73-DE7F-431F-8856-C543995C41C9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{F7A2CA9D-612F-4840-BD06-44239B9EBD02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9002F2D-0B92-4B0D-8094-36FA0115196E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE0C5CB1-8DB9-47FE-83BC-D6A14D80B4AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FE290346-43A5-42BD-9B76-C1DC23B59753}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"TCP Query User{784686DD-91ED-45EC-B914-754DAC7891CD}C:\users\christoph\appdata\roaming\unuba\uqyf.exe" = protocol=6 | dir=in | app=c:\users\christoph\appdata\roaming\unuba\uqyf.exe |
"TCP Query User{83E234F7-2FD2-4815-B3A2-EB097CB81035}C:\users\christoph\appdata\roaming\huakil\omgy.exe" = protocol=6 | dir=in | app=c:\users\christoph\appdata\roaming\huakil\omgy.exe |
"TCP Query User{9A3CD020-0BE5-4D38-A4BC-A371B749A999}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{9BADCBCA-1834-4472-B306-85398A02B528}D:\fifa2011\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa2011\game\fifa.exe |
"TCP Query User{A4EE33AF-67AC-46CE-A692-F2D9224CAE3B}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"TCP Query User{A9D07A02-DDC7-489F-86BB-BADF8AEBBB2A}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{E0716B10-5432-4C17-8DF8-B22030F495E9}C:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe |
"UDP Query User{0A4410D9-941E-47B2-B387-80161D14EE02}C:\users\christoph\appdata\roaming\unuba\uqyf.exe" = protocol=17 | dir=in | app=c:\users\christoph\appdata\roaming\unuba\uqyf.exe |
"UDP Query User{0D2F71CF-FB38-4541-9CDA-9E250E776194}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{0FD1B2BE-B7DE-4846-B3AA-E195573CFFA4}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{5B36B4DE-327C-4D6D-9B94-5BFFCF9ED657}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{63371008-0005-4E73-AB41-ED200001F485}C:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\pro cycling manager - seizoen 2010\pcm.exe |
"UDP Query User{93CEEDD9-B1A5-4187-9CA9-05B48C28CC59}D:\fifa2011\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa2011\game\fifa.exe |
"UDP Query User{BF9EDB4A-B271-45CF-B1F0-6A593C687085}C:\users\christoph\appdata\roaming\huakil\omgy.exe" = protocol=17 | dir=in | app=c:\users\christoph\appdata\roaming\huakil\omgy.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{21927AF8-8738-455F-AB98-7FF8FBFC6282}" = Intel(R) Network Connections 15.8.75.0
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}" = SpyHunter
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0413-1000-0000000FF1CE}" = Microsoft Office Klik-en-Klaar 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 263.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSetDX" = Intel(R) Network Connections 15.8.75.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Trust Webcam 15007
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0413-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Nederlands
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9170B2A2-FC44-4ec2-AEB6-9052626B2A2E}_is1" = Driver Reviver
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI - Nederlands
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = avast! EasyPass
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"avast" = avast! Free Antivirus
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Football Manager 2012_is1" = Football Manager 2012
"GameCenter_is1" = GameCenter 1.3.0.5
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.0.1400
"Mozilla Firefox 14.0.1 (x86 nl)" = Mozilla Firefox 14.0.1 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klik-en-Klaar 2010
"Pro Cycling Manager 2010_is1" = Pro Cycling Manager - Seizoen 2010 - 1.0.0.0
"PunkBusterSvc" = PunkBuster Services
"VLC media player" = VLC media player 1.1.10
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2012 10:31:52 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/18/2012 1:10:01 PM | Computer Name = Christoph-PC | Source = SideBySide | ID = 16842832
Description = Kan activeringscontext voor C:\Program Files (x86)\ESET\ESET Online
Scanner\ESETSmartInstaller.exe niet maken. Fout in manifest of beleidsbestand
op regel . Een onderdeelversie die nodig is voor de toepassing conflicteert met een
andere onderdeelversie die reeds actief is. Conflicterende onderdelen zijn: Onderdeel
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Onderdeel
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 10/18/2012 1:29:29 PM | Computer Name = Christoph-PC | Source = Application Hang | ID = 1002
Description = Het programma WINWORDC.EXE, versie 0.0.0.0 reageert niet meer op Windows
en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar
is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in
het Configuratiescherm. Proces-id: f18 Starttijd: 01cdad56081a6b90 Eindtijd: 562 Toepassingspad:
Q:\140066.nld\Office14\WINWORDC.EXE Rapport-id: 53ab3e4b-1949-11e2-bbcb-6c626ded7044


