otl log,
OTL logfile created on: 10/20/2012 9:13:57 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy
3.98 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.08% Memory free
7.96 Gb Paging File | 6.30 Gb Available in Paging File | 79.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1831.92 Gb Total Space | 1730.31 Gb Free Space | 94.45% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 10.24 Gb Free Space | 34.13% Space Free | Partition Type: NTFS
Drive E: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/10/17 15:42:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
PRC - [2012/10/11 17:51:15 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/04/20 11:24:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/05/13 13:34:06 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/01/20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/17 19:53:00 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 09:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/09/15 13:21:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe
========== Modules (No Company Name) ========== MOD - [2012/06/07 18:17:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/26 22:30:28 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d59182e98ef565ae60ca79643f38c798\IAStorUtil.ni.dll
MOD - [2012/05/26 22:30:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1308b3b2c033226ddd613752a37e3272\IAStorCommon.ni.dll
MOD - [2012/05/26 22:11:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/26 22:11:14 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/26 22:11:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/26 22:10:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/26 22:10:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/26 22:10:44 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/26 22:10:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2010/05/12 11:03:32 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/12 11:03:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_nl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
========== Services (SafeList) ========== SRV:
64bit: - [2012/08/21 15:33:16 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:
64bit: - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:
64bit: - [2011/04/24 00:25:03 | 000,551,896 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:
64bit: - [2010/10/25 18:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:
64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/20 11:24:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:
64bit: - [2012/08/21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:
64bit: - [2012/08/21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:
64bit: - [2012/08/21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:
64bit: - [2012/08/21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:
64bit: - [2012/08/21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:
64bit: - [2012/08/21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:
64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:
64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:
64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:
64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:
64bit: - [2011/04/24 00:25:03 | 002,715,824 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:
64bit: - [2011/04/02 20:39:39 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:
64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:
64bit: - [2010/12/17 11:57:03 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:
64bit: - [2010/12/17 11:55:56 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:
64bit: - [2010/12/17 11:55:55 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:
64bit: - [2010/12/17 11:55:50 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
DRV:
64bit: - [2010/12/17 11:55:50 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
DRV:
64bit: - [2010/11/25 07:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:
64bit: - [2010/11/19 20:34:00 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:
64bit: - [2010/11/19 20:34:00 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:
64bit: - [2010/11/06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:
64bit: - [2010/09/07 22:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:
64bit: - [2010/05/31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:
64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:
64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:
64bit: - [2007/04/09 11:37:18 | 012,342,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/09 11:38:06 | 012,039,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.aldi.comIE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{3CEE1BB4-457A-4348-A4F6-B13E9DAB4674}: "URL" =
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\SearchScopes\{9ACBE53E-8ACC-4F25-BAB2-5513E6A54357}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christoph\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/11 17:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/18 10:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/08/18 10:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2012/10/18 16:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions
[2012/10/16 16:47:55 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2012/10/16 17:07:25 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\tc45o6yv.default\extensions\firefox@ghostery.com
[2012/08/18 11:17:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\tc45o6yv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/18 10:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\CHRISTOPH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TC45O6YV.DEFAULT\EXTENSIONS\ALONE-LIVE@YA.RU
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:37:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:37:45 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/07/14 02:37:45 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/07/14 02:37:45 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml
O1 HOSTS File: ([2012/10/18 16:26:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:
64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:
64bit: - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:
64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:
64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:
64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:
64bit: - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:
64bit: - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:
64bit: - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O3 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3403070129-1335383128-838480008-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:
64bit: - Extra context menu item: avast! EasyPass Werkbalk - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:
64bit: - Extra context menu item: Formulieren Invullen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:
64bit: - Extra context menu item: Formulieren opslaan - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:
64bit: - Extra context menu item: Menu aanpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: avast! EasyPass Werkbalk - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Formulieren Invullen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Formulieren opslaan - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Menu aanpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O9:
64bit: - Extra Button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -
http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9:
64bit: - Extra 'Tools' menuitem : eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -
http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9:
64bit: - Extra Button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:
64bit: - Extra 'Tools' menuitem : Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:
64bit: - Extra Button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:
64bit: - Extra 'Tools' menuitem : Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:
64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9:
64bit: - Extra 'Tools' menuitem : avast! EasyPass Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (AVAST Software)
O9 - Extra Button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -
http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -
http://rover.ebay.com/rover/1/1553-72747-17534-1/4 File not found
O9 - Extra Button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : avast! EasyPass Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}
http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE}
http://photoservice.fujicolor.eu/ips-op ... jordan.cab (JordanUploader Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1}
http://www.battlefieldheroes.com/static ... .134.0.cab (Battlefield Heroes Updater)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}
https://battlefield.play4free.com/stati ... 0.80.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.5 195.130.131.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297A5260-0356-4169-BDAD-15B4B094A063}: DhcpNameServer = 195.130.130.5 195.130.131.5
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/30 12:46:43 | 000,000,059 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2012/10/20 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{6209C8C5-07D5-40A1-ABC2-FFCA3010DA22}
[2012/10/20 12:05:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{4F322F77-7D85-4B9F-A9EE-37780AF751B5}
[2012/10/19 06:37:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{15F1D550-4CCC-4A17-B978-A80EB1B9A425}
[2012/10/18 17:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/18 16:13:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/18 15:59:07 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{D5C5935D-EC77-4543-B13D-BD1F234664A1}
[2012/10/17 16:11:07 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\tdsskiller
[2012/10/17 15:42:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012/10/16 14:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/10/16 14:47:11 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/10/16 14:47:11 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/16 14:46:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/16 14:46:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/16 14:46:55 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/15 18:14:18 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Macromedia
[2012/10/15 18:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/15 18:13:10 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/15 18:13:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/10/15 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\logs
[2012/10/15 11:41:08 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\Reizen
[2012/10/13 13:26:04 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2012/10/13 13:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/13 13:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/13 13:25:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/13 13:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/11 18:20:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/10/11 18:20:20 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/10/11 18:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/10/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/10/11 17:51:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/11 17:51:04 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/11 17:51:04 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/11 17:51:01 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/11 17:51:01 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/11 17:51:00 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/11 17:50:58 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/11 17:50:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/11 17:50:27 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
========== Files - Modified Within 30 Days ========== [2012/10/20 21:07:34 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 21:07:34 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 21:06:11 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/20 21:01:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/20 20:59:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/20 20:59:11 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/20 12:30:42 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/20 12:30:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/20 12:28:48 | 324,410,814 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/18 16:26:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/17 16:08:25 | 002,194,704 | ---- | M] () -- C:\Users\Christoph\Desktop\tdsskiller.zip
[2012/10/17 15:42:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012/10/16 16:42:38 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/10/16 14:46:50 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/10/16 14:46:47 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/10/16 14:46:47 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/16 14:46:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/10/16 14:46:47 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/10/16 14:46:46 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/10/15 18:13:10 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/15 18:13:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/13 13:36:11 | 006,278,228 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/13 13:36:11 | 000,702,000 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/10/13 13:36:11 | 000,694,906 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/10/13 13:36:11 | 000,693,930 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/10/13 13:36:11 | 000,690,202 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012/10/13 13:36:11 | 000,689,584 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/10/13 13:36:11 | 000,632,656 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012/10/13 13:36:11 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/13 13:36:11 | 000,552,246 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/10/13 13:36:11 | 000,148,528 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012/10/13 13:36:11 | 000,137,280 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/10/13 13:36:11 | 000,135,058 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012/10/13 13:36:11 | 000,133,774 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/10/13 13:36:11 | 000,130,358 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/10/13 13:36:11 | 000,127,362 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/10/13 13:36:11 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/13 13:36:11 | 000,089,654 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/10/13 13:36:11 | 000,008,922 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012/10/13 13:36:11 | 000,008,652 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2012/10/13 13:36:11 | 000,006,500 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2012/10/13 13:36:11 | 000,006,494 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012/10/13 13:25:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 18:20:21 | 000,002,266 | ---- | M] () -- C:\Users\Christoph\Desktop\SpyHunter.lnk
========== Files Created - No Company Name ========== [2012/10/17 16:08:15 | 002,194,704 | ---- | C] () -- C:\Users\Christoph\Desktop\tdsskiller.zip
[2012/10/16 16:42:38 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/10/16 16:42:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/10/13 13:25:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 18:20:21 | 000,002,266 | ---- | C] () -- C:\Users\Christoph\Desktop\SpyHunter.lnk
[2012/10/11 17:51:05 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/07 16:18:50 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2012/08/07 16:18:49 | 012,039,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2012/08/07 16:18:49 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2012/08/07 16:18:41 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[2012/05/31 13:16:37 | 000,007,609 | ---- | C] () -- C:\Users\Christoph\AppData\Local\Resmon.ResmonCfg
[2012/01/28 15:24:41 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/28 15:24:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/24 21:25:47 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/04/09 13:45:12 | 006,368,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 18:14:03 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2010/12/03 21:07:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/03 20:59:01 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 11:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ========== [2012/05/24 13:12:18 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Asumut
[2011/12/08 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Audacity
[2011/04/02 20:39:20 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite
[2011/03/31 14:45:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Pro
[2011/09/10 14:09:45 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Leadertech
[2012/03/22 13:33:42 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Pro Cycling Manager 2010
[2011/10/14 15:56:36 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Research In Motion
[2011/11/12 12:19:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Reviversoft
[2012/08/23 16:09:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\RoboForm
[2012/10/20 16:07:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\SoftGrid Client
[2011/03/31 20:28:59 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Software Inspection Library
[2011/11/01 19:50:33 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Sports Interactive
[2012/07/30 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TP
[2011/12/10 11:51:40 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Ubisoft
[2011/05/23 12:56:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Windows Live Writer
========== Purity Check ========== ========== Custom Scans ========== < dir "%userprofile%\desktop" /c > De volumenaam van station C is Boot
Het volumenummer is CA8F-A289
Map van C:\Users\Christoph\DESKTOP
20/10/2012 21:21 <DIR> .
20/10/2012 21:21 <DIR> ..
26/05/2012 16:24 12.168.082 15007_04.exe
20/10/2012 21:21 68 cmd.bat
20/10/2012 21:21 0 cmd.txt
28/12/2011 13:07 <DIR> Films
14/01/2012 23:15 355.706.986 Flash Mob solo.AVI
15/10/2012 11:42 <DIR> Fotos
19/05/2011 22:33 1.459 Internet Explorer.lnk
17/10/2012 15:55 <DIR> logs
16/10/2012 20:13 <DIR> Loopschoenen
17/07/2011 21:20 <DIR> LP
02/10/2012 09:49 <DIR> Muziek
17/10/2012 15:42 602.112 OTL.exe
20/10/2012 16:04 <DIR> Reizen
11/10/2012 18:20 2.266 SpyHunter.lnk
17/10/2012 16:11 <DIR> tdsskiller
17/10/2012 16:08 2.194.704 tdsskiller.zip
18/10/2012 21:20 <DIR> Werk
8 bestand(en) 370.675.677 bytes
11 map(pen) 1.857.899.208.704 bytes beschikbaar
< End of report >