Error - 10/19/2012 12:36:02 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/19/2012 9:30:02 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/20/2012 6:04:18 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/20/2012 6:12:21 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/20/2012 6:29:27 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/20/2012 7:40:22 AM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

Error - 10/20/2012 2:59:30 PM | Computer Name = Christoph-PC | Source = CVHSVC | ID = 100
Description = Alleen informatie. Kan de actie niet voltooien. Probeer de actie opnieuw
uit te voeren. Als het probleem zich blijft voordoen, neemt u contact op met de
productondersteuning van Microsoft.

[ System Events ]
Error - 10/19/2012 12:38:13 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Windows Media Player Network Sharing Service.

Error - 10/19/2012 12:38:13 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = De Windows Media Player Network Sharing Service-service kan vanwege
de volgende fout niet worden gestart: %%1053

Error - 10/20/2012 6:03:28 AM | Computer Name = Christoph-PC | Source = e1cexpress | ID = 262168
Description = Intel(R) 82579LM Gigabit Network Connection PROBLEM: Unable to start
the network adapter. ACTION: Install the latest driver from "http://www.intel.com/support/go/network/adapter/home.htm".


Error - 10/20/2012 6:12:48 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: MBAMService.

Error - 10/20/2012 6:13:18 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: Spooler.

Error - 10/20/2012 6:14:22 AM | Computer Name = Christoph-PC | Source = DCOM | ID = 10010
Description =

Error - 10/20/2012 6:15:35 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: Dnscache.

Error - 10/20/2012 6:16:05 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: Dnscache.

Error - 10/20/2012 6:16:26 AM | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7022
Description = De Background Intelligent Transfer Service-service is bij het starten
vastgelopen.

Error - 10/20/2012 6:28:55 AM | Computer Name = CHRISTOPH-PC | Source = BugCheck | ID = 1001
Description =


< End of report >
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby Gary R » October 21st, 2012, 4:49 am

OK, I can't see any signs of re-infection, and I can't see any reason for a slow boot from the logs you've supplied.

There are a few minor tweaks we need to do though ....

There's a few Windows Defender update directories that have not been removed (Windows Defender should remove them automatically once the update is installed), there's also a couple of folders need removing, and a few firewall settings that need attending to.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
[2012/10/20 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{6209C8C5-07D5-40A1-ABC2-FFCA3010DA22}
[2012/10/20 12:05:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{4F322F77-7D85-4B9F-A9EE-37780AF751B5}
[2012/10/19 06:37:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{15F1D550-4CCC-4A17-B978-A80EB1B9A425}
[2012/10/18 15:59:07 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{D5C5935D-EC77-4543-B13D-BD1F234664A1}

:Files
c:\program files (x86)\avg
C:\program files (x86)\bittorrent

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CA521F-9B55-422C-912C-2529FA350B6E}"=-
"{12090661-6CF5-44C0-B516-09AB4393A0D8}"=-
"{1D0963EC-C7AF-4AFD-B400-856B382FB802}"=-
"{24AD259B-897C-40EF-86EF-87D7DA1D7D66}"=-
"{5B2C065F-2079-42CE-AECD-8D49FFA95CB6}"=-
"{68B6E42B-2B91-415F-A19B-6814E0F985E0}"=-
"{909FC2ED-BC44-4EE8-A48D-EA2549D38229}"=-
"{94358C4C-9B0E-4AF8-BD39-AAC2E9AAA028}"=-
"{9B110035-B6C8-43BE-A8D7-C7FADA6672BB}"=-
"{A5448D27-D1EA-449B-BF6F-CD62A8A564F5}"=-
"{BA849309-E9E0-4C19-9165-91F7E31217EC}"=-
"{DD3CDBEC-CA21-491D-9E9B-6B9F2E635FA6}"=-
"{E9BC5719-366A-47AD-89CF-06B5EBF91A06}"=-
"{EC2EAD73-DE7F-431F-8856-C543995C41C9}"=-
"{FE290346-43A5-42BD-9B76-C1DC23B59753}"=-
"TCP Query User{9A3CD020-0BE5-4D38-A4BC-A371B749A999}C:\program files (x86)\bittorrent\bittorrent.exe"=-
"TCP Query User{A4EE33AF-67AC-46CE-A692-F2D9224CAE3B}C:\program files (x86)\bittorrent\bittorrent.exe"=-
"UDP Query User{0D2F71CF-FB38-4541-9CDA-9E250E776194}C:\program files (x86)\bittorrent\bittorrent.exe"=-
"UDP Query User{5B36B4DE-327C-4D6D-9B94-5BFFCF9ED657}C:\program files (x86)\bittorrent\bittorrent.exe"=-

:Commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

There's a file on your Desktop I can't find any information on ....

12.168.082 15007_04.exe

.... do you know what this file is for ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 21st, 2012, 8:28 am

OTL-log,

All processes killed
========== OTL ==========
C:\Users\Christoph\AppData\Local\{6209C8C5-07D5-40A1-ABC2-FFCA3010DA22} folder moved successfully.
C:\Users\Christoph\AppData\Local\{4F322F77-7D85-4B9F-A9EE-37780AF751B5} folder moved successfully.
C:\Users\Christoph\AppData\Local\{15F1D550-4CCC-4A17-B978-A80EB1B9A425} folder moved successfully.
C:\Users\Christoph\AppData\Local\{D5C5935D-EC77-4543-B13D-BD1F234664A1} folder moved successfully.
========== FILES ==========
c:\program files (x86)\AVG\AVG2012\html\reportcard folder moved successfully.
c:\program files (x86)\AVG\AVG2012\html folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Firefox4\Components folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Firefox4 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack\Chrome folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Firefox folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Drivers\Win7 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Drivers\ErHr7x64 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Drivers folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\techbuddy\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\techbuddy folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\speedtest_sp1\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\speedtest_sp1 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\speedtest\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\speedtest folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\multimi-banner-sp1\banner folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\multimi-banner-sp1 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\multimi-banner\banner folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\multimi-banner folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_sp1\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_sp1 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_en_sp1\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_en_sp1 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_en\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_en folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_trial\banner folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_trial folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free_cnet\upgrade folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free_cnet folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free\upgrade folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free\banner folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs folder moved successfully.
c:\program files (x86)\AVG\AVG2012 folder moved successfully.
c:\program files (x86)\AVG folder moved successfully.
File\Folder C:\program files (x86)\bittorrent not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06CA521F-9B55-422C-912C-2529FA350B6E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06CA521F-9B55-422C-912C-2529FA350B6E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12090661-6CF5-44C0-B516-09AB4393A0D8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12090661-6CF5-44C0-B516-09AB4393A0D8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1D0963EC-C7AF-4AFD-B400-856B382FB802} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D0963EC-C7AF-4AFD-B400-856B382FB802}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24AD259B-897C-40EF-86EF-87D7DA1D7D66} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24AD259B-897C-40EF-86EF-87D7DA1D7D66}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B2C065F-2079-42CE-AECD-8D49FFA95CB6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B2C065F-2079-42CE-AECD-8D49FFA95CB6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{68B6E42B-2B91-415F-A19B-6814E0F985E0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B6E42B-2B91-415F-A19B-6814E0F985E0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{909FC2ED-BC44-4EE8-A48D-EA2549D38229} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{909FC2ED-BC44-4EE8-A48D-EA2549D38229}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94358C4C-9B0E-4AF8-BD39-AAC2E9AAA028} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94358C4C-9B0E-4AF8-BD39-AAC2E9AAA028}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B110035-B6C8-43BE-A8D7-C7FADA6672BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B110035-B6C8-43BE-A8D7-C7FADA6672BB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5448D27-D1EA-449B-BF6F-CD62A8A564F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5448D27-D1EA-449B-BF6F-CD62A8A564F5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA849309-E9E0-4C19-9165-91F7E31217EC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA849309-E9E0-4C19-9165-91F7E31217EC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD3CDBEC-CA21-491D-9E9B-6B9F2E635FA6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD3CDBEC-CA21-491D-9E9B-6B9F2E635FA6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9BC5719-366A-47AD-89CF-06B5EBF91A06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9BC5719-366A-47AD-89CF-06B5EBF91A06}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC2EAD73-DE7F-431F-8856-C543995C41C9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC2EAD73-DE7F-431F-8856-C543995C41C9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE290346-43A5-42BD-9B76-C1DC23B59753} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE290346-43A5-42BD-9B76-C1DC23B59753}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9A3CD020-0BE5-4D38-A4BC-A371B749A999}C:\program files (x86)\bittorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A4EE33AF-67AC-46CE-A692-F2D9224CAE3B}C:\program files (x86)\bittorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0D2F71CF-FB38-4541-9CDA-9E250E776194}C:\program files (x86)\bittorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5B36B4DE-327C-4D6D-9B94-5BFFCF9ED657}C:\program files (x86)\bittorrent\bittorrent.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christoph
->Temp folder emptied: 1653012 bytes
->Temporary Internet Files folder emptied: 59612429 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6437094 bytes
->Flash cache emptied: 928 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156480 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10212012_135642

Files\Folders moved on Reboot...
C:\Users\Christoph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF28EA15268CA7905B.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF3993D5177AD33140.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF535458A28FAC04C0.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DF70CAC463425622F0.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFB3751A07F8DEBC97.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Temp\~DFE27C93CBE987CBA9.TMP not found!
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WR8WZVC9\B6799254[1].htm not found!
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBYI4ZBR\01[1].htm not found!
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBYI4ZBR\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q6QFIH18\data_sync[1].htm not found!
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q6QFIH18\Live[1].htm not found!
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q6QFIH18\viewtopic[2].htm moved successfully.
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8G64PF2K\videos[1].htm not found!
File\Folder C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3IGTB6QU\emily[1].html not found!
C:\Users\Christoph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...


Registry entries deleted on Reboot...


Concering file '15007_04.exe':
I lost my cd for installing the software to use my cam, so I found this file through the site of the webcam brand. Sometimes when I plug in my cam into the usb portal, the pc doesn't find it, so then I reinstall it, through that file & afterwards everything works fine.

Best regards,
RunningVirus
Last edited by RunningVirus on October 21st, 2012, 8:35 am, edited 1 time in total.
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 21st, 2012, 8:33 am

I had another question,

When I used ESET, it found 10 files, from which 7 where lonely planet-pdf files(but zipped).

After the next runfix, there was following response 'not found'. Do I need to delete them manually? Or is there no need to delete?

File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Baja_Los_Cabos7th_Edition_August_2007.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Guatemala3rd_Edition_September_2007.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Honduras_the_Bay_Islands1st_Edition_January_2007.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Nicaragua_El_Salvador1st_Edition_October_2006.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Panama4th_Edition_November_2007.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Puerto_Vallarta_Pacific_Mexico2nd_Edition_August_2006.rar not found.
File\Folder C:\Users\Christoph\Desktop\LP\Lonely-planet 2005-2009 (Vasia Zozulia)\Yucatan3rd_Edition_November_2006.rar not found.

Best Regards,
RunningVirus
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby Gary R » October 21st, 2012, 10:05 am

First of all .... not found .... means the file was not found on your machine, and is therefore probably not there.

If you can actually see the files are present on your computer, then delete them manually, otherwise it would seem they're not present.

OK, since we can be reasonably sure that your slow boots are not being caused by anything malicious, I think it's probably time to remove the programs we've been using to clean your computer ....

Let's clear out OTL and the files and folders it created. This should also remove TDSSKiller.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read ....

.... if your computer is still booting unusually slowly afterwards, please let me know.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: pop up adds yieldmanager

Unread postby RunningVirus » October 21st, 2012, 2:59 pm

OTL and TDSSkiller are removed.

I also found the trackware-files, so I deleted them.

Tomorrow I will read the info from the links.

I would really like to thank you Gary R & everyone from malwareremoval.com for helping me!!! I really appreciated your efforts and willingness to help someone who is lacking knowledge to deal with this problem.

Thanks a lot!!!

Best Regards
RunningVirus
RunningVirus
Regular Member
 
Posts: 34
Joined: October 15th, 2012, 5:36 am

Re: pop up adds yieldmanager

Unread postby Gary R » October 22nd, 2012, 1:58 am

You're welcome, glad we could help you with your problems. :)

Keep safe.

Gary

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware